An Australian government Web site has been revealed as another victim of Sunday night's Web defacement spree by hacker group The Ghost Boys, with the URLs acn.gov.au and cultureandrecreation.gov.au hijacked to show anti-US messages.
The site, administered by Senator Richard Alston's Department of Communications, Information Technology and the Arts (DCITA), was modified to read "DEFACED BY The Ghost Boys UssA sux!Boycott its products! NATO sux! greetz to DkD[|| admin: security is futile and you will be owned!".
Under normal circumstances, the Culture and Recreation Web site acts as a portal linking information and services for a range of arts and cultural organisations and boasts search facilities for more than 2500 Australian sites.
Canberran ISP WebOne hosts the victim site, and is investigating how it came to be hijacked. A spokesman for Communications Minister Senator Alston has confirmed the attack took place, but refused to speculate further.
"There was a momentary diversion to another site around 9am and it's being looked into. The department is awaiting a report and we can't comment any further until we know exactly what has happened," Alston's spokesman told Computerworld.
The reference, "greetz to DkD[||" on the defacement is a clear reference to a recently arrested French based pro-Palestinian hacktivist. French wire service AFP reports that a 17-year-old French teenager (who cannot legally be named) using the handle "DkD" was arrested in the western Paris home of his parents on June 23 - after a French Police Web site was defaced.
The AFP report also quotes a French police chief as saying that "technical investigations and confessions from the young man have established that around 2000 Web sites were attacked; around 20 in France, between 20 and 30 in Britain, and the rest in Australia and the US, including the US Navy site".
The report also quotes a French police chief as saying the teenager was released from custody because hacking "didn't have major consequences"; however, the young miscreant is banned from connecting to the Web.
What appears to be DkD[||'s Web site is still up and running and contains links to a variety of pro-Palestinian organisations claimed to be sponsors, not least Fateh, Hamas and the Al AQSA Matyr's Brigade - although one link to jihadonline.org appears to have been usurped by pro-US hackers and now diverts to a pro-US site.
Other material posted by DkD[|| says that while his attacks are politically motivated, he is against terrorism and intends his attacks to maximise attention to the Palestinian cause with a minimum of damage. Unconfirmed reports suggest that DkD[|| was apprehended by French authorities following complaints from the US Department of Justice. What links between DkD[|| and The Ghost Boys exist other than a shared political view, remain unclear but both are understood to be under the spotlight of US and Australian authorities.
Other recent Ghost Boys victims in Australia include LG, D-Link, and the Greater Murray Area Health Service, while defacement attacks by DkD[|| in Australia appear to have centred on smaller Western Australian government and community organisation sites.
Both groups appear to favour using a widely documented flaw in Windows Server 2000, although what method they used this time is still being assessed.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.