You can't hack da police

Marshy · 18-Aug-09, 12:59pm

http://www.theage.com.au/technology/...0818-eohc.html

Quote:

Exclusive: An Australian Federal Police boast, on the ABC's Four Corners program last night, about officers breaking up an underground hacker forum, has backfired after hackers broke into a federal police computer system.
Security consultants say police appear to have been using the computer as a honeypot to collect information on members of the forum but the scheme came undone after the officers forgot to set a password.
Last Wednesday, federal police officers in co-operation with Victoria Police executed a search warrant on premises in Brighton, Melbourne, connected to the administrator of an underground hacking forum, r00t-y0u.org, which had about 5000 members.
Many details of the investigation were revealed for the first time on Four Corners last night.
After the raid, the federal police covertly assumed control of the forum and began using it to gather evidence about members.
"We can operate in a covert activity here fairly seamlessly with no harm to our members with continual and actual significant penetration," Neil Gaughan, national manager of the federal police's High Tech Crimes Operation, told Four Corners.
However, what the federal police did not know was that hackers had already cottoned on to their plan.
Police were monitoring the forum by logging into the account of the administrator they had raided, but this aroused suspicion among members who knew the raid had taken place.
A hacker broke into the federal police's computer system and, according to a source close to the investigation, accessed both police evidence and intelligence about federal police systems such as its IP addresses.
A spokeswoman for the federal police confirmed that the hacker broke into a computer system used in its investigation but denied that any evidence was compromised, saying the computer was not connected to other federal police systems.
"The AFP has identified a person whom [sic] has attempted to access the stand-alone computer system and we are currently working with our law enforcement partners regarding this matter," the spokeswoman said.
The hacker appears to have been provoked by a message published on the r00t-y0u.org site by the federal police, warning members they were under surveillance and that "all member IP addresses have been logged", with some arrests having already been made.
In two provocative messages published on anonymous document-sharing site pastebin.com, the hacker slammed the federal police for "making it sound like they can bust 'hackers', when all they have done is busted a COUPLE script kiddies". "Script kiddies" is hacker parlance for novice hackers.
The second of these messages contained several links to screenshots allegedly proving that the writer had access to the federal police's server.
These included shots of files containing fake IDs and stolen credit card numbers, as well as the federal police's server information.
The hacker then defaced the r00t-y0u.org website with the same message it had posted on the anonymous document-sharing site.
The federal police spokeswoman said: "The information posted on the http://pastebin.com website is information contained on a stand-alone [federal police] system designed specifically to be used in investigations such as this.
"The information consists of directory file names of previously compromised credentials. No information or files exist that have, or could have, been compromised."
The hacker wrote "I couldn't stop laughing" on seeing that the federal police's server was running Windows, which is known among hacker communities for being insecure. Police had also "left the MYSQL password blank".
"These dipshits are using an automatic digital forensics and incident response tool," the hacker wrote.
"All of this [hacking] had been done within 30-40 minutes. Could of been faster if I didn't stop to laugh so much."
Shaon Diwakar, a security consultant at Hack Labs in Sydney, explained how the hack occurred.
"The attacker has discovered that the server didn't have a password for its database application and he has logged on ... and, using a technique called SQL injection, he created a PHP file on the disk and browsed through that PHP file to get complete control of that particular server," he said.
Diwakar said the hacker would have had access to anything that was stored on the computer.
"When they took this action they should have known that they would have been a big target, so they should have taken more precautions," he said.
The federal police said it had yet to charge anyone over the r00t-y0u.org forum bust, but "numerous items" were seized and the investigation was ongoing.
It declined to comment further on the case.

Is RWS a member of r00t-y0u? Is he a script kiddie?

trAse · 18-Aug-09, 01:00pm

The term is 'skid'.

sHaRp-b0y · 01:50pm

Haha this was the most awkward thing on television last night.

The shot of 5 feds standing around a computer to make a warning post on a forum didn't really instill much confidence in our law enforcement agencies.

Edit:

Quote:

Originally Posted by Four Corners

(Excerpt of footage of Australian Federal Police)

NEIL GAUGHAN: G'day gents how we going?

AFP OFFICER: Morning Sir, how you going

NEIL GAUGHAN: Good thanks

AFP OFFICER: What we're gonna do is we're just gonna make a telephone call and we're going to post a message on this forum just letting these people now who are partaking that law enforcement has been watching them and that action will be taken.

NEIL GAUGHAN: Excellent, great let's go.

TIM DAVIS, FEDERAL AGENT: Mate are you right to post that message on the forum.

MAN (on phone): Yep.

TIM DAVIS, FEDERAL AGENT: Well if you can do that now that'd be great.

(End of Excerpt)

NismoR31 · 18-Aug-09, 01:05pm

they should've used a gibson.

luvpig · 18-Aug-09, 01:29pm

what's with sql injects lately. It's 2009 FFS.

RunningWithScissors · 18-Aug-09, 02:13pm

haha wtf why didn't anyone tell me this was on last night

RunningWithScissors · 18-Aug-09, 02:25pm

mxmai · 18-Aug-09, 02:38pm

Quote:

Originally Posted by luvpig

what's with sql injects lately. It's 2009 FFS.

BigGroovyFcuker · 18-Aug-09, 02:40pm

saw this too, actually the only story of four corners i caught last nite..

i loved it when after the raid, they had one officer questioning the suspect who appeared to be the admin of root-you, and he was struggling to even come up with the correct wording of questions about his criminal activities. "have you ever err.. paid for the provision of umm.. stolen credit card details, ebay accounts, paypal accounts...."

perp: "no comment"

hack the police!

Gruso · 18-Aug-09, 02:52pm

I love this story.

silverspoon · 18-Aug-09, 03:07pm

Quote:

Originally Posted by BigGroovyFcuker

i loved it when after the raid, they had one officer questioning the suspect who appeared to be the admin of root-you, and he was struggling to even come up with the correct wording of questions about his criminal activities. "have you ever err.. paid for the provision of umm.. stolen credit card details, ebay accounts, paypal accounts...."

perp: "no comment"

was just waiting for the cop to throw in a "you know".

Mickstah · 18-Aug-09, 03:47pm

Sounds like I missed some great television.

Dr Bones · 18-Aug-09, 03:48pm

hack teh planet.

JohnDenver · 18-Aug-09, 04:28pm

Quote:

Originally Posted by Mickstah

Sounds like I missed some great television.

abc iview, available around the world mick

Mickstah · 18-Aug-09, 04:32pm

Oh shit - didn't think of that!

Fuck I love ABC!

RunningWithScissors · 18-Aug-09, 05:02pm

does anyone else see Marshy post "You can't hack da police" and get a village people song in their head

Mickstah · 18-Aug-09, 05:25pm

♪ You can't stop the music! ♫

Villephant · 20-Aug-09, 07:39pm

Quote:

Originally Posted by mxmai

fkin lol

Morphee · 20-Aug-09, 07:56pm

Quote:

Originally Posted by RunningWithScissors

does anyone else see Marshy post "You can't hack da police" and get a village people song in their head

I got a KRS-One song in my head actaully.

whoooop whoooop thts the sound of da police!

RunningWithScissors · 24-Aug-09, 01:00am

pointless bump

Quote:

Originally Posted by JohnDenver

abc iview, available around the world mick

iview is only available from australian connections, sorry

downloaded the FLV file (using utilities I got from secret underground hacker site whirlpool because I'm a dumb skiddie

) but yeah, like that Canadian doco they showed a few nights later, there wasn't really anything I didn't already know

still entertaining though, and it was worth it to hear the 4 Corners dude say "in cyber-jargon, dimitri was about to be powned" whereas the Canadian one only said owned not pwned

Hooch1981 · 24-Aug-09, 07:32am

I heard that, technically, 'pwned' is still pronounced 'owned'.

18-Aug-09, 12:59pm	#1
Marshy kiss to build a dream on Member Since: Mar 2005 MemberID: 59109 Location: Kirby of the Undead Posts: 14,365	You can't hack da police http://www.theage.com.au/technology/...0818-eohc.html Quote: Exclusive: An Australian Federal Police boast, on the ABC's Four Corners program last night, about officers breaking up an underground hacker forum, has backfired after hackers broke into a federal police computer system. Security consultants say police appear to have been using the computer as a honeypot to collect information on members of the forum but the scheme came undone after the officers forgot to set a password. Last Wednesday, federal police officers in co-operation with Victoria Police executed a search warrant on premises in Brighton, Melbourne, connected to the administrator of an underground hacking forum, r00t-y0u.org, which had about 5000 members. Many details of the investigation were revealed for the first time on Four Corners last night. After the raid, the federal police covertly assumed control of the forum and began using it to gather evidence about members. "We can operate in a covert activity here fairly seamlessly with no harm to our members with continual and actual significant penetration," Neil Gaughan, national manager of the federal police's High Tech Crimes Operation, told Four Corners. However, what the federal police did not know was that hackers had already cottoned on to their plan. Police were monitoring the forum by logging into the account of the administrator they had raided, but this aroused suspicion among members who knew the raid had taken place. A hacker broke into the federal police's computer system and, according to a source close to the investigation, accessed both police evidence and intelligence about federal police systems such as its IP addresses. A spokeswoman for the federal police confirmed that the hacker broke into a computer system used in its investigation but denied that any evidence was compromised, saying the computer was not connected to other federal police systems. "The AFP has identified a person whom [sic] has attempted to access the stand-alone computer system and we are currently working with our law enforcement partners regarding this matter," the spokeswoman said. The hacker appears to have been provoked by a message published on the r00t-y0u.org site by the federal police, warning members they were under surveillance and that "all member IP addresses have been logged", with some arrests having already been made. In two provocative messages published on anonymous document-sharing site pastebin.com, the hacker slammed the federal police for "making it sound like they can bust 'hackers', when all they have done is busted a COUPLE script kiddies". "Script kiddies" is hacker parlance for novice hackers. The second of these messages contained several links to screenshots allegedly proving that the writer had access to the federal police's server. These included shots of files containing fake IDs and stolen credit card numbers, as well as the federal police's server information. The hacker then defaced the r00t-y0u.org website with the same message it had posted on the anonymous document-sharing site. The federal police spokeswoman said: "The information posted on the http://pastebin.com website is information contained on a stand-alone [federal police] system designed specifically to be used in investigations such as this. "The information consists of directory file names of previously compromised credentials. No information or files exist that have, or could have, been compromised." The hacker wrote "I couldn't stop laughing" on seeing that the federal police's server was running Windows, which is known among hacker communities for being insecure. Police had also "left the MYSQL password blank". "These dipshits are using an automatic digital forensics and incident response tool," the hacker wrote. "All of this [hacking] had been done within 30-40 minutes. Could of been faster if I didn't stop to laugh so much." Shaon Diwakar, a security consultant at Hack Labs in Sydney, explained how the hack occurred. "The attacker has discovered that the server didn't have a password for its database application and he has logged on ... and, using a technique called SQL injection, he created a PHP file on the disk and browsed through that PHP file to get complete control of that particular server," he said. Diwakar said the hacker would have had access to anything that was stored on the computer. "When they took this action they should have known that they would have been a big target, so they should have taken more precautions," he said. The federal police said it had yet to charge anyone over the r00t-y0u.org forum bust, but "numerous items" were seized and the investigation was ongoing. It declined to comment further on the case. Is RWS a member of r00t-y0u? Is he a script kiddie? __________________ Quote: Originally Posted by Bizzy Marshy isn't a prick! He would probabaly cook for them and get them into gardening!

18-Aug-09, 01:05pm	#3
sHaRp-b0y Registered User Member Since: Jun 2002 MemberID: 10364 Location: Melbourne Posts: 3,808	Haha this was the most awkward thing on television last night. The shot of 5 feds standing around a computer to make a warning post on a forum didn't really instill much confidence in our law enforcement agencies. Edit: Quote: Originally Posted by Four Corners (Excerpt of footage of Australian Federal Police) NEIL GAUGHAN: G'day gents how we going? AFP OFFICER: Morning Sir, how you going NEIL GAUGHAN: Good thanks AFP OFFICER: What we're gonna do is we're just gonna make a telephone call and we're going to post a message on this forum just letting these people now who are partaking that law enforcement has been watching them and that action will be taken. NEIL GAUGHAN: Excellent, great let's go. TIM DAVIS, FEDERAL AGENT: Mate are you right to post that message on the forum. MAN (on phone): Yep. TIM DAVIS, FEDERAL AGENT: Well if you can do that now that'd be great. (End of Excerpt) Last edited by sHaRp-b0y : 18-Aug-09 at 01:50pm.

18-Aug-09, 02:13pm	#6
RunningWithScissors DOPPELGÄNGER WEEK Member Since: Apr 2007 MemberID: 123392 Location: Brisbane Posts: 11,175	haha wtf why didn't anyone tell me this was on last night __________________ <bede> RWS if mum isnt home tomorrow do you wanna come over
	Visit RunningWithScissors's website

18-Aug-09, 02:25pm	#7
RunningWithScissors DOPPELGÄNGER WEEK Member Since: Apr 2007 MemberID: 123392 Location: Brisbane Posts: 11,175	__________________ <bede> RWS if mum isnt home tomorrow do you wanna come over
	Visit RunningWithScissors's website

18-Aug-09, 02:40pm	#9
BigGroovyFcuker Gurnstroker Member Since: Feb 2006 MemberID: 84554 Location: GOTM Hall of Fame Posts: 5,329	saw this too, actually the only story of four corners i caught last nite.. i loved it when after the raid, they had one officer questioning the suspect who appeared to be the admin of root-you, and he was struggling to even come up with the correct wording of questions about his criminal activities. "have you ever err.. paid for the provision of umm.. stolen credit card details, ebay accounts, paypal accounts...." perp: "no comment" hack the police! __________________ Quote: Originally Posted by jarrardscott i used to rack my ritalin pills for lols. Infringing on copyrights since 1999

18-Aug-09, 01:00pm	#2
trAse FULL OF LOVE 4 U!!! <3 <3 Member Since: Oct 2002 MemberID: 14276 Location: City of Love. PENIS. Posts: 16,940	The term is 'skid'.

18-Aug-09, 01:05pm	#4
NismoR31 Member Since: Feb 2002 MemberID: 6620 Location: 床 Posts: 14,327	they should've used a gibson.

18-Aug-09, 01:29pm	#5
luvpig Registered User Member Since: Jul 2006 MemberID: 94366 Posts: 2,304	what's with sql injects lately. It's 2009 FFS.

18-Aug-09, 02:38pm	#8
mxmai locust abortion Member Since: Feb 2003 MemberID: 19059 Location: ... Posts: 8,134	Quote: Originally Posted by luvpig what's with sql injects lately. It's 2009 FFS.

18-Aug-09, 02:52pm	#10
Gruso Member Since: Aug 2004 MemberID: 44988 Posts: 23,012	I love this story. __________________ . Tick a box: ..[] I enjoy making my own choices..[] I'd rather some conservative prick made them for me Believe it or not, the actual Government is asking for your input on R18+. More in this thread. You don't have to be a gamer, you just have to hate censorship.

18-Aug-09, 03:07pm	#11
silverspoon purple duck cutie mouth Member Since: Feb 2003 MemberID: 19209 Location: da ghetto Posts: 2,930	Quote: Originally Posted by BigGroovyFcuker i loved it when after the raid, they had one officer questioning the suspect who appeared to be the admin of root-you, and he was struggling to even come up with the correct wording of questions about his criminal activities. "have you ever err.. paid for the provision of umm.. stolen credit card details, ebay accounts, paypal accounts...." perp: "no comment" was just waiting for the cop to throw in a "you know". __________________ marine look thank you for unnteres please chack out the new products yes mey wpooriled of the price and the cyte this's wond of 2008 spring fashoon neen wo wggtat you new style of women's tathon

18-Aug-09, 03:47pm	#12
Mickstah #wanker_club Member Since: Jun 2002 MemberID: 10327 Location: ZIG Posts: 19,384	Sounds like I missed some great television. __________________ ಥ_ಥ - - - - - - - - - - - -ಠ_ಠ "She was like a candle in the wind... unreliable." Dean Learner Trase Love: O Mick you are so cool More cooler than a dolphin Let's hug me

18-Aug-09, 03:48pm	#13
Dr Bones officially reinstated Member Since: Sep 2008 MemberID: 174223 Location: thru ya city Posts: 5,369	hack teh planet. __________________ Quote: Originally Posted by Bism All the hip hop and weed in the world can't hide the fact that his heart pumps Saffa blood.

18-Aug-09, 04:28pm	#14
JohnDenver Registered User Member Since: Aug 2008 MemberID: 174000 Location: ooo0oo0oo0oo0oo0ooo Posts: 281	Quote: Originally Posted by Mickstah Sounds like I missed some great television. abc iview, available around the world mick __________________ I'm rocky mountain high.

18-Aug-09, 04:32pm	#15
Mickstah #wanker_club Member Since: Jun 2002 MemberID: 10327 Location: ZIG Posts: 19,384	Oh shit - didn't think of that! Fuck I love ABC! __________________ ಥ_ಥ - - - - - - - - - - - -ಠ_ಠ "She was like a candle in the wind... unreliable." Dean Learner Trase Love: O Mick you are so cool More cooler than a dolphin Let's hug me

20-Aug-09, 07:39pm	#18
Villephant can't dance Member Since: Sep 2003 MemberID: 27644 Posts: 5,529	Quote: Originally Posted by mxmai fkin lol __________________ Not fit for human consumption Latest Mix: !CAUTION! DRY CEMENT

18-Aug-09, 05:02pm	#16
RunningWithScissors DOPPELGÄNGER WEEK Member Since: Apr 2007 MemberID: 123392 Location: Brisbane Posts: 11,175	does anyone else see Marshy post "You can't hack da police" and get a village people song in their head __________________ <bede> RWS if mum isnt home tomorrow do you wanna come over
	Visit RunningWithScissors's website

18-Aug-09, 05:25pm	#17
Mickstah #wanker_club Member Since: Jun 2002 MemberID: 10327 Location: ZIG Posts: 19,384	♪ You can't stop the music! ♫ __________________ ಥ_ಥ - - - - - - - - - - - -ಠ_ಠ "She was like a candle in the wind... unreliable." Dean Learner Trase Love: O Mick you are so cool More cooler than a dolphin Let's hug me

20-Aug-09, 07:56pm	#19
Morphee Member Since: Feb 2003 MemberID: 19525 Location: ZAG Posts: 9,998	Quote: Originally Posted by RunningWithScissors does anyone else see Marshy post "You can't hack da police" and get a village people song in their head I got a KRS-One song in my head actaully. whoooop whoooop thts the sound of da police! __________________ Alternatively, if you and your crew all reach the club wearing rockports and burberry caps, the DJ will probably play some hilarously-titled wobble tune for you, and rewind it five times.
	Visit Morphee's website

24-Aug-09, 01:00am	#20
RunningWithScissors DOPPELGÄNGER WEEK Member Since: Apr 2007 MemberID: 123392 Location: Brisbane Posts: 11,175	pointless bump Quote: Originally Posted by JohnDenver abc iview, available around the world mick iview is only available from australian connections, sorry downloaded the FLV file (using utilities I got from secret underground hacker site whirlpool because I'm a dumb skiddie ) but yeah, like that Canadian doco they showed a few nights later, there wasn't really anything I didn't already know still entertaining though, and it was worth it to hear the 4 Corners dude say "in cyber-jargon, dimitri was about to be powned" whereas the Canadian one only said owned not pwned __________________ <bede> RWS if mum isnt home tomorrow do you wanna come over
	Visit RunningWithScissors's website

24-Aug-09, 07:32am	#21
Hooch1981 AKA Afroleft Member Since: Aug 2009 MemberID: 202803 Location: VIC, AU Posts: 641	I heard that, technically, 'pwned' is still pronounced 'owned'.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search