Now it appears the joke is on
them, as the Australian federal police have had their systems
The story began
last week on Wednesday when police raided the home of an
administrator of underground hacking forum, r00t-y0u.org. The
police seized the admin's computers and apparently got passwords out
of him as well. They then began logging onto the forum and
using it as a honeypot, reaping a wealth of evidence of
However, hackers caught wind that something odd
was afoot, since they had heard of the admin's arrest and became
suspicious of how he could be log in to the forum so quickly.
Their suspicions were confirmed when the police posted a taunting
message on the forum stating "all member IP addresses have been
logged" and arrests were being made.
members of the hacker community broke into the system the police were
using in the investigation and then proceeded to use it to gain
access to both the police evidence and intelligence about federal
police systems. A spokesperson for the police acknowledges the
intrusion stating, "The AFP has identified a person whom [sic]
has attempted to access the stand-alone computer system and we are
currently working with our law enforcement partners regarding this
On the site Pastebin.com, the hacker mocked the
police for "making it sound like they can bust 'hackers', when
all they have done is busted a COUPLE script kiddies."
They also posted screenshots of fake IDs and stolen credit card
numbers, taken off the police servers as proof of their access.
hacker continued to mock the police stating, "I couldn't stop
laughing" on seeing that the federal police's server was running
Windows (which most hackers avoid for security reasons). He also
gloated over the fact that police "left the MYSQL password
blank." The hacker continues, "These dipshits are
using an automatic digital forensics and incident response tool.
All of this [hacking] had been done within 30-40 minutes. Could of
been faster if I didn't stop to laugh so much."
hacker reportedly used an attack method called SQL injection.
As the database app was not password protected, he was able to create
a PHP file on the disk, browse through it and gain full access to the
Police claim the files were intentionally placed on
the system and not compromised. They said they place copies of
previously compromised files on a special server for cybercrime
investigations. No charges have been filed yet against
quote: Not that I personally know any, but the AFP has some pretty clued-in staff. 'He who laughs last...'...