opinion As the saga surrounding the alleged hacker known as ‘Evil’ has gathered steam over the past 24 hours, I have become increasingly embarassed for Australia.
Embarassed for the ineptness and over the top vaudeville style of our police when tracking even mid-level Internet rogues. Embarassed at the appalling lack of technical understanding which our politicians have displayed when it comes to discussing cyber-crime, and the speed at which corporate interests have jumped on the bandwagon. And, of course, embarassed about how my colleagues in the media have reported events.
But most of all, I have become increasingly embarassed at the incredible callousness with which our society has seized upon an unproven crime to further its own diverse naked self-interest, with scant regard for apparent defunct concepts such as ‘truth’, ‘justice’ and that archaic concept which was once labelled ‘the presumption of innocence’.
So why do I feel this way? Let me count the reasons.
The first and most obvious reason that Australians should be embarassed by the saga surrounding the ‘Evil’ hacker is the way that the Australian Federal Police has handled and publicised the case.
When the AFP’s High Tech Crime Operations team announced it had arrested a Cowra-based man in connection with hacking offences this week, it did so with an incredible level of showmanship which dazzled the eye and attracted the media like flies to honey. The AFP’s nationwide parade of celebration and glory kicked off with exclusive pre-briefings on Tuesday night, conducted with major newspapers such as the Sydney Morning Herald. Candid footage of dozens of stern-looking armoured police raiding an unassuming house in the small rural town was supplied, and close-ups of the suspect’s computer, which appeared to be running nefarious-looking applications such as a Linux terminal prompt.
Then, at 6AM the next morning, the AFP issued a media release and scheduled a national press conference, both of which it used to continue to hyped up the arrest to a simply unbelievable level.
The hacker could have potentially “caused considerable damage to Australia’s national infrastructure”, the AFP said. “Hundreds” of servers, in Australia and overseas, might have been compromised, and the hacker demonstrated “an extreme and unusual level of malice”, and had basically “taken over” the system of wholesale telco Platform Networks.
With the ‘unemployed truckie’ label combined with his convenient online handle ‘Evil’, the AFP was able to successfully paint the alleged hacker as a gifted but tortured criminal mastermind, hatching plots from his rural lair under the cover of night, protected from the world by the thin veneer of a suburban existence, while skulking through Centrelink offices in the day in a futile effort to find work. A bit like ‘Clerks’ meets James Bond’s ‘Dr No’.
Hard-hitting segments on serious national affairs TV shows such as the 7:30 Report followed, and throughout it all the AFP’s statement linking Platform Networks to the National Broadband Network was given constant airtime.
The whole thing reminds me of one the last major raids the AFP’s high-tech crime unit undertook. In a lengthy broadcast on the ABC’s Four Corners show, the AFP collaborated with its colleagues in Victoria to raid the home of an individual who it claimed at the time was guilty of Internet fraud. The same camera footage of armoured police rushing a suburban building … the same shots of the suspect’s messy bedroom and suspicious computer; the same dramatic music playing in the background as reputable commentators emphasised the importance of the Internet to today’s economy.
However, as with the Melbourne raid (from which no arrests were even made, despite the event being broadcast on national television), the AFP made a number of missteps in its arrest in Cowra.
For starters, Platform Networks is a relative minnow in Australia’s telecommunications industry. I’ve been reporting on the space full-time for half a decade now, and I’d never heard of the company before it signed up to resell NBN services a few months ago. There has been no evidence presented yet that ‘Evil’ did more than enter Platform’s network and have a bit of a look around, and even Platform itself acknowledged this week that the hacker’s intrusion had had no “major” impact.
Then there is the fact of the AFP’s slow action in arresting ‘Evil’ to start with.
The AFP’s high-tech crime chief Neil Gaughan acknowledged yesterday that the AFP was primarily able to arrest ‘Evil’ because of an anonymous telephone tip-off. Some stellar policing work might have gone into the arrest after that point, but it appears as if it took a random caller to even put the investigators on the right scent. When the investigation did kick off in January this year, following a fairly harmless attack on the website of Sydney University, it took no less than six months to come to fruition. I consider this a remarkable amount of time for the AFP to be tracking a single fugitive, especially when those involved with the case have acknowledged the amount of boasting which the alleged hacker had engaged in online.
Furthermore, the slow speed of the AFP in making the arrest may have cost thousands of Australian businesses their data. It was six months after the AFP started investigating ‘Evil’, after all, that the hacker allegedly broke into web hosting firm DistributeIT, destroying the company’s ability to conduct its business and rendering the data of about 4,800 customers unrecoverable.
To compound matters, and despite the fact that it must have evidence that ‘Evil’ is behind the DistributeIT events, the AFP chose yesterday to only arrest the Cowra man on the basis of the Platform Networks attack, declining to even confirm a DistributeIT link in public and leaving that task to Australia’s Federal Attorney-General and Justice Minister, with the parliamentary privilege which the pair enjoys.
In short, the AFP created a massive national media storm over the arrest of a man on charges of … what? Having a ‘look around’ the network of a minor Australian telco which barely anyone had even heard of? Are you kidding me?
Of course, the situation would not have become a media storm if the AFP had not explicitly tied the arrest of the hacker to one of the biggest issues in Australian politics today. I speak, of course, of the National Broadband Network. And most of the media bought the line that the NBN was involved hook, line and sinker.
Despite the fact that NBN Co explicitly stated that it had nothing to do with the ‘Evil’ case, that its network had not been hacked, and that Platform’s network was not even connected to the NBN yet, journalists jumped on the NBN line like it was chocolate-coated caviar wrapped in hundred dollar bills.
Headlines like “NBN hacker arrested“, “Hacker denied bail over NBN plot“, “Doubt cast on NBN security“, “Cyber-attack alert for National Broadband Network“, “More arrests to come over NBN hacking” and others abounded, as virtually every major media outlet in Australia went to pains to inform their readers that the NBN had been hacked.
The only problem was, it hadn’t.
This didn’t stop both Opposition Leader Tony Abbott claiming that the greater “centralisation” of the NBN opened it up to “this kind of problem”, or Shadow Communications Minister Malcolm Turnbull demanding to know how the NBN’s security had been breached.
Now it’s well-known that politicians will jump on any bandwagon … but it wasn’t just the Opposition hyping up the issue in public. AusCERT general manager Graham Ingram was one of those calling for more attention to be paid to the security of the NBN, while local hacking experts Ty Miller (from Pure Hacking) and Chris Gatford (HackLabs) were also making their feelings known on how easy in general it was for anyone to search for exploits in Google and then start breaking into corporate databases left right and centre.
These ‘experts’ might as well have been walking around Sydney’s CBD with chalkboards hung around their neck saying: “Scared of being hacked? Pay us to take the problem away”. The naked self-interest and advertisement apparent in their analysis of the ‘Evil’ case has been apparent for anyone to see.
Now throughout all of this process, what has been forgotten is one simple fact.
Right now, a 25-year-old man, a man who police have admitted was isolated and frustrated with his life and career, a man whose alleged hacking actions might be seen as a cry for attention, is sitting rotting in a cell in Orange and contemplating years in gaol if the Australian Federal Police can successfully prosecute the case that as ‘Evil’, he broke Australia’s cybercrime laws.
This man might well be guilty of the crimes that the AFP has accused him of. We will find out in due course.
However, in many respects, for the Australian Federal Police, for Australia’s politicians, its corporations and above all, its media, whether this man is found to be guilty or not appears to have already become increasingly irrelevant. Some would say that the Cowra man has already been tried in the court of public opinion and found guilty. But even this doesn’t matter. What has mattered, for all of those above that I have mentioned, is that they are able to use him as ammunition to push their own self-interest.
The Australian Federal Police has consciously generated a media circus around the ‘Evil’ case, with the aim of dissuading future offenders from going down the hacker’s path. Politicians have used the case as a weapon to attack the NBN, despite the fact that there was no involvement. Executives from security firms have used the case to drum up business interest, and of course the media has used to the case to generate as many page impressions, sell as many newspapers and draw as many eyeballs to TV screens as possible.
For those who doubt my argument here; ask yourself one question. Would it not have been more appropriate for the AFP to have conducted a national media roadshow after the Cowra man had been found guilty, rather than before? Wouldn’t that have been the less risky and more sober approach?
Like most Australians, I am fully supportive of the efforts by the nation’s law enforcement authorities to uphold the law, and as a former systems administrator, I want our national technology platforms kept safe from harm … after all, we all rely on them on a daily basis.
But we must take care that we do not use criminal cases such as the AFP exposed this week as mere tidbits in furious feeding frenzies that ignore facts as well as the opportunity for cool-headed and sober justice. To do so will bring our society; our criminal justice system; nay, our democracy itself, into increasing disrepute.