Hacker attacking Aussie websites

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

Hacker attacking Aussie websites

A computer hacker using a Polish address is attacking and defacing the websites of major Australian businesses to highlight the country's lack of IT security.

In the past week, 47 Australian websites, including Sky Channel and a leading law firm, have been hacked into and defaced with messages criticising the state of website security in Australia.

The defaced websites are listed on the German public service website www.alldas.de which archives successful defacements.

The attacks began last week when the hacker, who goes by the name L4m4, defaced the website of Adelaide law firm Moloney and Partners and left the threat that unless businesses improved their security they would be next.

"Your IT guy who you have trusted for so many years has no idea when they told you that your web server is `safe as houses, mate'," the message said.

Since then another 46 sites have been defaced, including Sky Channel, legal firm Blake Dawson Waldron and allegedly Dymocks, according to the German website archiving the successful attacks.

Prior to the past week, less than 100 Australian websites had been defaced in two years.

Sky Channel internet site manager Alex Harradine said the defacement of their website, the first ever, was fixed in a matter of 10 minutes.

"They helped us out - it certainly shows if there are any holes," he said.

Mr Harradine said the hacker could have done some serious damage "but he's quite friendly. He even backed up some of our files".

Sky Channel's website page was replaced with "Owned by L4m4. Once again really bad Australian server security. Pick up your act or I will have your job."

Internet Industry Association chief executive Peter Coroneos told AAP the attacks illustrated that Australian security was not good.

Mr Coroneos said while the attacks appeared to be relatively harmless, it was possible hackers could go further into the system and steal data and even credit card details.

"Everyone recognises security is looming as an issue for the internet. It's something we've got to work hard to resolve," he said.

Mr Coroneos said the intention of the defacements, which were basically on-line graffiti, seemed to be to warn the sites of their weaknesses.

Carlton Duston, technical manager of Websecure Technologies, a Sydney-based Internet security company, said the level of security in Australia was not high.

He said although the defacements seemed innocuous, the problem was that the hacker could have done other things to the websites.

"The question then isn't the defacement, that's just a piece of graffiti on the wall ... the issue is if he got in what did he steal, where did he get to?" he said.

Mr Duston said businesses that had been hacked needed to audit their website and find how the hacker got in, work out the impact of the information which had been compromised, and rebuild their websites raising the level of security.

http://news.ninemsn.com.au/sci_tech/story_15437.asp

-- Martin Thompson (mthom1927@aol.com), July 09, 2001


Moderation questions? read the FAQ