The Australian federal police have been hacked after their boasts of a recent hacker bust drew the ire of one angry hacker.  (Source: Monsters and Critics)
Yet another example of stunning IT in-security rears its ugly head

Last night an episode of ABC's Four Corners, an Australian show looked at a police investigation that was ferreting out hackers in the "Land Down Under".  On the segment, the police brazenly boasted of recent hacker arrests.  Neil Gaughan, national manager of the federal police's High Tech Crimes Operation cheered, "We can operate in a covert activity here fairly seamlessly with no harm to our members with continual and actual significant penetration."

Now it appears the joke is on them, as the Australian federal police have had their systems hacked. 

The story began last week on Wednesday when police raided the home of an administrator of underground hacking forum,  The police seized the admin's computers and apparently got passwords out of him as well.  They then began logging onto the forum and using it as a honeypot, reaping a wealth of evidence of wrongdoing.

However, hackers caught wind that something odd was afoot, since they had heard of the admin's arrest and became suspicious of how he could be log in to the forum so quickly.  Their suspicions were confirmed when the police posted a taunting message on the forum stating "all member IP addresses have been logged"  and arrests were being made.

Enraged, some members of the hacker community broke into the system the police were using in the investigation and then proceeded to use it to gain access to both the police evidence and intelligence about federal police systems.  A spokesperson for the police acknowledges the intrusion stating, "The AFP has identified a person whom [sic] has attempted to access the stand-alone computer system and we are currently working with our law enforcement partners regarding this matter."

On the site, the hacker mocked the police for "making it sound like they can bust 'hackers', when all they have done is busted a COUPLE script kiddies."  They also posted screenshots of fake IDs and stolen credit card numbers, taken off the police servers as proof of their access.

The hacker continued to mock the police stating, "I couldn't stop laughing" on seeing that the federal police's server was running Windows (which most hackers avoid for security reasons). He also gloated over the fact that police "left the MYSQL password blank."  The hacker continues, "These dipshits are using an automatic digital forensics and incident response tool.  All of this [hacking] had been done within 30-40 minutes. Could of been faster if I didn't stop to laugh so much."

The hacker reportedly used an attack method called SQL injection.  As the database app was not password protected, he was able to create a PHP file on the disk, browse through it and gain full access to the server.

Police claim the files were intentionally placed on the system and not compromised.  They said they place copies of previously compromised files on a special server for cybercrime investigations.  No charges have been filed yet against members.

"Can anyone tell me what MobileMe is supposed to do?... So why the f*** doesn't it do that?" -- Steve Jobs
Related Articles

Most Popular Articles

Copyright 2018 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki