Thursday 20 August 2009

A case of the biter bit, but few are chortling over AFP intelligence fiasco


I was watching ABC Four Corners last Monday when this little comment came up:
"ANDREW FOWLER: The site was called root-you.org, and for the last two weeks the Australian Federal Police in cooperation with the South Australian Police have run the perfect sting.
TIM DAVIS, FEDERAL AGENT, HIGH TECH CRIME OPS. AFP: We've infiltrated that site and so now we've got control as well.
NEIL GAUGHAN: What we've done with that particular network is we've captured all the identities of all the people that've been using that network. We can operate in a covert activity here fairly seamlessly with no harm to our members with continual and actual significant penetration.....
ANDREW FOWLER: In the case of root-you.org, the Federal Police decided the best result was to effectively blow up the site by posting a notice that it was under law enforcement control.
TIM DAVIS, FEDERAL AGENT: Mate are you right to post that message on the forum.
MAN (on phone): Yep.
TIM DAVIS, FEDERAL AGENT: Well if you can do that now that'd be great."

I did idly wonder if there would be a cyber response and thought - "Naw, won't happen".

Then it well and truly did and F-Secure has links to this not so funny episode of counter-hacking, which was the almost inevitable result of all that televised bragging by the boys in blue (this also saw police computer files of actual bank, building society and corporate credit card details exposed to the view of at least one other hacker).

Some of the hacker chatter {A little **** covers words which offend those bluidy filters}:
"After the authorities FINALLY posted their little "ohhh, we have been monitoring this website", we finally said "Enough is enough, we are sick of these f**ks acting like they are hackers, lets see what they really know".
So After writing another FTP report yesterday.. I decided I would move on to getting control of r00t-y0u.org. See what the authorities know about server maintenance.. and how secure they can make stuff.
Lo and behold, their server was windows! I couldn't stop laughing at the sight of this, but I soon moved on. After visiting a 404 page, I instantly noticed that they were using Xampp. Those lazy f***s
can not even just install apache, and php themselves. So instead, they download some application to do it all for them.
Figures.
Now, of course.. they were just SO F***KING SMART, that they left the MYSQL password BLANK! After screwing around with their database, I dumped a vulnerable query into a php file, thus giving me full access to their servers.
After taking a look at the r00t-y0u database, lookie what we find.
User: "h1t3m" (Administrator)
Email: macrobber@gmail.com
These dipsh*ts are using an automatic digital forensics and incident response tool.
They can't do sh*t all themselves, because like I have said before, they have no skill. Anyways, after looking on their win32 machine for a while, I noticed some really awkward stuff. They have credit cards, and bank accounts all on a seperate drive (G:\)."

Four Corners transcript

Pic from Google Images

No comments: