All the latest UK technology news, reviews and analysis
|
|
|
20 Aug 2009
An attempted major cyber crime bust appears to have backfired on Australian police.
Security experts have levelled sharp criticism at the authorities over the mishandling of the bust and subsequent failed efforts to secure the target site.
Authorities in the country had infiltrated the r00t-y0u forum, a popular message board for hackers dealing in stolen credit card data. Australian authorities had tracked down and arrested the administrator of the site, gaining access to the forum controls.
US law enforcement used a similar tactic to shut down the Dark Market forum, gaining administrator clearance to the site then shutting the forum down after those connected to the criminal activity were apprehended.
However, it appears that the bust of r00t-y0u did not go nearly as well. Rather than silently operating and collecting further data, authorities posted a message to the front page of the board warning that all activity had been logged and was now in the hands of authorities.
The move all but ended the chances of further arrests and drew criticism from security experts. Christopher Boyd, director of malware research at FaceTime, said in a blog post that the decision was "so utterly stupid it defies description".
Boyd suggested that, in posting the message, authorities had allowed many of the criminals ample time to destroy evidence, and that the only individuals deterred from committing further activity would be a few novice hackers or 'script kiddies' that had stumbled onto the site.
"Take a forum down, sure, but don't tell the world you just did it without covering your tracks and don't assume they don't have a ring of fallback forums to go to while the main site is down," wrote Boyd.
"Doing something like this means other researchers and law enforcement don't catch their targets at points B, C and D because they already know they're being watched and have wiped all the evidence."
Boyd is not alone in his criticism of the bust. Shortly after the police message was posted, a hacker using the alias KillaWho reportedly gained access to the now police-controlled r00t-y0u site and posted a message taunting authorities.
"Everybody knows not to 'engage' in criminal activity, but we still do it, don't we?" the hacker wrote. "Your little post isn't going to stop anybody from doing anything."
Following the second defacement, the site was taken down. It is not believed that any other police systems were compromised in the attack.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Sneak peek at the forthcoming glass-based machine
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Software Developer / Web Developer (C# ASP.Net) – Leeds...
Required for my Market Leading Client. The position requires...
PHP Web Developer - Nottingham - £20K My client is...
IT Trainer / E-Learning Designer - London - This leading...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Lets get a few facts right
As the producer of the ABC's 4 Corners program that aired footage of the Australian Federal Police (AFP) posting the warning on Root-You.Org I'd like to point out a few things. (1) The AFP had been running the site for a number of weeks after the arrest of the site's admistrator. The AFP had in fact obtained considerable material, however it was decided to post the notice on the site as a public announcement of the Adminstrator's arrest had been made some minutes earlier. Given the Admistrator's arrest had been made public it was obvious the site would be of no further use as 'hackers' cyber crims and would-be cyber crims would immediately be aware that the site was compromised. (2) One particular article running in the Australian press intimates that AFP servors were compromised, it is simply not true, the computer used to monitor the Root-You.Org was a stand alone computer. The hacker who accessed this computer gained nothing but what was already on the Root-You.Org site.
Posted by: Wayne Harley 20 Aug 2009