Finding and prosecuting Russian hackers who claimed responsibility for terrorising thousands of Australian school students, parents and teachers with hoax bomb threats could be very difficult, says a cyber security expert.

For a second day this week, Victorian schools were put into lockdown or evacuated after bomb threats were issued. This followed similar threats being phoned in to schools in NSW, Tasmania, Queensland and the ACT.

A Russian, pro-Putin hacking group, Evacuation Squad, said they had made the fake calls to schools in three states on Wednesday. NSW Police denied the claim when contacted by The New Daily.

• Exclusive school linked to bomb threats
• School threats an ‘overseas hoax’
• ‘Numerous threats’ made to Australian schools

“There is clearly a pattern of hoax calls designed to cause disruption and attract media attention,” police said in a statement on Tuesday, adding it was not known why Australian schools were being targeted and that the “exact source” was unclear. 

“The threats appear to come from overseas with no credible evidence they could be carried out here.”

The group’s Twitter account has now been suspended.

Evacuation Squad claim to be a group of six international members, based in Russia and Iran, who have previously stated they “hate the American Government … authority, and we love to cause mayhem”.

Brisbane’s Gap State High School was one of several Queensland schools evacuated following a series of bomb threats. Photo: AAP

A spokesperson for the group, who uses the name Viktor Olyavich, told Mashable Australia on Monday they “do these threats because they are funny to us”.

“We don’t worry about the consequences, because our main threat-makers are based in Russia and Iran,” he said.

Technology currently available had far simplified carrying out this type of activity, University of South Australia’s Raymond Choo told The New Daily.

The perpetrators could be very difficult to find and prosecute, said Dr Choo, an associate professor at UniSA and cyber and information security expert.

“Without relying on other sources of intelligence, I don’t think there is an easy way to distinguish a hoax from a legitimate threat,” he said.

“Unfortunately, widespread availability of toolkits to mask one’s electronic trails lowers the technical bar to commit cyber swatting and other cybercrime, and create social unrest.”

Parents find out about threat on social media

Principals called for an automated text-message system to enable them to alert parents to unfolding situations, News Corp reported on Wednesday evening.

It followed some parents revealing they found out about the threats to Australian schools via social media.

Some fear it served to inflame the situation.

“The news is immediate so obviously the reactions are immediate,” Parents Victoria’s Gail McHardy told the ABC’s 7.30.

“In the past, if an event, an incident happened at a school obviously the information would flow through at a slower rate but in the digital world we live in, that information gets through to people very quickly and often the facts are sometimes a bit stretched and so it’s very difficult for schools and emergency authorities to manage that in a very, you know, immediate environment.”

But it could be difficult to implement the SMS technology, Victorian Principals Association president Gabrielle Leigh told the Herald Sun, as many schools would not be able to afford it.

Technology that re-routes where a signal is originating from makes it difficult to track some cyber criminals. Photo: Getty

“Some parents have had to find out on Facebook. If it was me I wouldn’t want to find out [like that],” she said.

“Communication with parents is so important and the department should modernise and provide all schools with the ability to text parents so they can immediately get in touch in any emergency situation.”

Activity tough to track

Olyavich indicated the cyber hacking group planned to lodge further hoax calls in Europe, which would be carried out using a stolen voice over IP, which made it difficult to pinpoint the perpetrators.

The method is classed as ‘cyber swatting’ and involves lodging threatening phone calls, usually re-routing it to make it appear to originate from a certain place, in order to draw a response from law enforcement.

According to Dr Choo, when the threat originated from overseas, it was difficult to prosecute.

“Cross-jurisdiction and evidence collection investigations are always challenging, and jurisdictional differences in substantive and criminal law may hinder police efforts to hold perpetrators to account for cybercrime,” he said.

In recent months, an American teenager was jailed for the crime.

In December 2015, 19-year-old Zachary Lee Morgenstern was sentenced to 41 months in prison, and then three years’ supervised release, for calling in multiple fake bomb threats, harassing text messages, and placing ‘swatting’ phone calls falsely reporting hostage situations.