Tuesday, August 18, 2009

Australian Federal Police Take Down R00t-Y0u.org

Via smh.com.au -

An Australian Federal Police boast, on the ABC's Four Corners program, about officers breaking up an underground hacker forum, has backfired after hackers broke into a federal police computer system.

Security consultants say police appear to have been using the computer as a honeypot to collect information on members of the forum but the scheme came undone after the officers forgot to set a password.

Last Wednesday, federal police officers in co-operation with Victoria Police executed a search warrant on premises in Brighton, Melbourne, connected to the administrator of an underground hacking forum, r00t-y0u.org, which had about 5000 members.


After the raid, the federal police covertly assumed control of the forum and began using it to gather evidence about members.

"We can operate in a covert activity here fairly seamlessly with no harm to our members with continual and actual significant penetration," Neil Gaughan, national manager of the federal police's High Tech Crimes Operation, told Four Corners.

However, what the federal police did not know was that hackers had already cottoned on to their plan.

Police were monitoring the forum by logging into the account of the administrator they had raided, but this aroused suspicion among members who knew the raid had taken place.

A hacker broke into the federal police's computer system and, according to a source close to the investigation, accessed both police evidence and intelligence about federal police systems such as its IP addresses.

A spokeswoman for the federal police confirmed that the hacker broke into a computer system used in its investigation but denied that any evidence was compromised, saying the computer was not connected to other federal police systems.

"The AFP has identified a person whom [sic] has attempted to access the stand-alone computer system and we are currently working with our law enforcement partners regarding this matter," the spokeswoman said.

The hacker appears to have been provoked by a message published on the r00t-y0u.org site by the federal police, warning members they were under surveillance and that "all member IP addresses have been logged", with some arrests having already been made.

In two provocative messages published on anonymous document-sharing site pastebin.com, the hacker slammed the federal police for "making it sound like they can bust 'hackers', when all they have done is busted a COUPLE script kiddies". "Script kiddies" is hacker parlance for novice hackers.

The second of these messages contained several links to screenshots allegedly proving that the writer had access to the federal police's server.

These included shots of files containing fake IDs and stolen credit card numbers, as well as the federal police's server information.

The hacker then defaced the r00t-y0u.org website with the same message it had posted on the anonymous document-sharing site.

The federal police spokeswoman said: "The information posted on the http://pastebin.com website is information contained on a stand-alone [federal police] system designed specifically to be used in investigations such as this.

"The information consists of directory file names of previously compromised credentials. No information or files exist that have, or could have, been compromised."

No comments:

Post a Comment