Did Australian Police raid a script kiddie?

ZDNet.com.au
news editor
Renai LeMay

commentary If you believed the hype generated by Four Corners' expose on Australia's cybercrime underworld on Monday night, Australian police forces scored a major victory last week.

In a pre-dawn raid, the high-tech crime units of the Australian Federal Police and Victoria Police seized a number of computers and other evidence from the house of an alleged would-be internet fraudster who dubbed himself Prelude Si (after the Honda car).

Four Corners told us that the operation involved 12 police officers on the ground, with some being flown in from other states, and more working behind the scenes. It was the culmination of six weeks' worth of investigation, and "hundreds of man hours" had been expended in the chase.

The manager of the AFP's high-tech crime operation, Neil Gaughan, certainly looked pleased as he explained the individual concerned had boasted online that local fraudsters could rip off credit cards like crazy and never have to fear a police raid.

Gaughan described this as "like showing a red flag to a bull".

But was the sting itself all it was cracked up to be?

The atmosphere was certainly fraught with suspense ... but the footage Four Corners displayed of the individuals' house and technology hardly fitted the profile of a master fraudster. And the behaviour of the officers themselves was puzzling.

The audience was told the police found two laptops inside the raided premises, along with "13 other storage devices".

But delving a bit deeper, it's clear the individual concerned was not exactly operating with the latest equipment. A vintage 2004/2005 Dell laptop was one device seized, while another appeared to be an Apple MacBook Pro from around 2005. An iMac is also displayed, which appeared to be the suspect's main desktop machine.

At least two of the other storage devices were described as iPods and visible in the shot. It's hard to know exactly what the other 11 "storage devices" were used for, but one thing is clear; credit card data doesn't take up much storage space. Was it his MP3 and DivX collection?

It certainly wasn't the sort of kitted out den — with bits of Wintel hardware scattered everywhere, even Linux machines and servers permanently running — you'd expect to see a serious internet criminal using. We couldn't even spy much networking equipment apart from a wireless phone.

There were also beer bottles scattered around the room, cheap PC speakers, a burnt CD. The entire premise appeared to be more the sort of room that you would expect a university student to live in, rather than an internet criminal who had been able to successfully pull off credit card fraud.

Also puzzling was the way the police immediately started accessing the individual's MacBook, literally searching for saved passwords, presumably in plain text. "That's gold," said the officer being filmed. "Opened up saved passwords ... got a huge list there."

Another shot showed a screen full of BitTorrent addresses; puzzling when you consider much of the report had focused on illegal web forum activity and transactions between individual users.

In general, it didn't exactly sound like the individual concerned had gone to great lengths to conceal or protect his allegedly illegal activity.

With powerful encryption software freely available in 2009, even included as an easy option in the Mac OS X, Windows and Linux operating systems, any serious fraudster would be expected to take basic steps such as encrypting their data and securing their PCs from casual access to protect themselves from just such a police raid. This one didn't, as far as we know.

Then there's the fact that the individual involved is, to our knowledge, completely still free and at large in Melbourne. Four Corners noted that the suspect had not been arrested, and the AFP was still examining the evidence it had captured. So how serious could this sting have been?

But the thing that really started ZDNet.com.au staff talking was the hilarious online banner created by Prelude Si, complete with an actual picture of the car he took his handle from. The same page says he's "mainly worried about identity theft. Old ladies buying houses and shit".

Prelude Si's logo (Credit: Four Corners)

If you pull all of this circumstantial speculation together about Prelude Si, especially the flashy online advertisement, you have to wonder about the real nature of this target the AFP and Victoria Police raided.

Was it in fact, an unsophisticated, juvenile fraudster they pinned? In short, a script kiddie, rather than a burgeoning criminal mastermind?

Now there's no doubt that even if the individual concerned was a low-level member of the cybercrime community rather than an elite hacker, the AFP and Victoria Police are still doing great work shutting his little operation down; if he is proven to be guilty.

The AFP also appears to be collaborating well with local authorities in various jurisdictions around the nation to actively seek out those committing identity fraud online; witness the recent arrest in Adelaide of a 20-year-old who allegedly developed some very malicious software and quite the botnet.

We don't yet know — although ZDNet.com.au has sent questions to various police forces about the matter — whether this was the same individual operating the r00t-y0u.org forum that police previously infiltrated, an operation that appears to have been instrumental in the Prelude Si bust.

But despite their successes, it's also important for police to correctly portray the magnitude of these crimes when discussing them as publicly as they did on Monday night.

The Melbourne raid pales in comparison with some of the international cybercrime work currently going on; the most high-profile of which is the ongoing trials of the so-called TJX hack in the US. The ringleader of the hack, Albert Gonzalez, allegedly stole hundreds of millions of credit cards, and lived the high life until he was caught, reportedly spending $75,000 on a birthday party.

From the looks of it, our Melbourne man was no Alberto Gonzalez, and I have no doubt many in the computer security community would be wondering what all the fuss was about.

If the police force's intent was to educate the public about the threat of electronic crime, they certainly succeeded. But PR campaigns aside, shutting down online fraud forums and low-level hackers should be par for the course for e-crime units in 2009.