Print

Film: Fear in the Fast Lane

http://www.journeyman.tv/film/4537

Transcript

 

"Fear in the Fast Lane"

 

Reporter: Andrew Fowler

Date: 17/08/2009

 

ANDREW FOWLER, REPORTER: Australia's already one of the most internet connected countries on earth. Now it's about to join the fastest - a multi-billion dollar high speed broadband network launched by the Prime Minister.

 

KEVIN RUDD, PRIME MINISTER: The first step towards pulling Australia out of the broadband dark ages and into the digital economy of the future.

 

ANDREW FOWLER: But there are hidden dangers lurking in a rocket propelled web. Cyber criminals from around the world are targeting fast broadband networks and the computers hooked up to them.

 

GRAHAM INGRAM, AUSCERT: They're more valuable to them because they can do the illegal activities, malicious activities faster, better on high speed machines.

 

ANDREW FOWLER: Australia is already being hammered.

 

ALISTAIR MCGIBBON, FOUNDER, HIGH TECH CRIME OPERATIONS, AFP: We see criminals now on an industrial scale ripping data out of systems.

 

ANDREW FOWLER: And the list of local cyber suspects is growing by the day.

 

(Excerpt of footage of Australian Federal Police before a raid)

 

AFP OFFICER: We need to make sure that our subject is not actually on the computer or in a position where he can take evidence off the computer.

 

(End of Excerpt)

 

ANDREW FOWLER: In the end, some argue, there may be only one answer.

 

BRIAN HAY, DET. SUPERINTENDENT, FRAUD & CORPORATE CRIME, QLD POLICE: I expect to see at some stage in the future there will be real debate on the benefit of the internet, should we turn it off?

 

ANDREW FOWLER: Tonight on Four Corners 'Fear in the Fast Lane' - how cyber crims are taking over the internet

 

(On Screen Text: Fear in the Fast Lane, Reporter: Andrew Fowler)

 

ANDREW FOWLER: Alice Springs doesn't exactly strike you as cyber central - but five years ago that's exactly what it became. It's just a 20 minute drive out of town to Pine Gap, Australia's most secretive spy base. At the height of the cold war its existence made Australia a top priority for a Russian nuclear attack. But that threat disappeared 20 years ago.

 

Now Alice Springs, which has hosted Pine Gap for more than 40 years, is once again in the firing line. And once again the Russians are coming. They've already fired the first shots in a new war - a cyber war. Their target, not Pine Gap, but the Alice Springs Race Track. Tucked away in a side building, a bank of computer servers.

 

Meet Terry Lillis - he's Mr Alice Springs. He helped build Pine Gap. He became chairman of the local chamber of commerce. Terry's first love though is the betting industry.

He even helped create the local race course. He's patron of the turf club and a bookmaker.

(Excerpt of footage of punters placing bets)

 

(End of Excerpt)

 

ANDREW FOWLER: Whether at the track or in business, Terry Lillis has consistently picked winners throughout his working life, but the Russians pulled him up short.

 

(Excerpt of footage of Multibet website)

 

ANDREW FOWLER: In the year 2000 he established Multibet, an online gambling company, based in Alice Springs.

 

(End of Excerpt)

 

TERRY LILLIS, FORMER OWNER, MULTIBET: Well in terms of internet capability Alice Springs had a big pipeline come into it, we were able to compete in terms of speed with anywhere else in the world.

 

ANDREW FOWLER: Business boomed. Punters all over the world poured their money into Alice Springs. Then, out of the blue, in 2004, his on line business Multibet, got an email demanding money with menaces.

 

TERRY LILLIS: Well the threat was that we'd be closed down if we didn't pay a certain amount of money into a bank account in a foreign country. We were told that we would be taken offline.

 

ANDREW FOWLER: What did you think of that, what did you think of that threat?

 

TERRY LILLIS: Well initially I thought it might've been a bit hollow, ah we're a long way from anywhere in Alice Springs.

 

ANDREW FOWLER: Lillis called his manager Mike Miller.

 

MIKE MILLER, FORMER CEO, MULTIBET: Initial thinking was that it was a hoax, didn't take it too seriously, in fact I don't think we responded.

 

ANDREW FOWLER: Next came the cyber equivalent of a brick through the window wrapped in an extortion note - another email from the Russians demanding the money or else.

 

MIKE MILLER: It said we're serious and I think it quoted a time and a day, I believe it was 5.30pm on a Friday, they said we will show you that we're serious and we will show you why you should pay this money, wait and see. We thought yeah okay we'll wait and see.

 

ANDREW FOWLER: They didn't have to wait long. At 5.30 on the dot the Russians launched a cyber attack using thousands of computers scattered around the world. Each computer was commanded to attack the Multibet website simultaneously.

The route took the attack through Telstra's switching centres in Sydney, Adelaide and finally into Alice Springs, the Multibet server crashed. The website went down and all bets were off, quite literally.

 

TERRY LILLIS: They put me off the air for I think it was 24 hours.

 

ANDREW FOWLER: So then you knew they were serious.

 

TERRY LILLIS: Oh we knew they were very serious then.

 

ANDREW FOWLER: The company decided to negotiate.

 

ANDREW FOWLER (to Mike Miller): Did you know who you were negotiating with?

 

MIKE MILLER: Had no idea, absolutely no idea.

 

ANDREW FOWLER: You had no idea which country they were in?

 

MIKE MILLER: No.

 

ANDREW FOWLER: But money talks all languages and criminals know how to cut a deal.

 

TERRY LILLIS: They were asking for 25 US I think originally and I didn't know how long that would last and whether there was going to be a repeat ask on a weekly basis or, or what.

 

ANDREW FOWLER: That was 25,000, 25,000 US?

 

TERRY LILLIS: U.S. Yep.

 

ANDREW FOWLER: What did you negotiate down to?

 

TERRY LILLIS: About half that.

 

ANDREW FOWLER: Terry Lillis took a punt, he agreed to make regular monthly payments to the Russians but at the same time he developed a plan to dud them of their money. Telstra, Multibet's internet provider, would ride to the company's rescue.

 

According to Mike Miller, Telstra promised to give the Russians a hiding in cyberspace if they came gunning for Multibet again.

 

MIKE MILLER: Based on the confidence that I had from Telstra, from my technical people at that point we decided to, I in consultation with the owner of the business decided to draw a line in the sand so we responded to their email demand by just saying f*** you, we're not paying any more money, we don't take you seriously. You're going to get caught by the police. Do your best, bring it on, yeah just, just like that.

 

ANDREW FOWLER: The Russians stayed cool.

 

(On Screen Graphic - email from Russians)

 

EXCERPT FROM EMAIL: We have read your response. You have a very foul mouth Mr. Multibet. We will teach you a big lesson in manners.

 

(End of Excerpt)

 

MIKE MILLER: There, there was a lot of built up anger and stress and angst in me and in others and the opportunity to write that email with a bit of confidence from Telstra's solution, it felt really good.

 

ANDREW FOWLER: The good feeling didn't last long - the Russians launched another attack, this time it was massive. The Multibet site went down and stayed down.

 

TERRY LILLIS: I was expecting that I may go off the air for five minutes or so and Telstra would join in and fix the problem. And that didn't happen.

 

MIKE MILLER: The, the overwhelming feeling was initially it was anger but really it was depression and defeat. We, we were helpless.

 

TERRY LILLIS: Well it put me off the, off the air from my clients in Europe and the internet clients as you know they are, they want a quick service and if they can't get it they'll go somewhere else and I think I lost a lot of clients out of that fiasco.

 

MIKE MILLER: In the context of having something done to you that you're helpless to defend against and not knowing how long it's going to go on, in those senses it was like rape.

 

ANDREW FOWLER: The Russian cyber attack was so sustained it backed up through Telstra's network, knocking out the whole of Alice Springs, part of Adelaide, and Telstra central in Sydney.

 

DAN CRANE, FORMER TECHNOLOGY MANAGER, MULTIBET: And that's when they sort of started to panic a bit I think because all of a sudden it wasn't just a, you know run of the mill attack, this was a pretty hardcore attack because that's when it started, that's when it took out Alice Springs, that's when it degraded Adelaide and that's when it melted their routers in Sydney so that's when they said that's it, we don't want a bar of it.

 

ANDREW FOWLER: According to Dan Crane, Telstra stopped accepting any of Multibet's internet traffic from entering Australia.

 

DAN CRANE: They just killed the IP address completely so it wasn't even being routed to the country and yeah, for them the problem was solved.

 

ANDREW FOWLER: What did it mean to your company?

 

DAN CRANE: Oh the same effect, we were dead.

 

ANDREW FOWLER: Unable to place their bets, punters went elsewhere. Multibet estimated it lost 95 per cent of its clients over the following weeks. In the end the company folded. Telstra only disputed one element of this story telling Four Corners it had "continually offered a connection to Multibet both during and after the incident."

 

Multibet however wasn't alone. The Australian Federal Police High Tech Crime Operations Centre called in Britain's Scotland Yard. They were already on the case. Fifty other betting agencies in 30 countries had been subjected to the gang's extortion demands - a scam which had caused nearly $80 million damage.

 

NEIL GAUGHAN, NATIONAL MANAGER, HIGH TECH CRIMES OPERATION, AFP: These organised crime groups are very sophisticated, they are very organised, but more importantly they're very greedy, and in this particular instance they obviously took too many risks and as such international law enforcement cooperation was able to put pressure on the Russian authorities to enable the arrest to take place.

 

(Excerpt of footage of Russian hackers being arrested)

 

ANDREW FOWLER: The Russian extortionists got eight years jail, it was a notable victory for the police, but only one. Too often it's a game of being able to watch but not touch.

 

(End of Excerpt)

 

NEIL GAUGHAN: Since 2004 we've seen an increase in the sophistication and these criminals are actually a lot better than what they were in 2004. One other thing they're able to do now they weren't as good at back then is the anonymous nature of the attack now makes it more difficult for law enforcement to track these people down.

 

ANDREW FOWLER: So just how did the Russians take out Multibet? Well their weapon of choice was the botnet.

 

(Excerpt of footage from botnet internet safety animation)

 

EXCERPT FROM ANIMATION: A quick guide to scary internet stuff, and how to be safe. Number two - botnets - or attack of the zombie computers. Of all the scary internet stuff, botnets are some of the scariest, bots are web robots that sneak into computers, the weak and unprotected ones, and turn them into zombies. Zombie computers turn other computers into more zombies till in the end there's a computer zombie army. And who controls the botnet? The botmaster.

 

ANDREW FOWLER: The Russians were the botmasters of the Alice Springs attack. Now if all that seems rather fanciful, think again, it is estimated that one in six computers in Australia is or has been a zombie computer, part of a botnet. It gets worse, there are thousands of botnets out there in cyber space, all full of malware.

 

PAUL DUCKLIN, HEAD OF TECHNOLOGY DEPARTMENT, SOPHOS: Well if you, if you think back to the beginnings of the, of the history of viruses on PCs it took about six or seven years for the first 1000 viruses to appear. We're now receiving about 40,000 malware samples per day.

 

ANDREW FOWLER: Sophos - an internet security company, maintains one of its four international research hubs in Sydney. What its IT experts are seeing in the new generation of malware that sits inside botnets is alarming.

 

PAUL DUCKLIN: A lot of malware once it's on your computer and running with high privilege deliberately goes out and turns off other security software you may have. So the problem is that once you're infected with something it's almost the case that all security bets are off.

 

And that means that if you get infected with, with, with today's malware and it turns your, what's left of your anti-virus off then that means the floodgates are now wide open. So that's the real problem to me with bots, the number of sort of poor unfortunate individuals who just don't realise that they're actually doing the dirty work of some cyber criminal.

 

ANDREW FOWLER: The Queensland Police Fraud and Corporate Crime Group specialises in tracking botnets, they have penetrated the cyber criminal underworld.

 

BRIAN HAY: What we do have is a covert presence in black ma

© 2024 Journeyman Pictures
Journeyman Pictures Ltd. 4-6 High Street, Thames Ditton, Surrey, KT7 0RY, United Kingdom
Email: info@journeyman.tv

This site uses cookies. By continuing to use this site you are agreeing to our use of cookies. For more info see our Cookies Policy