Print 28 comment(s) - last by Jcfili.. on Sep 14 at 12:26 PM

The Australian federal police have been hacked after their boasts of a recent hacker bust drew the ire of one angry hacker.  (Source: Monsters and Critics)
Yet another example of stunning IT in-security rears its ugly head

Last night an episode of ABC's Four Corners, an Australian show looked at a police investigation that was ferreting out hackers in the "Land Down Under".  On the segment, the police brazenly boasted of recent hacker arrests.  Neil Gaughan, national manager of the federal police's High Tech Crimes Operation cheered, "We can operate in a covert activity here fairly seamlessly with no harm to our members with continual and actual significant penetration."

Now it appears the joke is on them, as the Australian federal police have had their systems hacked. 

The story began last week on Wednesday when police raided the home of an administrator of underground hacking forum,  The police seized the admin's computers and apparently got passwords out of him as well.  They then began logging onto the forum and using it as a honeypot, reaping a wealth of evidence of wrongdoing.

However, hackers caught wind that something odd was afoot, since they had heard of the admin's arrest and became suspicious of how he could be log in to the forum so quickly.  Their suspicions were confirmed when the police posted a taunting message on the forum stating "all member IP addresses have been logged"  and arrests were being made.

Enraged, some members of the hacker community broke into the system the police were using in the investigation and then proceeded to use it to gain access to both the police evidence and intelligence about federal police systems.  A spokesperson for the police acknowledges the intrusion stating, "The AFP has identified a person whom [sic] has attempted to access the stand-alone computer system and we are currently working with our law enforcement partners regarding this matter."

On the site, the hacker mocked the police for "making it sound like they can bust 'hackers', when all they have done is busted a COUPLE script kiddies."  They also posted screenshots of fake IDs and stolen credit card numbers, taken off the police servers as proof of their access.

The hacker continued to mock the police stating, "I couldn't stop laughing" on seeing that the federal police's server was running Windows (which most hackers avoid for security reasons). He also gloated over the fact that police "left the MYSQL password blank."  The hacker continues, "These dipshits are using an automatic digital forensics and incident response tool.  All of this [hacking] had been done within 30-40 minutes. Could of been faster if I didn't stop to laugh so much."

The hacker reportedly used an attack method called SQL injection.  As the database app was not password protected, he was able to create a PHP file on the disk, browse through it and gain full access to the server.

Police claim the files were intentionally placed on the system and not compromised.  They said they place copies of previously compromised files on a special server for cybercrime investigations.  No charges have been filed yet against members.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Entrapment?
By Visual on 8/20/2009 4:20:00 AM , Rating: 2
leaving a site wide-open to simple "hacks" like sql injections is very much like directly making a site with a form that asks "what would you want to do with our database" and buttons for download, delete, deface, etc.

i don't know if i'd call it entrapment, as in my opinion hacking such a site should not even be considered a crime. it's like someone on the street throwing around their money, and later filing charges for theft against the people that took them - more like idiocy than entrapment.

RE: Entrapment?
By GaryJohnson on 8/20/2009 3:04:46 PM , Rating: 2
That's more like someone going into your house because you forgot to lock your door. The trespasser should still be punished, no matter how negligent the trespasee may have been.

It's very easy for someone to walk up to you and shoot you. Should people be allowed to shoot you because of how easy it is? Are you an idiot because you don't walk around in body armor?

RE: Entrapment?
By Visual on 8/21/2009 2:41:22 AM , Rating: 2
no it is not like that. it would be accurate if you didn't just forget to lock your door, but you are some cave-man with no concept of a door at all, not to mention a lock.

and don't mix in shooting people with this, it's got nothing to do with it and i'm sure i don't need to explain why.

"We basically took a look at this situation and said, this is bullshit." -- Newegg Chief Legal Officer Lee Cheng's take on patent troll Soverain
Related Articles

Most Popular ArticlesSmartphone Screen Protectors – What To Look For
September 21, 2016, 9:33 AM
UN Meeting to Tackle Antimicrobial Resistance
September 21, 2016, 9:52 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
Update: Problem-Free Galaxy Note7s CPSC Approved
September 22, 2016, 5:30 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki