HACK AT­TACK

Are com­puter hack­ers just pranksters?

The Weekend Australian - Magazine - - CONTENTS - By Richard Guil­li­att

In July 2012, the world’s largest com­puter soft­ware company, Mi­crosoft, made a hor­ri­ble dis­cov­ery: some­one ap­peared to have stolen the top-se­cret de­sign spec­i­fi­ca­tions for the new ver­sion of its hugely suc­cess­ful Xbox videogame con­sole. An in­di­vid­ual called FLaC* had posted a no­tice on an ob­scure gaming web­site of­fer­ing an Xbox “de­vel­op­ment kit” for sale at $US10,000. As proof that the goods were au­then­tic, FLaC had pub­lished a blurry pho­to­graph of a com­puter screen glow­ing with green pro­gram­ming script and the word “Durango”. Veteran gamers ridiculed the photo as a fake, but inside Mi­crosoft’s Seat­tle HQ there was a dif­fer­ent re­ac­tion, be­cause Durango re­ally was the code name for the new Xbox, and that photo looked alarm­ingly gen­uine.

Mi­crosoft had sold 67 mil­lion Xboxes over the pre­vi­ous seven years, gen­er­at­ing $56 bil­lion in re­tail rev­enue. The Durango sys­tem wasn’t due for re­lease un­til the fol­low­ing year, and the only peo­ple privy to it were company em­ploy­ees and videogame de­sign­ers who’d signed se­crecy agree­ments. A let­ter from Mi­crosoft’s lawyers per­suaded the gaming web­site to re­move FLaC’s post, but within weeks he popped up again on the on­line auc­tion site eBay, ad­ver­tis­ing the same Xbox kit. By mid-Au­gust he was leak­ing de­tails of the Durango sys­tem to the web­site Eurogamer, hav­ing ap­par­ently sold the kit for $US20,100.

Who was FLaC and how had he pulled off this seem­ingly ex­tra­or­di­nary heist? Eurogamer claimed to have traced him to Europe and his Twit­ter dis­patches sug­gested he was in North Carolina, but Mi­crosoft’s in­quiries led to a sub­ur­ban house 14,700km away in Perth, Western Aus­tralia. In mid-Au­gust, one of the company’s se­nior se­cu­rity ex­ec­u­tives, for­mer po­lice de­tec­tive Miles Hawkes, flew to Perth and drove to the house for a “knock and talk” in­ter­view, as he later put it. The door was an­swered by a mid­dle-aged woman with short hair. She was FLaC’s mum, and she said he’d be home from school after 4pm.

Mi­crosoft’s neme­sis turned out to be a slight, diminu­tive teenager with long dark hair that hung over his eyes, a wispy beard and the washed-out com­plex­ion of some­one who spends too much time at a com­puter key­board. In his par­ents’ liv­ing room that af­ter­noon he freely ad­mit­ted be­ing part of a group of com­puter hack­ers who had pen­e­trated Mi­crosoft’s se­cu­rity wall and down­loaded reams of pro­gram­ming code and hard­ware spec­i­fi­ca­tions for the new Xbox. But the whole thing had been a prank, the kid in­sisted – they hadn’t re­ally sold an “Xbox kit” on eBay for $20,100; in fact, they’d be more than happy to help the cor­po­rate gi­ant fix up its se­cu­rity prob­lems.

After Miles Hawkes flew back to Seat­tle, FLaC shared news of the en­counter with his fol­low­ers on so­cial me­dia. “Bye bye Mr Mi­crosoft man,” he tweeted. “I have a feel­ing I’ll be see­ing more of you soon.” Those who follow FLaC’s Twit­ter feed will know that things have taken a darker turn since then: first came the FBI raid on his par­ents’ house last year, then a se­ries of ar­rests across the US and the jail­ing of his fel­low hack­ers amid al­le­ga­tions that they’d threat­ened to kill a mag­is­trate, caused $200 mil­lion worth of dam­age and stolen US mil­i­tary se­crets. FLaC him­self is fac­ing pros­e­cu­tion on a raft of hack­ing of­fences in the WA Chil­dren’s Court, which is why his real name and Twit­ter han­dle can­not be pub­lished in this mag­a­zine. That re­stric­tion hasn’t stopped him from chron­i­cling the whole saga on Twit­ter, earn­ing a de­voted cult fol­low­ing.

On a re­cent af­ter­noon at the WA univer­sity

where he is a stu­dent, FLaC turned up with a fat bin­der full of le­gal doc­u­ments and pro­ceeded to ex­plain over sev­eral hours why he be­lieves he will beat the charges. His hair is brushed back in a more stylish cut as he ap­proaches his 19th birth­day, and on so­cial me­dia th­ese days he adopts the self-mock­ing per­sona of a high-roller who smokes fat cigars, drinks Moët and haunts the poker ta­bles at Crown casino. More risky is his open taunt­ing of the au­thor­i­ties, in­clud­ing his sug­ges­tion that the FBI fly him first-class to the US so he can “join the gang in prison”.

It’s not the usual gam­bit of some­one about to face a judge, but then, not much about this case fol­lows le­gal con­ven­tion. De­spite court sup­pres­sion or­ders, FLaC has posted var­i­ous le­gal doc­u­ments on­line to ac­com­pany his run­ning com­men­tary. “I like trans­parency,” he ex­plains, as we sit in a sun-dap­pled court­yard. “What I’ve done I ad­mit I have done. If they’d charged me with some­thing prop­erly I would have pleaded.” There’s an un­mis­take­able echo of Ju­lian As­sange’s anti-au­thor­i­tar­ian sangfroid in that state­ment. To hack­ers, the in­ter­net is a place with its own an­ar­chic rules of con­duct.

The way FLaC sees it, the Xbox stunt was not ac­tu­ally ma­li­cious. It be­gan dur­ing Year 11, dur­ing his late-night ex­plo­rations of the darker depths of the in­ter­net, when he dis­cov­ered a way inside the pri­vate net­work of the US videogame company Epic Games. FLaC’s com­puter skills were al­ready suf­fi­ciently ad­vanced that his school had sus­pended him twice for in­fil­trat­ing its IT sys­tem, but what struck him about the Epic hack and where it led was how easy it all was. A common “brute force” pro­gram that makes mil­lions of ran­dom guesses at pass­words got him into the ac­count of an Epic staffer. “The pass­word was Jelly6,” he re­calls, sound­ing faintly in­cred­u­lous that any IT pro­fes­sional would rely on such a ba­sic word-and-num­ber for­mu­la­tion. From Epic’s data­base he down­loaded an un­re­leased new ver­sion of Gears of War, one of the world’s most popular videogames. That brought

him to the at­ten­tion of a loose-knit net­work of hack­ers/gamers who went un­der names such as Sonic, AA­mon­key, An­ime­fre4k and Xenon7.

They dis­cov­ered that Epic was con­nected to another net­work, run by Mi­crosoft, which al­lowed videogame pro­duc­ers to share ac­cess to the se­cret spec­i­fi­ca­tions of the forth­com­ing Xbox Durango sys­tem, in or­der to de­velop new games to coin­cide with its re­lease. By late 2011, FLaC and his pals had hacked their way into Valve Cor­po­ra­tion and ob­tained the un­re­leased game Call of Duty: Mod­ern War­fare 3. “I was quite sur­prised when we found out that th­ese peo­ple ba­si­cally all had ter­ri­ble se­cu­rity,” he says mildly.

Tech­nol­ogy com­pa­nies can be sur­pris­ingly for­giv­ing to­wards hack­ers who ex­pose se­cu­rity holes with­out com­mit­ting van­dal­ism, and so it proved with Epic. When FLaC con­tacted the company’s IT team to re­veal what they’d done, Epic sent him an au­to­graphed Gears of War poster as a ges­ture of grat­i­tude. But by then FLaC, Sonic and his co­horts were inside Mi­crosoft it­self, which is how they got their hands on the se­cret spec­i­fi­ca­tions for Durango and came up with the idea of play­ing a joke on the company.

Mi­crosoft pro­vided many game de­sign­ers with a com­puter known as an Xbox “de­vel­op­ment kit” on which they could de­sign new games for the Durango. FLaC and his mates hit on the idea of build­ing a coun­ter­feit kit us­ing the Durango hard­ware specs they had ob­tained. The task was ac­com­plished in a mat­ter of days by An­ime­fre4k – ac­tu­ally, 17-year-old Nathan Ler­oux of Bowie, Maryland, in the US – us­ing store-bought parts. What he built wasn’t an ac­tual Xbox, more like a cus­tom-de­signed per­sonal com­puter. Ac­cord­ing to FLaC, it didn’t con­tain any of the pro­pri­etary Xbox soft­ware. But stick­ing it up on eBay was a joke that quickly snow­balled, as the bid­ders – many ap­par­ently join­ing in on the jape – ratch­eted the pur­ported sell­ing price to­ward $20,000.

“We knew it was stupid idea to put it on eBay; we al­ways knew that,” says FLaC, with a rue­ful laugh. “But that was the point of it. ‘Hey, let’s have some fun. Let’s piss Mi­crosoft off ’.”

Which just goes to show – be care­ful what you wish for.

Back in the days when he was a teenager

in­fil­trat­ing the Pen­tagon’s com­puter sys­tems from his bed­room in the hills out­side Mel­bourne, Ju­lian As­sange helped de­fine the credo of the “eth­i­cal hacker” who is mo­ti­vated not by money but by a spirit of ex­plo­ration and po­lit­i­cal en­gage­ment. As­sange gave the phi­los­o­phy its cause célèbre when he cre­ated Wik­iLeaks, kick­start­ing a “hack­tivist” move­ment that has since been taken up by such on­line dis­si­dents as Ed­ward Snow­den, leaker of US in­tel­li­gence files, and Aaron Swartz, the IT prodigy who com­mit­ted sui­cide last year after be­ing charged with data theft from an aca­demic pub­lisher.

Hack­tivists see them­selves as an es­sen­tial brake on the grow­ing power of cor­po­ra­tions and the state; Snow­den wanted to ex­pose gov­ern­ment surveil­lance and Swartz be­lieved he was strik­ing a blow against pri­vate own­er­ship of pub­licly funded re­search. But that’s not a dis­tinc­tion po­lice have much time for. Late last year US au­thor­i­ties charged the Bri­tish hack­tivist Lauri Love, an as­so­ciate of the group Anony­mous, with in­fil­trat­ing thou­sands of US mil­i­tary and gov­ern­ment net­works, as­sisted by two un­named Aus­tralian co-con­spir­a­tors. In May, the Aus­tralian Fed­eral Po­lice charged another al­leged Anony­mous hacker, a Perth surf lifesaver, with break­ing into the servers of the In­done­sian gov­ern­ment and telecom­mu­ni­ca­tions firm AAPT.

Penal­ties for such of­fences can be se­vere. Aaron Swartz was fac­ing up to 35 years in prison and $1 mil­lion in fines when he killed him­self; in Aus­tralia the charge of “unau­tho­rised mod­i­fi­ca­tion of data to cause im­pair­ment” car­ries a max­i­mum jail term of 10 years. The man­ager of the AFP’s Cy­ber Crime Op­er­a­tions, Com­man­der Glen McEwen, says this re­flects the fact that hack­ers present an “en­dur­ing global threat” to so­ci­ety. “What peo­ple are do­ing in the on­line world is not harm­less,” he says. “It may start off as de­face­ment of a web­site but it can go to the other end of the spec­trum where you are en­cod­ing mal­ware and steal­ing mil­lions of dol­lars.”

Late last month the Fed­eral Gov­ern­ment an­nounced a re­view of in­ter­net se­cu­rity after re­veal­ing that “cy­ber in­ci­dents” tar­get­ing gov­ern­ment agen­cies had in­creased 37 per cent in 2013. But the prob­lem for po­lice is that hack­ing can be the most opaque of crimes, per­pe­trated as it is by peo­ple hid­den be­hind on­line aliases and op­er­at­ing in a vir­tual realm where ev­i­dence is eas­ily erased or al­tered. The two Aus­tralian hack­ers who al­legedly con­spired with Lauri Love, for in­stance, still haven’t been charged more than year after his indictment. And as McEwen has dis­cov­ered, any geek can sound like a gang­ster from the safety of a com­puter key­board.

In April last year, McEwen made head­lines when he an­nounced that his team had ar­rested the pos­si­ble leader of LulzSec, an in­fa­mous in­ter­na­tional hacker gang that once crashed the web­site of the US Cen­tral In­tel­li­gence Agency. The story ap­peared in hun­dreds of me­dia out­lets from the BBC to The New York Times, be­cause LulzSec was at the time the sub­ject of a ma­jor in­ves­ti­ga­tion fol­low­ing its at­tacks on the IT sys­tems of Sony, Fox Broad­cast­ing, the US Se­nate and sev­eral Bri­tish banks. Un­for­tu­nately, the AFP had ig­nored a fun­da­men­tal rule of the in­ter­net: don’t be­lieve ev­ery­thing you read.

The hacker they had ar­rested was Matthew Flan­nery, a lanky 24-year-old who worked on the help desk of an IT firm called Con­tent Se­cu­rity, which rented of­fice space in the Mi­crosoft build­ing in North Ryde, Syd­ney. Flan­nery had spent a fair chunk of his ado­les­cence ex­plor­ing hacker fo­rums, where he adopted the per­sona of a foul-mouthed, big-talk­ing “troll” called Aush0k. “Lis­ten here, nigga, I’m the f..kin’ boss of the in­ter­net. The FBI are raged they can’t get @ me,” was one of his typ­i­cal boasts. In one stunt on an on­line chat-fo­rum he pre­tended to hack into the Cal­i­for­nian tele­phone sys­tem and sum­mon a SWAT team to a ho­tel in Ven­tura.

It was all just talk, Flan­nery says now, the kind of flim-flam that’s the lin­gua franca of un­der­ground net­works. “Hey, it’s the in­ter­net – a lot of peo­ple have dif­fer­ent per­son­al­i­ties on the in­ter­net,” he says with a shrug one re­cent af­ter­noon at home in western Syd­ney. “When I was trolling peo­ple, I played that role re­ally well. I came to be seen as this up­per-ech­e­lon guy and I guess I liked the no­to­ri­ety.”

To say that Aush0k made en­e­mies would be stat­ing the ob­vi­ous. In Fe­bru­ary last year some­one hacked the web­site of the Narrabri Shire Coun­cil in north-west NSW, cre­at­ing a new page which fea­tured a we­b­cam photo of Flan­nery, along with an ob­scene cap­tion and the head­ing: “I’m gay – Hacked by grand wizards of LulzSec, Sabu and Aush0k.” LulzSec ac­tu­ally had noth­ing to do with the at­tack, and nei­ther did Flan­nery; it was all a dumb joke per­pe­trated by an on­line ri­val who had cre­ated a “back door” into the coun­cil’s IT sys­tem. A cou­ple of months later, Flan­nery did some­thing he would quickly re­gret: us­ing the same back door, he tried to load a new page onto the coun­cil web­site. Hav­ing failed, he asked another hacker to post an im­age on the site of a naked man with an iPad cov­er­ing his gen­i­tals. Flan­nery then alerted a Face­book friend to the prank by send­ing him a joc­u­lar note: “Now I’m the leader of LulzSec!”

Two weeks later, the fed­eral po­lice turned up in force at his work to ar­rest him. “I hon­estly thought it was a joke – I thought I was be­ing punk’d,” he re­calls. Led from the build­ing in hand­cuffs – a scene po­lice filmed and re­leased to the me­dia – Flan­nery was charged with hack­ing of­fences that car­ried a to­tal penalty of 12 years’ jail. The fol­low­ing morn­ing, McEwen and Su­per­in­ten­dent Brad Mar­den of the AFP held a press con­fer­ence in which they de­scribed Flan­nery – with­out nam­ing him – as the “self-pro­claimed leader” of LulzSec and “a con­sid­er­able risk to na­tional se­cu­rity”. Flan­nery, said Mar­den, was a “well-re­spected” mem­ber of LulzSec who had hacked a “gov­ern­ment agency”, which po­lice de­clined to name. Jour­nal­ists quickly iden­ti­fied Flan­nery, and Con­tent Se­cu­rity fired him shortly af­ter­wards.

McEwen de­fends the AFP’s han­dling of the case and bris­tles at any sug­ges­tion that it over­re­acted to what was es­sen­tially in­ter­net graf­fiti. “I hear from jour­nal­ists that it’s just graf­fiti and this and that – it’s non­sense,” he says. “You can’t play down the se­ri­ous­ness or ca­pa­bil­i­ties of th­ese peo­ple. What they can do is po­ten­tially cat­a­strophic.”

When Flan­nery fi­nally faced Gos­ford Lo­cal Court in Oc­to­ber for sen­tenc­ing, po­lice were no longer at­tempt­ing to link him with LulzSec. But their search of his lap­top had un­cov­ered stolen bank ac­count de­tails which a hacker once sent him as proof of his prow­ess. That re­sulted in an ad­di­tional charge of dis­hon­estly ob­tain­ing fi­nan­cial in­for­ma­tion, which car­ries a max­i­mum fiveyear jail term. The 15 months’ home de­ten­tion he’s now serv­ing seems light by com­par­i­son, but his lawyer slammed the AFP for its “lu­di­crous” over­re­ac­tion. The case also raised a red flag to in­ter­net ac­tivists who are alarmed by the fed­eral gov­ern­ment’s data-surveil­lance poli­cies and its re­ported plans to give the AFP over­all ju­ris­dic­tion of home­land se­cu­rity.

Flan­nery says he made it clear to po­lice from the start that he had no as­so­ci­a­tion with LulzSec. “Look­ing back, I think it may have been a pub­lic­ity stunt to get the same sta­tus as the US and Bri­tish agen­cies,” he says.

The AFP re­mains un­re­pen­tant. “He’s like the boy who cried wolf,” McEwen says. “He should take some per­sonal re­spon­si­bil­ity and re­alise he was wrong in­stead of sug­gest­ing he was a mere by­stander… Maybe his bot­tom wasn’t smacked by his mum. You can quote me on that.” law en­force­ment has ratch­eted up since the death of Aaron Swartz and Ed­ward Snow­den’s rev­e­la­tions about mass-surveil­lance of the in­ter­net. The FBI’s tac­tics have come in for par­tic­u­lar at­ten­tion since it was re­vealed, in July 2012, that one of the founders of LulzSec, Hec­tor Mon­se­gur, had been an FBI in­for­mant since be­ing se­cretly ar­rested in 2011. Thanks to an elab­o­rate sting op­er­a­tion, at least six mem­bers of LulzSec have since been in­dicted or jailed for hack­ing crimes car­ried out, at least in part, with Mon­se­gur’s en­cour­age­ment and on servers pro­vided by the FBI.

Even be­fore FLaC was vis­ited by “Mi­crosoft Man” in Au­gust 2012, the Xbox hack­ers talked openly about the spec­tre of be­ing busted. “I need your help. I’m go­ing to get ar­rested,” Xenon7 mes­saged one of the group in July 2011. “I need to en­crypt some hard drives.” Xenon7 was David Pokora, a long-haired 19-year-old com­puter sci­ence stu­dent who lived with his par­ents in Mis­sis­sauga, Canada. Only later would he re­alise that the hacker he was ask­ing for help – iden­ti­fied only as “Per­son A” in US court doc­u­ments – was a fed­eral in­for­mant.

Ac­cord­ing to FLaC, the group knew early on that the FBI was in­ves­ti­gat­ing them but, like ex­plor­ers who’ve stum­bled into a cav­ern of trea­sures, they ap­par­ently couldn’t re­sist the lure of fur­ther dis­cov­er­ies. After break­ing into the in­ter­nal net­work of the Seat­tle gaming company Zom­bie Stu­dios, they dis­cov­ered it de­signed not just videogames but also soft­ware for the US Army. By late 2012 they were inside the army’s vir­tual pri­vate net­work and had ac­cess to the

The rhetor­i­cal war be­tween hack­ers and

sim­u­la­tion soft­ware for the Apache he­li­copter. Ac­cord­ing to FLaC, they were soon roam­ing through in­nu­mer­able gov­ern­ment and cor­po­rate sys­tems thanks to sloppy se­cu­rity and in­ter­con­nected net­works.

“It was a huge breach of data­bases – I re­call even Jet Propul­sion Labs, NASA, those kind of things. It was all there. But what hap­pened was that we never re­ally ac­cessed any of it.” Well, almost never – FLaC con­cedes they did down­load the Apache he­li­copter pro­gram, of­fer­ing a jus­ti­fi­ca­tion of sorts: “The Apache sim­u­la­tor was barely use­able un­less you had $150,000 worth of hard­ware. In the wrong hands, what was it? It

was an old sim­u­la­tor for train­ing Apache pi­lots that’s open to the pub­lic in the first place.”

Still, the eu­phoric buzz of it all caused some of the group to for­get a few ba­sic tenets of eth­i­cal hack­ing. “If we do this right, we will make a mil­lion dol­lars each,” Pokora bragged in one in­ter­cepted in­ter­net chat later re­leased by the FBI. FLaC says he was aware that “Per­son A” had a his­tory of on­line fraud, and when Nathan Ler­oux’s Xbox kit at­tracted ac­tual bids on eBay, he al­legedly built a sec­ond one to de­liver to a pri­vate buyer. That was col­lected by Per­son A, who de­liv­ered it in­stead to the FBI.

Within days of the Apache sim­u­la­tor hack in De­cem­ber 2012, the FBI raided the New Jersey home of Sonic, aka 28-year-old Sanado­deh Neshei­wat. Three months later, WA po­lice turned up at FLaC’s house ac­com­pa­nied by an FBI li­ai­son of­fi­cer, tak­ing away all his com­puter equip­ment. This didn’t de­ter Pokora, who or­ches­trated a break-in at Mi­crosoft’s HQ in Au­gust last year, sup­ply­ing two peo­ple with fake cre­den­tials which en­abled them to en­ter a se­cure of­fice and steal three con­soles for the un­re­leased Xbox One (as the Durango was now called).

Pokora was even­tu­ally ar­rested in March; he has since pleaded guilty, along with Neshei­wat, to hack­ing charges that could land both of them five-year jail terms. Ler­oux and another hacker, 18-year-old Austin Al­cala of In­di­ana, have pleaded not guilty and are out on bail. The FBI seized bank ac­counts con­trolled by the US hack­ers, who it claims gen­er­ated “hun­dreds of thou­sands of dol­lars per month” by pro­vid­ing unau­tho­rised ac­cess to on­line games.

FLaC faces 25 charges, in­clud­ing fail­ure to obey a data-ac­cess or­der, dis­hon­estly deal­ing with per­sonal fi­nan­cial in­for­ma­tion and un­law­ful use of a com­puter, which could land him in jail for years. His at­ti­tude to this is a cu­ri­ous mix of bravado and un­nerv­ing can­dour. Even be­fore he was charged, he an­nounced on­line that if he was ar­rested, a file con­tain­ing all the data he’d ob­tained would be re­leased via a “dead man’s switch” (his fail­ure to log into his server after sev­eral days would au­to­mat­i­cally publish the file). On Twit­ter, he has is­sued ob­scene taunts to FBI agents and posted self­ies of him­self stand­ing in­sou­ciantly in front of a po­lice car or pos­ing, fat-cat style, in a suit, hair swept back, smoking a cigar un­der the head­ing “I do en­joy my life”.

“It’s just a per­sona,” he says with a laugh. “Some­one said on Twit­ter that FLaC sounds like some kind gambling-ad­dicted drug dealer with a ‘f..k the po­lice’ at­ti­tude. Which is not far off. FLaC has al­ways been the kind of guy to do crazy things. It’s an al­ter-ego.”

In the real world, the guy who plays FLaC on Twit­ter is a 19-year-old stu­dent fac­ing a $45,000 le­gal bill to de­fend him­self against se­ri­ous crim­i­nal charges. A year ago he was hos­pi­talised for a panic at­tack and he now takes anti-anx­i­ety med­i­ca­tion. But his hos­til­ity to­wards the po­lice is gen­uine, be­cause he says much of what the au­thor­i­ties claim is un­true. The US indictment al­leges he opened credit card ac­counts us­ing stolen iden­ti­ties, but he says this was or­ches­trated by Per­son A, who wasn’t charged. An FBI agent tes­ti­fied that the hack­ers talked about so­lic­it­ing the mur­der of a mag­is­trate and fed­eral agents, but FLaC in­sists any such talk was just absurdist ban­ter. He em­phat­i­cally de­nies a charge of pos­sess­ing child porn, say­ing WA po­lice may mis­tak­enly be­lieve that images on a server he hosted be­longed to him. As for the hack­ing it­self, he dis­putes whether he com­mit­ted any of­fence un­der Aus­tralian law. “What’s my view on that?… Um, it’s il­le­gal here, it’s il­le­gal in the US. It’s not il­le­gal in other coun­tries. Where I was at the time, there were no hack­ing laws, re­ally.”

Back in 2012, after Mi­crosoft’s Miles Hawkes came to Perth for his “knock and talk” with FLaC, one of the hacker group breezily emailed Hawkes to sug­gest that per­haps Mi­crosoft could pro­vide them with ref­er­ences so they could get le­git­i­mate IT se­cu­rity jobs. This doesn’t seem like an op­tion any­more, and even FLaC con­cedes that some of his con­fr­eres got greedy as their ex­ploits be­came more au­da­cious. It was only from read­ing the indictment, he says, that he re­alised one of them had amassed hun­dreds of thou­sands of dol­lars from on­line fraud.

Still, FLaC har­bours am­bi­tions, once his trial is over, to join the long list of hack­ers who have crossed over to the white-hats. Kevin Mit­nick was once the most wanted com­puter crim­i­nal in the world, but after five years in jail he’s now a lead­ing light of in­ter­net se­cu­rity. Owen Walker, the 18-year-old Kiwi hacker who was pros­e­cuted after a global FBI in­ves­ti­ga­tion five years ago, got a job with Tel­stra. “In the IT world,” says FLaC sar­don­ically, “you ei­ther study for 10 years to be­come a con­sul­tant or you go to jail for five years and get all th­ese of­fers.”

In a spirit of op­ti­mism, FLaC re­cently al­tered his pro­file on Twit­ter; th­ese days he de­scribes him­self as a “se­cu­rity re­searcher” and “re­formed grey hat”. That’s the joy of be­ing on­line – it’s so much eas­ier to change your sto­ry­line. * Iden­ti­fy­ing de­tails have been changed

Fac­ing a five-year jail term: David Pokora

Busted: Sanado­deh Neshei­wat, left, and Matthew Flan­nery

Care­ful what you wish for: Nathan Ler­oux, left, and Matthew Flan­nery

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.