[defaced-commentary] Anti-US hackers deface Australian govt site

[InfoSec News <isn () c4i org>]

---------- Forwarded message ----------
Date: Wed, 13 Aug 2003 12:43:46 -0400 (EDT)
From: security curmudgeon <jericho () attrition org>
To: defaced-commentary () attrition org
Subject: [defaced-commentary] Anti-US hackers deface Australian govt site


http://www.computerweekly.com/articles/article.asp?liArticleID=124105&liArticleTypeID=1&liCategoryID=6&liChannelID=22&liFlavourID=1&sSearch=&nPage=1

Tuesday 12 August 2003

Anti-US hackers deface Australian govt site

An Australian government website has been revealed as another victim of
Sunday night's web defacement spree by hacker group The Ghost Boys, which
was hijacked to show anti-US messages.

The site, administered by the Department of Communications, Information
Technology and the Arts (DCITA), was modified to read "DEFACED BY The
Ghost Boys UssA sux! Boycott its products! NATO sux! greetz to DkD(||
admin: security is futile and you will be owned!."

Under normal circumstances, the Culture and Recreation website acts as a
portal linking information and services for a range of arts and cultural
organizations and boasts search facilities for more than 2,500 Australian
sites.

Canberran ISP WebOne hosts the victim site, and is investigating how it
came to be hijacked. A government spokesman confirmed the attack took
place, but refused to speculate further.

The reference, "greetz to DkD(||" on the defacement is a clear reference
to a recently arrested French based pro-Palestinian hacker. French wire
service AFP reported that a 17-year-old French teenager (who cannot
legally be named) using the handle "DkD" was arrested at his parents' home
in Paris on 23 June after a French police website was defaced.

The AFP report also quoted a French police chief as saying that "technical
investigations and confessions from the young man have established that
around 2000 websites were attacked; around 20 in France, between 20 and 30
in Britain, and the rest in Australia and the US, including the US Navy
site."

The report also said that the teenager was released from custody because
hacking "didn't have major consequences"; however, the young miscreant is
banned from connecting to the internet.

What appears to be DkD(||'s website is still running and contains links to
a variety of pro-Palestinian organisations claimed to be sponsors, not
least Fateh, Hamas and the Al Aqsa Martyr's Brigade - although one link to
jihadonline.org appears to have been usurped by pro-US hackers and now
diverts to a pro-US site.

Other material posted by DkD(|| said that while his attacks are
politically motivated, he is against terrorism and intends his attacks to
maximise attention to the Palestinian cause with the minimum of damage.

Unconfirmed reports suggest DkD(|| was apprehended by French authorities
following complaints from the US Department of Justice. What links between
DkD(|| and The Ghost Boys exist, other than a shared political view,
remain unclear but both are understood to be under the spotlight of US and
Australian authorities.

Other recent Ghost Boys victims in Australia include LG, D-Link, and the
Greater Murray Area Health Service, while defacement attacks by DkD(|| in
Australia appear to have centred on smaller Western Australian government
and community organisation sites.

Both groups appear to favour using a widely documented flaw in Windows
Server 2000, although what method they used this time is still being
assessed.

Julian Bajkowski writes for Computerworld Today



-
The information and commentary is Copyright 2003, by the individual author.
Permission is granted to quote, reprint or redistribute provided the text is not
altered, and the author and attrition.org is credited. The opinions expressed
in this mail are not necessarily the opinion of all Attrition staff members.

Commentary Archive: http://www.attrition.org/security/commentary/
The Attrition Mirror: http://www.attrition.org/mirror/attrition/
Country/TLD Statistics: http://www.attrition.org/mirror/attrition/country.html
Attrition Defacement Statistics: http://www.attrition.org/mirror/attrition/stats.html
Operating System Graphs: http://www.attrition.org/mirror/attrition/os-graphs.html

Other Web Defacement Mailing Lists: http://www.attrition.org/security/lists.html
Contacting Attrition Staff: staff () attrition org

To subscribe to Defaced Commentary, send mail to majordomo () attrition org
with "subscribe defaced-commentary" in the BODY of the mail (without
quotes). To unsubscribe, include "unsubscribe defaced-commentary" in
the BODY of the mail.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.