---------- Forwarded message ---------- Date: Wed, 13 Aug 2003 12:43:46 -0400 (EDT) From: security curmudgeon <jerichoat_private> To: defaced-commentaryat_private Subject: [defaced-commentary] Anti-US hackers deface Australian govt site http://www.computerweekly.com/articles/article.asp?liArticleID=124105&liArticleTypeID=1&liCategoryID=6&liChannelID=22&liFlavourID=1&sSearch=&nPage=1 Tuesday 12 August 2003 Anti-US hackers deface Australian govt site An Australian government website has been revealed as another victim of Sunday night's web defacement spree by hacker group The Ghost Boys, which was hijacked to show anti-US messages. The site, administered by the Department of Communications, Information Technology and the Arts (DCITA), was modified to read "DEFACED BY The Ghost Boys UssA sux! Boycott its products! NATO sux! greetz to DkD(|| admin: security is futile and you will be owned!." Under normal circumstances, the Culture and Recreation website acts as a portal linking information and services for a range of arts and cultural organizations and boasts search facilities for more than 2,500 Australian sites. Canberran ISP WebOne hosts the victim site, and is investigating how it came to be hijacked. A government spokesman confirmed the attack took place, but refused to speculate further. The reference, "greetz to DkD(||" on the defacement is a clear reference to a recently arrested French based pro-Palestinian hacker. French wire service AFP reported that a 17-year-old French teenager (who cannot legally be named) using the handle "DkD" was arrested at his parents' home in Paris on 23 June after a French police website was defaced. The AFP report also quoted a French police chief as saying that "technical investigations and confessions from the young man have established that around 2000 websites were attacked; around 20 in France, between 20 and 30 in Britain, and the rest in Australia and the US, including the US Navy site." The report also said that the teenager was released from custody because hacking "didn't have major consequences"; however, the young miscreant is banned from connecting to the internet. What appears to be DkD(||'s website is still running and contains links to a variety of pro-Palestinian organisations claimed to be sponsors, not least Fateh, Hamas and the Al Aqsa Martyr's Brigade - although one link to jihadonline.org appears to have been usurped by pro-US hackers and now diverts to a pro-US site. Other material posted by DkD(|| said that while his attacks are politically motivated, he is against terrorism and intends his attacks to maximise attention to the Palestinian cause with the minimum of damage. Unconfirmed reports suggest DkD(|| was apprehended by French authorities following complaints from the US Department of Justice. What links between DkD(|| and The Ghost Boys exist, other than a shared political view, remain unclear but both are understood to be under the spotlight of US and Australian authorities. Other recent Ghost Boys victims in Australia include LG, D-Link, and the Greater Murray Area Health Service, while defacement attacks by DkD(|| in Australia appear to have centred on smaller Western Australian government and community organisation sites. Both groups appear to favour using a widely documented flaw in Windows Server 2000, although what method they used this time is still being assessed. Julian Bajkowski writes for Computerworld Today - The information and commentary is Copyright 2003, by the individual author. Permission is granted to quote, reprint or redistribute provided the text is not altered, and the author and attrition.org is credited. The opinions expressed in this mail are not necessarily the opinion of all Attrition staff members. Commentary Archive: http://www.attrition.org/security/commentary/ The Attrition Mirror: http://www.attrition.org/mirror/attrition/ Country/TLD Statistics: http://www.attrition.org/mirror/attrition/country.html Attrition Defacement Statistics: http://www.attrition.org/mirror/attrition/stats.html Operating System Graphs: http://www.attrition.org/mirror/attrition/os-graphs.html Other Web Defacement Mailing Lists: http://www.attrition.org/security/lists.html Contacting Attrition Staff: staffat_private To subscribe to Defaced Commentary, send mail to majordomoat_private with "subscribe defaced-commentary" in the BODY of the mail (without quotes). To unsubscribe, include "unsubscribe defaced-commentary" in the BODY of the mail. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Aug 14 2003 - 06:09:08 PDT