hackers and bots

What are hackers and bots?

Cybercriminality is on the rise and it is clear that the sophistication and impact of cybercrimes poses serious and constant threats to Australian businesses, individuals and government agencies. Considering the interconnectivity of the internet and that cybercriminals can access your confidential information at the click of a button, it is imperative that you have an understanding of the types of hacking and malicious software (malware) that can be harmful to you.

 

What is hacking?

The term hacker can have multiple meanings. The most common understanding of a ‘hacker’ is someone who secretly gains entry into a computer system to obtain information. Whilst there are numerous methods available to cybercriminals to commit identity theft, two of the most common are ‘Spyware and ‘Trojan Horses’.

 

What is ‘spyware’?

Spyware is a general term for programs that can covertly monitor the details of your computer usage and website activity. Such information is obtained without the knowledge of the user. The intent behind spyware programs is that they will gather your personal information. Such information can range from your personal identification and passwords to email addresses and account numbers. This information will be sent to controllers of the spyware, or distributed to third parties. Spyware is therefore a significant reason for the increase in credit card and identity theft.

Spyware is installed unknowingly by users when they install something else. For example, if you download something for ‘free’ from the internet (e.g. music, movies, television shows, screensavers, ringtones) it may also install spyware. Even when you visit certain websites those websites may attempt to install spyware on your computer.

 

What is a ‘Trojan Horse’?

A Trojan is a type of malware that will appear trustworthy or legitimate although once downloaded, can cause severe damage to your computer system. Trojans will mislead unsuspecting consumers of its true intent. For example, certain programs that promise to rid your computer of viruses can often introduce new viruses onto your computer. Trojans can vary in their severity, ranging from destroying and deleting computer files from your hard drive to ‘remote access trojans’ which are usually downloaded via gaming websites played on the internet and will grant the cybercriminal access to the internet users system.

Trojans are usually the first stage of attack, and once infiltrated, will download more sinister threats such as bots.

 

What is a ‘bot?’

Once a computer is infected with the malicious software (Malware) it is commonly called a ‘bot’. Bots will lie dormant on an individual’s computer device and will perform user centric tasks automatically without any interactions from a user. When a ‘bot’ has infected a computer device and that infected program can join similar vulnerable computers into a network then a ‘botnet’ is created. Once a bot has infected a computer successfully with a piece of malware the cybercriminal has gained complete control over that device, usually without the knowledge of the owner. The cybercriminal can then use that computer to carry out cyber-attacks, and it will only be traced back to the original infected computer.

 

What are some recent cases in Australia concerning cybercrime/computer crime?

 

The Case of Michael Scerba

Michael Scerba successfully hacked into and retrieved sensitive information from the Defence Intelligence Organisation (DIO) which he then published on a social media site with the caption ‘Julian Assange is my hero’

Michael was charged with unauthorised access to or modification of restricted data (an offence against s478.1 of the Criminal Code (Cth)) and disclosure of information by a Commonwealth officer (an offence against s70 Crimes Act 1914 (Cth))

Whilst it was acknowledged that Michael had not intended to compromise national security he had intended to cause harm through publishing the sensitive documents online.

Michael was convicted on one count of disclosure of information by current Commonwealth Officer under s70(1) of the Crimes Act 1914 (Cth). He was sentenced to a maximum of 12 months imprisonment to be released after three months upon entering into a recognisance order in the sum of $500 and to be of good behaviour for two years.

 

The Case of Larkin and Shee

The defendants in this particular case conspired to upload malicious software (Malware) onto the Western Australian Department of Health (DoHWA). Access to the computer network would allow remote, untraceable access to that particular network. Shee was contracted to a consultant company to DoHWA (and was tasked with writing the program) and Larkin, who was also contracted to DoHWA was to upload the program

The defendants were charged with one count of conspiring to cause an unauthorised modification of data held on a computer (contravention of s11.5(1) and s477.2(1) of the Criminal Code)

In the Western Australian District Court, Larkin was sentenced to 2 years 6 months’ immediate imprisonment to be released on a recognizance release order after serving 10 months. Shee was sentenced to 3 years’ immediate imprisonment to be released on a recognizance release order after serving 12 months

In delivering judgment the court stated:

“The members of the community must know that offences of this kind are very serious and will, by their nature, generally warrant imprisonment. Indeed, I would think that it would be an exceptional case only of this kind in which imprisonment were not imposed. The persons who may be inclined to this form of dishonesty are likely to be highly intelligent. Deliberation and planning is required”

The defendants’ appealed their sentence which was heard in the WA Court of Appeal on 12 September 2012. The court’s decision is reserved.

Nyman Gibson Miralis provides expert advice and representation in complex international cybercrime investigations. Our expertise includes dealing with malware, phishing and computer hacking offences, bootlegging and tripping, Bitcoin and crypto-currency fraud, as well as offences relating to identity theft, spreading computer viruses and DDoS attacks.

Contact us if you require assistance.