Sophisticated hacking system may be behind hoax threats received by Australian schools

[Inga Goddijn <inga () riskbasedsecurity com>]

http://www.theguardian.com/australia-news/2016/feb/03/sophisticated-hacking-system-behind-hoax-threats-received-by-australian-schools

Authorities believe a sophisticated and automated hacking system is behind
a series of threatening hoax phone calls that have disrupted the start of
the year for students at more than 30 schools throughout Australia, as well
as students from hundreds of schools throughout France, Italy, the
Netherlands, Japan, and the UK
<http://www.independent.co.uk/news/uk/home-news/school-bomb-threats-glasgow-high-school-searched-by-police-after-threat-a6846191.html>
.

The calls began on 29 January and were ignored by parts of the Australian
media, with police in New South Wales urging reporters not to give
attention to the hoaxers who threatened school shootings and bombs.

However schools have been seriously disrupted and staff, parents and
children inconvenienced as the calls have continued into February. On
Tuesday, 17 schools were evacuated in Victoria, nine in Queensland, five in
the Australian Capital Territory and an undisclosed number in New South
Wales.

By Wednesday morning, eight more calls had been made to Queensland schools,
as well as to schools in Victoria and on the NSW central coast.

The chief commissioner of Victoria police, Graham Ashton, told reporters
that the threats were a “hoax scenario” but that schools needed to be
evacuated every time because “it may be that a particular call that might
come in that is not a hoax”.

Ashton told reporters that he did not believe the calls would provoke
copycats, because the automated hacking process required to make the calls
en masse appeared to be quite sophisticated.

However, it appears there may be more than one group behind the calls. A
group of hackers calling itself “Evacuation Squad” has claimed
responsibility for the calls affecting Europe, the US
<http://nymag.com/following/2016/02/evacuation-squad-shuts-down-schools-for-fun.html?mid=twitter_nymag#>,
Japan and South Africa, a representative of the group, who goes by the name
Viktor Olyavich, said Evacuation Squad were not behind the Australian calls.

Twitter has suspended the accounts of two Evacuation Squad members who
claimed responsibility for the calls.

Victoria’s education minister, James Merlino, told ABC radio on Wednesday
morning that local police were working with Australian Federal Police and
police internationally to find the hoaxers.

“This isn’t an easy area of law enforcement,” Merlino said.

“The [dark web] is quite sophisticated, it’s quite difficult to track down
perpetrators.”

He confirmed that Nossal high school, a selective state school located
within the Berwick campus of Monash University, was working with police to
establish whether its telecommunications system had been hacked and used to
make some of the calls.

“It may be that the hacking and the telecommunications are bouncing around
the world and landing in this school,” Merlino said.

To date, the calls appear to be no more than an elaborate hoax. But they
have disrupted students, many in kindy or preschool and attending school
for the first time. In the case of a shooting threat, schools are placed
into lockdown, while for bomb threats, children are evacuated to a nearby
meeting point, often a school oval, and are forced to wait until the school
is declared safe by police.

A Queensland police media spokesman said during evacuations on Tuesday,
when temperatures reached 40 degrees, a student was taken to hospital
suffering from heat exhaustion during an evacuation. A Queensland ambulance
service spokeswoman said paramedics were called out to a school at 11.25am
and treated 13 students aged between 12 and 14.

Five were taken to hospital, she said, three suffering from heat exhaustion
and two suffering from undisclosed medical conditions.

However, state and territory police have said at this stage, there was no
cause for alarm.

“We can confirm that the schools have been searched and nothing suspicious
has been identified,” ACT police media said in a statement.

“We are aware that schools in a number of other states have recently
received similar calls. Police are warning that it is an offence to make
such threats and every effort will be made to identify those responsible.
The offence carries heavy penalties.”

NSW police statement said: “There is no evidence these are anything other
than hoaxes designed to causing unnecessary disruption and inconvenience”.

“The threats appear to come from overseas with no credible evidence they
could be carried out here,” the statement said.

“Police investigations are continuing into the hoax calls and their source.”

There is no suggestion the calls are linked to terrorism.

Professor Sanjay Jha, the director of cybersecurity and privacy at the
University of NSW, said that the perpetrators could prove difficult for
police to track down.

There were numerous commercial internet servers available to businesses
wanting to make automated calls, he said, for example banks wanting to
alert customers when suspicious activity was registered on an account, or
telemarketing companies wanting to sell people products or services.

“What happens with these servers is you have to create an account and the
account establishment might not be a very stringent process when it comes
to having to prove your identity,” Jha said.

“It means if people are malicious and have created an account with a false
identity and they’re outside Australian jurisdictions, it can be difficult
to trace where they are or the people behind it. These servers are
typically not in a locations where Australian authorities can easily access
them.”

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.