backtop

Print E-mail del.icio.us 28 comment(s) - last by Jcfili.. on Sep 14 at 12:26 PM

The Australian federal police have been hacked after their boasts of a recent hacker bust drew the ire of one angry hacker.  (Source: Monsters and Critics)
Yet another example of stunning IT in-security rears its ugly head

Last night an episode of ABC's Four Corners, an Australian show looked at a police investigation that was ferreting out hackers in the "Land Down Under".  On the segment, the police brazenly boasted of recent hacker arrests.  Neil Gaughan, national manager of the federal police's High Tech Crimes Operation cheered, "We can operate in a covert activity here fairly seamlessly with no harm to our members with continual and actual significant penetration."

Now it appears the joke is on them, as the Australian federal police have had their systems hacked. 

The story began last week on Wednesday when police raided the home of an administrator of underground hacking forum, r00t-y0u.org.  The police seized the admin's computers and apparently got passwords out of him as well.  They then began logging onto the forum and using it as a honeypot, reaping a wealth of evidence of wrongdoing.

However, hackers caught wind that something odd was afoot, since they had heard of the admin's arrest and became suspicious of how he could be log in to the forum so quickly.  Their suspicions were confirmed when the police posted a taunting message on the forum stating "all member IP addresses have been logged"  and arrests were being made.

Enraged, some members of the hacker community broke into the system the police were using in the investigation and then proceeded to use it to gain access to both the police evidence and intelligence about federal police systems.  A spokesperson for the police acknowledges the intrusion stating, "The AFP has identified a person whom [sic] has attempted to access the stand-alone computer system and we are currently working with our law enforcement partners regarding this matter."

On the site Pastebin.com, the hacker mocked the police for "making it sound like they can bust 'hackers', when all they have done is busted a COUPLE script kiddies."  They also posted screenshots of fake IDs and stolen credit card numbers, taken off the police servers as proof of their access.

The hacker continued to mock the police stating, "I couldn't stop laughing" on seeing that the federal police's server was running Windows (which most hackers avoid for security reasons). He also gloated over the fact that police "left the MYSQL password blank."  The hacker continues, "These dipshits are using an automatic digital forensics and incident response tool.  All of this [hacking] had been done within 30-40 minutes. Could of been faster if I didn't stop to laugh so much."

The hacker reportedly used an attack method called SQL injection.  As the database app was not password protected, he was able to create a PHP file on the disk, browse through it and gain full access to the server.

Police claim the files were intentionally placed on the system and not compromised.  They said they place copies of previously compromised files on a special server for cybercrime investigations.  No charges have been filed yet against r00t-y0u.org members.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
To the police.
By achintya on 8/19/2009 12:13:29 PM , Rating: 5
Ha Ha.
Ha Ha.
Ha Ha.

This is what happens when you try to combat experienced hackers using inexperienced ones. And the "taunt" was the nail in the coffin, since the hacking community is such a close knit one, nobody tolerates being taunted and will always retaliate.

And isn't secrecy one of the main pillars of a solid investigation?




RE: To the police.
By knutjb on 8/19/2009 6:10:48 PM , Rating: 5
To look at it from the law enforcement side. For sake of argument, the police did set up an easy target. Then intentionally bragged about it very publicly to go fishing for more hackers. Hackers, instead of attacking companies, consumers, etc... attack the police. Did they then do their job?

The police appear to be using a well known and used tactic of playing on criminal's egos. By taunting the hackers and setting up a proactive site with the intent it would be hacked they very well could be having the last laugh. Time will tell if it was a well run trap or bout of police incompetency.


RE: To the police.
By glennc on 8/21/2009 2:56:36 AM , Rating: 2
don't you know the media doesn't look at both sides of the story? as far as they are concerned the feds got hacked -end of story.


RE: To the police.
By Jcfili on 9/14/2009 12:26:31 PM , Rating: 2
N0o0o0obs Do0o0o0own!!!!!


Entrapment?
By seraphim1982 on 8/19/2009 3:31:08 PM , Rating: 2
Isn't this entrapment to a certain extent for the ones who were forum members?




RE: Entrapment?
By GaryJohnson on 8/19/2009 4:05:10 PM , Rating: 2
In order for there to be entrapment someone has to be baited into doing something illegal that they wouldn't otherwise have done.

How do you figure it was entrapment?


RE: Entrapment?
By Visual on 8/20/2009 4:20:00 AM , Rating: 2
leaving a site wide-open to simple "hacks" like sql injections is very much like directly making a site with a form that asks "what would you want to do with our database" and buttons for download, delete, deface, etc.

i don't know if i'd call it entrapment, as in my opinion hacking such a site should not even be considered a crime. it's like someone on the street throwing around their money, and later filing charges for theft against the people that took them - more like idiocy than entrapment.


RE: Entrapment?
By GaryJohnson on 8/20/2009 3:04:46 PM , Rating: 2
That's more like someone going into your house because you forgot to lock your door. The trespasser should still be punished, no matter how negligent the trespasee may have been.

It's very easy for someone to walk up to you and shoot you. Should people be allowed to shoot you because of how easy it is? Are you an idiot because you don't walk around in body armor?


RE: Entrapment?
By Visual on 8/21/2009 2:41:22 AM , Rating: 2
no it is not like that. it would be accurate if you didn't just forget to lock your door, but you are some cave-man with no concept of a door at all, not to mention a lock.

and don't mix in shooting people with this, it's got nothing to do with it and i'm sure i don't need to explain why.


Hahahaha. ph34r!!1111
By MrBlastman on 8/19/2009 12:08:09 PM , Rating: 5
I laughed, a lot when I read about this yesterday. This just makes me grin and chuckle. Unless you're dealing with script kiddies (which, to my amusement the Hackers can claim the cops are), a lot of hackers are smart or at least pretty clever.

I don't see how you can not find any humor in this. Their plan backfired and it is 1-0, Hackers lead, at least... for now.




RE: Hahahaha. ph34r!!1111
By davebeneteau on 8/19/2009 12:15:02 PM , Rating: 3
it seems like its more like 150 (hackers) - 1 (not hackers)

they did manage to get themselves in way over their head... which has to count for one point.

thought of a quote that applied,
"it shall bruise thy head, and thou shalt bruise his heel" ... funny how the feds always play the part of the serpent


The interwebs have you!
By Complex Pants on 8/19/2009 2:26:42 PM , Rating: 5
1st rule of the internets:

Do not anger the internets

Hackers are like icebergs. You may see one, but the rest are very well hidden and are ready FUBAR your sh!t if they so choose.




RE: The interwebs have you!
By Spookster on 8/19/2009 7:39:57 PM , Rating: 1
Welcome to Hacking. The first rule of Hacking is: you do not talk about Hacking. The second rule of Hacking is: you DO NOT talk about Hacking! Third rule of Hacking: if someone yells "stop!", goes limp, or gets arrested, the hack is NOT over. Fourth rule: only two guys to a hack. Fifth rule: one hack at a time, fellas. Sixth rule: the hacks are bare Windows PC's. No Linux, no Unix, no Macs. Seventh rule: hacks will go on as long as they have to. And the eighth and final rule: if this is your first time at hacking, you have to hack.


RE: The interwebs have you!
By samoak54 on 8/24/2009 11:08:20 AM , Rating: 2
Finally, someone who can paraphrase the WHOLE quote, not just the first two rules. :P Well said!!


Font?
By Yawgm0th on 8/19/2009 7:30:27 PM , Rating: 2
Why does the story change from Times New Roman 12 point to Arial 10 point?

That's right -- I ignore all of the grammatical, spelling, syntax and diction errors on DT articles, but I need to question the font inconsistencies.




RE: Font?
By Etern205 on 8/19/2009 8:19:20 PM , Rating: 2
Go back and look carefully at the article, then you'll see the answer.


Patiently waiting...
By croc on 8/20/2009 4:26:52 AM , Rating: 2
Given that this was a 'honeypot' operation, I think that I'll wait and see what the final outcome is before taking any sides.

Not that I personally know any, but the AFP has some pretty clued-in staff. 'He who laughs last...'...




RE: Patiently waiting...
By Felofasofa on 8/20/2009 7:51:56 AM , Rating: 2
quote:
Not that I personally know any, but the AFP has some pretty clued-in staff. 'He who laughs last...'...


I used to play cricket with a couple of Aussie Feds. Pretty average in the clues department I thought. Spent most of their time tracking tax cheats. A cut above "normal" aussie pigs though, who really drag their knuckles.


Uh... what?
By extraflamey22 on 8/19/2009 3:02:50 PM , Rating: 1
quote:
...became suspicious of how he could be long in to the forum...


logging in/logged in?

quote:
...server was running Windows ( which is most hackers avoid for security reasons).


I can't even begin to figure out what you mean here.




RE: Uh... what?
By damianrobertjones on 8/19/09, Rating: -1
RE: Uh... what?
By C'DaleRider on 8/19/2009 5:55:46 PM , Rating: 1
Are you that dense?

Leave out the "is" from the section (which [is] most hackers avoid for security reasons.)....

And you come up with this sentence:

....server was running Windows (which most hackers avoid for security reasons.)

Was that so hard? Guess it was given your comment.


RE: Uh... what?
By extraflamey22 on 8/19/2009 7:20:15 PM , Rating: 2
My comment had nothing to do with the obvious typo, but rather the wording of that statement.

Hackers, by definition, are looking for systems other than their own to break into. His sentence makes it sound like they avoid hacking Windows systems because they are secure. Obviously this is not what the unidentified hacker meant, and should be clarified.

For example, "(which most hackers avoid using for security reasons.)"

If this is not at all what Jason was trying to convey, and that hackers around the world are applauding Windows for its strong security, then I apologize.


Protect yourself first!
By Loren Lo on 8/25/2009 5:12:00 AM , Rating: 2
Not so funny. Hackers are not so cool, being hacked is terrible.

Secure your PC and Internet first.'Security Shield 2009'
http://www.111download.com/product/security-shield...

Key Features :
Virus, Spyware and Adware Protection;Personal Firewall;Automatic Daily Updates;Parental Control;Root-Kit Detection;Spam Filter.




"We can't expect users to use common sense. That would eliminate the need for all sorts of legislation, committees, oversight and lawyers." -- Christopher Jennings

DailyTech Poll
Which web browser do you use on your primary personal machine? 






44 Comments









botimage
Copyright 2009 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki