[LINK] ACT Chief Minister targeted by hackers

Howard Lowndes lannet at lannet.com.au
Tue Nov 1 17:31:15 EST 2005 

The only conspiracy is in his hosting service:

$ whois 210.11.144.74
[Querying whois.apnic.net]
[whois.apnic.net]
% [whois.apnic.net node-2]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

[...]
inetnum:      210.11.144.0 - 210.11.147.255
netname:      BYTECARD-CC-AU
descr:        Bytecard Pty Ltd
descr:        Northbourne Avenue
descr:        Dickson, ACT 2606
country:      AU
admin-c:      BM4-CC-AU
tech-c:       BM4-CC-AU
status:       ASSIGNED PA
remarks:      This information has been partially mirrored by APNIC from
remarks:      Connect.Com.Au. To obtain more specific information, please
remarks:      use the CCAIR whois server at whois.conne ct.com.au.
notify:       dbmon at connect.com.au
mnt-by:       CONNECT-AU
changed:      sarahk at connect.com.au 20030516
source:       CCAIR


Why are they still running M$ IIS/5.0:

# telnet www.chiefminister.act.gov.au 80
Trying 210.11.144.74...
Connected to www.chiefminister.act.gov.au (210.11.144.74).
Escape character is '^]'.
HEAD / HTTP/1.1
host:www.chiefminister.act.gov.au

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Tue, 01 Nov 2005 06:26:21 GMT
X-Powered-By: ASP.NET
Content-Length: 5680
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSSQRTQDB=KKGIEFGCKBEOJGGDEAGKDCAB; path=/
Cache-control: private


Roger Clarke wrote:
> 
>> ACT Chief Minister targeted by hackers
>> http://www.computerworld.com.au/index.php?id=1349625640&eid=-6787
>>
>> Hackers have targeted the web site of the ACT Chief Minister Jon 
>> Stanhope.
>>
>> Constituents going to the www.chiefminister.act.gov.au are redirected to
>> hacking archive site Zone-H.org.
>>
>> The message on the Chief Minister's site says: "Fatal Error was here 
>> ohh yeahh
>> let's go! irc.gigachat.net #Ferror".
> 
> ...
> 
> <conspiracy-theory>
> 
> If I was a law enforcement person wanting to give Stanhope what-for, but 
> also wanting to make it look like a black-hat hacker's work, I'd co-opt 
> technique and text used by a black-hat hacker.
> 
> So it might be worth a search around to see if that string's been used 
> before.
> 
> And, if so, see if you can get the access-logs, to see who's been 
> visiting recently.
> 
> Well, the Internet forensic specialists do tell us that 'you're not 
> really anonymous on the Internet'.
> 
> </conspiracy-theory>
> 

-- 
Howard.
LANNet Computing Associates - Your Linux people <http://lannet.com.au>
-- 
When you just want a system that works, you choose Linux;
When you want a system that works, just, you choose Microsoft.
-- 
Flatter government, not fatter government;
Get rid of the Australian states.

More information about the Link mailing list