[ISN] SA sites hit by hacker

From: InfoSec News (isnat_private)
Date: Tue Oct 22 2002 - 01:52:43 PDT

  • Next message: InfoSec News: "[ISN] HIPAA a hardship for health care companies"
    21 October 2002  
    [Johannesburg, 21 October 2002] - A hacker is reported to have
    targeted at least 20 South African Web sites last week, 14 of the
    attacks occurring in a single day. This is according to Internet law
    firm Buys Attorneys, which routinely tracks the behaviour of hackers.
    Reinhardt Buys of Buys Attorneys says last week saw a sharp increase
    in the number of hacker attacks on local Web sites. "During the past
    week, a hacker who refers to himself only as 'r00t3rs' hacked into
    more than 20 sites."
    Buys says the hacker defaced 14 sites on 16 October, making it the
    worst hacking attack in SA's history. He says the hacker appeared to
    have focused on sites operating on Windows NT and bearing a .co.za
    domain name. "The hacker defaced the sites simply by deleting pages
    and replacing them with a blank page featuring his, or her, name. The
    successful attacks occurred in the early hours of Tuesday morning.
    "Since we started monitoring hackers that target South African sites
    in 2000, we never saw one hacker deface so many local sites in one
    day," says Buys.
    The Web sites successfully hacked by this hacker were:  
    www.mytimesheet.co.za, www.betaconsulting.co.za,
    www.sunshinecompany.co.za, www.mobilcell.co.za, www.iciniso.co.za,
    www.hbt.co.za, www.ggates.co.za, www.futurefin.co.za, www.fomi.co.za
    and www.ek.co.za.
    Three hackers defaced six other local Web sites last week. A hacker
    called "ATH" defaced www.audiospectrum.co.za and www.voigtlab.co.za.  
    "Suicide Pig" defaced Maserati's South African Web site. The Grey
    College Web site was hacked by a group called "Fatal Error". Visitors
    to the Audiopectrum site saw a dragon and cryptic message from the
    hacker: "Special greetz to: Nikom 13 - Rage Against".
    Spiritual World's Web site at www.spiritualworld.co.za was hacked on
    the same day by "ATH", who even placed a contact e-mail address of the
    defaced site. The e-mail address indicates a Brazilian e-mail account.
    "Until a few months ago hacking was basically legal in SA as no law
    addressed it. If the police succeeded in arresting a suspected hacker,
    prosecutors had to rely on common law crimes such as housebreaking or
    malicious damage to property. It was very difficult to obtain the
    necessary evidence to prosecute hackers successfully. In some cases,
    however, a hacker may be liable for copyright infringement because he
    or she adapts or destroys another person's content without the
    necessary permission.
    "However, in terms of section 86 of the new Electronic Communications
    and Transactions [ECT] Act, hacking is now a statutory offence in SA.  
    The crime is defined as the intentional access to, modification or
    destruction of data without any authority to do so. The crime carries
    a fine or a prison sentence of between one and five years."
    Buys says this section is basically useless if the hacker operates
    from another country as the law applies only if the hacker commits the
    offence in SA. If a Brazilian hacker hacks into local Web sites and
    the South African police succeed in tracing down such a hacker, the SA
    government will have to ask the host country to extradite the hacker.
    "The hacking law also applies to any South African citizen or
    permanent resident, notwithstanding the fact that such a person is not
    in SA and hacks into non-South African Web sites. An interesting
    clause in the law states that the hacking law also applies to people
    on ships or aircraft coming to or leaving SA, should the hacking take
    place from such a ship or aircraft."
    There has not been criminal prosecution of a hacker in SA in terms of
    the new ECT Act and it is still uncertain what kind of evidence will
    be necessary to secure a conviction.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Oct 22 2002 - 04:34:14 PDT