Police arrest truckie over 'Evil' network hack

Updated: Distribute.IT says it's the same 'Evil' that destroyed its servers.

An unemployed truck driver known online as 'Evil' has been arrested in southern NSW over an alleged "compromise" of systems maintained by sub-wholesaler Platform Networks.

The 25-year-old Cowra man, whose IT skills were allegedly "self-taught", appeared in Orange Local Court today where he was refused bail.

He faced up to 12 years' jail if convicted. Police said that further charges were "likely".

The Australian Federal Police will allege that Evil was "motivated by ego... proving his skills after complaining he could not get work in the IT sector."

"The AFP will allege in court that this person acted with an extreme and unusual level of malice and with no regard to the damage caused, indiscriminately targeting both individuals and companies," AFP High Tech Crime Operations national manager Neil Gaughan said.

It is believed the compromise affected customer colocation servers, an Exchange server and some DNS servers maintained by Platform Networks.

Platform Networks managing director David Hooton told iTnews the systems were immediately sandboxed away from other network elements into a "secure area".

He said Platform became aware of "unlawful traffic transiting our network.... in December 2010 during routine systems and network monitoring".

"The activity in question was far reaching, involved a large number of networks both in and outside of Australia, and was not focused on either Platform Networks or any of its customers specifically," Hooton said in a letter to its customers.

"I understand that this information may raise concerns for you as our customer, and I want to assure you that throughout the investigation the primary focus of both Platform Networks and the AFP was to protect our customers from any potential damage, inconvenience or compromise while providing the AFP with the information which they required to successfully perform their duties."

The company had undertaken a six-month investigation into the traffic and had begun working with the AFP to resolve the issue.

Hooton told iTnews that the malicious traffic was relatively "infrequent" to start with.

"After a while a couple of patterns emerged that were quite concerning to us which is why we contacted the AFP," he said.

Although Platform Networks was a sub-wholesaler of National Broadband Network services, NBN Co said it had not been the target of the alleged attacks.

"We were not hacked, compromised or affected," a spokesman tweeted.

"In fact the company said to have been involved has not yet connected services over the NBN."

Distribute.IT says same 'Evil'

The alleged hacker was the same 'Evil' that brought down online services wholesaler DistributeIT in June, DistributeIT alleged in a statement.

The malicious attack led to sustained downtime and data loss that ultimately forced the sale of the Distribute.IT business.

An AFP spokesman declined to comment on the alleged links.

Distribute.IT's new owners NetRegistry said that, like Platform Networks, they contributed to the AFP investigation.

"We call on 'Evil' to apologise to all the businesses he ruined as a result of the targeted hacking attack," the host said in its statement.