Here’s a fun story. Police in Australia thought they were being mighty clever when they took over an “underground hacking forum.” (The forum is r00t-y0u.org, though it seems to be down right now.) One of the hackers on the forum then retaliated by breaking into police computers using a simple SQL injection. Security fail.
The police computer that the hacker broke into was supposed to be a honeypot, something put there so police could “trick” the hackers into exposing themselves. Unfortunately for the police, the PC ran Windows, and the hacker was able to rock a SQL injection. The police “left the MYSQL password blank.” Smart.
Of course, the police say that no “real” data was compromised in the hack.
The lesson is, of course, not to mess with script kiddies and their message boards. Or, maybe, to at least set a password every once in a while.
hahah!
total hacker fail on the police! err.. wait, that was part of the honeypot; the blank password..
yea.. thats it.. :P
Well at least those poor cops did realize how their system vulnerable. Did the SQL injection easily on the cop computer system, LOL!!
You would think if they are going to mess with hackers they would be sure to hire some better help. Lesson #1 don’t mess with people who could can and will mess up your day.
I don’t get it, if the system the hacker broke into was just a honeypot anyway how exactly did the hacker win and the police fail?
what are you a cop? or just plain stupid….
Exactly. I can’t see how it was “unfortunate” for the cops that their honeypot was running windows. (How did the windows part matter again?)
I suppose these here leet kids think it wasn’t a honeypot? Even if that is so, 1) props to cops for not using microsoft SQL on their windows system (that screams honeypot to me, or at least someone who knows enough to set the password) and 2) grats on “rockin a SQL injection” on a mysql install with no password, I guess…
It was the attack, eh. If you are a cop, please don’t post any stupid thing, okay.
If not, get lost.
How about you post in English?
The problem was the Australian Federal Police didn’t learn any lesson on this attack. Yes, it was a honeypot, but think about “using Window OS”, “left password blank” and “lying the truth”, that makes lot of senses eh.
After breaking in what did the hackers actually do to the Police? It said nothing sensitive was compromised, so who really did the pwning here? Sounds like the cops still have the upper hand in this round.
Never joke with hackers, even script kiddies. Just do the KISS style! :) hahaha
The cops should hire the whitehats or greyhats that have lots more experience than them. What a silly.
the hacker who took access of the federal pc was named killawh0 a close friend of as was h1t3m the admin of r00t y0u who the cops busted n “took over” RY, anyway the only reason the cops knew how wh0 gained access was cos he posted it on the front page after the hack, screenshots of banking logins and credit cards on the federal server were posted on pastebin, search for killawh0 or wh0 alsp check out the FTP report #1 n #2
As part of our a new Australian Federal Police security push, we’ve left our police blank. This is done to effectively lull the hackers into a false sense of security, we’ll reinstall our police when we need them.
Australian Federal Police need to upgrade their security. The attack was just simple, SQL injection. Even it’s the honeypot, did you guys learn any new thing heh? I’m not standing on any side.
lol r00t-y0u.org wans not some l33t board am surprised that cops even care about them
and yeah one more thing
i dont understgand why police are chasing hackers there are lot of cyber criminals and instead of them they are chasing hackers lol
if they werent for hackers they wouldnt even know what security means
its just a chain owners make something –>hackers find a hole in it–>and than owners are trying to secure
so it goes in cycle
we are actualy helping them