You may have heard in the news this morning that the federal police have arrested a man from Cowra whom they allege was responsible for hacking in to the systems of one of the National Broadband Network’s service providers . That, albeit interesting for its obvious links with current political discourse, is not the most interesting bit of the story.
The bit which I find interesting is that police also allege that this man was responsible for the attack which brought down Distribute.IT, a wholesale service provider of website hosting, domain names and the like. Distribute.IT was a fairly large player in the Australian market, providing wholesale services to many of the other players in the market.
The attack on Distribute.IT resulted in the total loss of somewhere in the order of 4,000 websites and chaos for the owners of many thousands of domain names, not to mention the retail service providers who had to deal with the fallout from it all. For .au domains, the chaos was slightly more contained as core systems (not run by Distribute.IT) which allow for the domains to be transferred to other providers continued to work, however for non .au domains, such actions were not possible and thousands upon thousands of domains were left in limbo…still operating to the extent of allowing traffic to be directed to appropriate servers, but unable to be managed in any way by their owners, and unable to be renewed if they were due to expire, which some did.
Eventually another provider, NetRegistry, bought Distribute.IT’s assets without any of their liabilities and set about restoring the horribly compromised Distribute.IT systems to some form of functionality before moving customers across to their own systems. While debate rages about whether NetRegistry’s move was the best possible outcome (moves were afoot by authoritative bodies within the industry to dissolve Distribute.IT’s domain registrar accreditation which may have resulted in people being able to move their domains to other providers more easily, but could also have been very messy) and I don’t propose to try and decide which option would have been better, what I can say is that the full functionality of the management side of the affected domains has still not been restored, and that this hacking has resulted in many thousands of hours of lost productivity throughout the Australian internet services industry and in other industries which rely on it, such as businesses with online stores.
I think that this is a much bigger and more interesting story than an intrusion in to the systems of a company which happens to have an agreement with NBN Co. and am somewhat disappointed that it won’t get anywhere near the amount of coverage, although I suppose when it is all added together and you take in to account the fact that the man who police allege is responsible for it all has no formal qualifications in IT whatsoever, it does go to show what many people in the IT industry have been saying for a very long time. Experience trumps qualifications every time.