Reported widely in the general media, wholesale ISP and international IP capacity provider Platform Networks have played a critical part in the arrest of a 25-year-old Cowra man on 49 hacking charges by the Australian Federal Police (AFP).
Providing the AFP High Tech Crimes unit with access to network traffic, resources and logs over a period of 6 months, security engineers at Platform Networks were able to gather enough information about the individual in question for police to confirm his identity, location and malicious activities to lead to the arrest.
In a letter to customers, David Hooton Platform Networks managing director assured his customers that they were not at risk.
"The activity in question was far reaching, involved a large number of networks both in and outside of Australia, and was not focused on either Platform Networks or any of its customers specifically." Talking to searchSecurity.com.au Wednesday morning Mr Hooton made it clear that Platform Networks had the network monitoring and intelligence in place to identify issues on the network as part of routine systems checks and real time security monitoring.
Hooton took the breach very seriously and has offered customers, many of whom are small to medium Internet Service Providers, the opportunity to talk to Platform Networks about security and to take advantage of lessons learnt while working with the AFP High Tech crime unit.
"Customers who would like a security briefing are welcome to contact us to book a time to run through a thorough briefing on some recommendations that have come out of this investigation with our team."
While the full details are not available due to the ongoing investigation, the AFP claim to have a strong case due to the amount of activity and the openly malicious behaviour of the hacker.
“The AFP will allege in court that this person acted with an extreme and unusual level of malice and with no regard to the damage caused, indiscriminately targeting both individuals and companies.” AFP National Manager for High Tech Crime Operations Neil Gaughan said.
The AFP has charged the man with the following offences:
- one count of unauthorised modification of data to cause impairment, contrary to Section 477.2 of the Criminal Code Act 1995 (Cth). This offence carries a maximum penalty of 10 years in jail.
- 48 counts of unauthorised access to, or modification of restricted data, contrary to Section 478.1 of the Criminal Code Act 1995 (Cth). This offence carries a maximum penalty of two years in jail.
Contary to some reports, while Platform Networks will use the NBN to deliver services in the future, this incident has no impact on the NBN.
As a provider of physical access networks at the Layer 2 Data Link Layer NBNCo is not compromised by application based hacking, the distribution of malware on IP networks connected to NBNCo infrastructure or denial of service attacks originating from NBNCo customers.
The AFP provides information for Australian individuals and businesses to address security issues and keep their businesses safe online. Some recommendations made by the AFP include:
- Provide employee awareness and education programs
- Monitor content going into and out of networks
- Implement acceptable use policies for wireless technology, information technology and mobile devices
- Complete background checks on staff
- Conduct mandatory reporting of misuse and abuse of computer equipment
- Complete a set of written standard operating procedures for technology
- Manage account and password policies