The IT security of Australian Web-hosting providers has come under serious question, with more than 30 state and local government Web sites defaced in the last six months – including the homepages of two locally hosted foreign diplomatic missions and the highly sensitive NSW Casino Control Board.
Information Computerworld obtained shows the Web site for the South African High Commission (www.rsa.emb.gov.au) was defaced on January 20 2004, with the Solomon Islands High Commission (www.solomon.emb.gov.au) defaced on May 9 2004.
Both Web sites are hosted from ISPs in the ACT, the names of which are withheld for legal reasons. The service providers either did not respond to Computerworld's enquiries or were unable to be contacted.
Spokesman for the Solomon Islands High Commission in Australia, James Aika, confirmed the defacement, saying the attack had effectively closed the entire Web site with "swearing all over it".
Aika said the attack had "caused offence to some people" and the matter had been reported to the Australian High Tech Crime Centre, which is currently investigating the matter.
The response at the South African High Commission was muted surprise, with the mission's information officer saying that questions would not be answered over the phone, needed to be in writing and contain details and background. No response had been received at the time of going to press.
Servers for both diplomatic sites appear to be running Linux.
The defacements also raised security eyebrows in sections of the Australian government because it is unusual for foreign governments to use Australian government domains as part of their URL.
The foreign diplomatic sites attacked do not conform to the Australian federal government's ACSI 33 Information Technology Security Manual, developed by the Defence Signal's Directorate (DSD); some ACSI 33 policies are classified for national security reasons. A spokesman for the Australian Government Information Management Office (AGIMO) said the .gov.au domain was now firmly shut to foreign entities, with the defaced sites a legacy of a "an old policy prior to National Office for the Information Economy and the AGIMO control".
Horror show hits some local councils
By far the greatest number of defacements occurred on state and local government Web sites, with all states except the ACT and Northern Territory suffering at the hands of miscreants.
Victoria came off particularly badly with 14 local councils plastered with diabolic imagery and political slogans over 24 hours on May 30 and 31, courtesy of a group (or individual) calling itself Scriptx and claiming to be from Morocco.
Preying on Windows 2000 machines running IIS, the group attacked councils from East Gippsland, Baw Baw, Mildura, Corangamite and Nilumbuk and replaced idyllic rural scenery with pictures of a horned humanoid monster and the words "Free Irak And Free Palestine....Greatz: Alls Hackers Moslems".
Several council IT managers have confirmed the attacks, and mirrors of the defacements have been archived by www.zone-h.org.
At least some of devilish deeds are understood to have been executed using a flaw in software supplied by specialist local government Web software vendor AusSoft, which frankly admitted there had been a problem.
However, AusSoft's software writer, Debbie Eary said she considered the attacks annoying rather than cyber-terrorism per se. "They are all database-driven attacks and in effect the problem was fixed within half a day, but it was more of a nuisance and an embarrassment if the public saw it – it was a horrible picture – the sort of things horror movies are made of," Eary said.
"We suspect [the attackers] may have gotten access to a secure area through a default password and username and [we] have since told our clients to delete a default user setting, but that may not be the cause of the problem.
"A councillor reported the problem to the local police and on that day we were notified by officers of the Hight Tech Crime Centre that they were gathering evidence to be forwarded on to the Federal Police," Eary said.
AusCert director Graeme Ingram said the defacement attacks, while illegal and distressing, contained some solace for victims in that they were at least visible – unlike more insidious means of attack which left far fewer traces. Ingram encouraged victims to report such crimes to the Australian High Tech Crime Centre.