Defacement spree hits government sites

The IT security of Australian Web-hosting providers has come under serious question, with more than 30 state and local government Web sites defaced in the last six months – including the homepages of two locally hosted foreign diplomatic missions and the highly sensitive NSW Casino Control Board.

Information Computerworld obtained shows the Web site for the South African High Commission ( was defaced on January 20 2004, with the Solomon Islands High Commission ( defaced on May 9 2004.

Both Web sites are hosted from ISPs in the ACT, the names of which are withheld for legal reasons. The service providers either did not respond to Computerworld's enquiries or were unable to be contacted.

Spokesman for the Solomon Islands High Commission in Australia, James Aika, confirmed the defacement, saying the attack had effectively closed the entire Web site with "swearing all over it".

Aika said the attack had "caused offence to some people" and the matter had been reported to the Australian High Tech Crime Centre, which is currently investigating the matter.

The response at the South African High Commission was muted surprise, with the mission's information officer saying that questions would not be answered over the phone, needed to be in writing and contain details and background. No response had been received at the time of going to press.

Servers for both diplomatic sites appear to be running Linux.

The defacements also raised security eyebrows in sections of the Australian government because it is unusual for foreign governments to use Australian government domains as part of their URL.

The foreign diplomatic sites attacked do not conform to the Australian federal government's ACSI 33 Information Technology Security Manual, developed by the Defence Signal's Directorate (DSD); some ACSI 33 policies are classified for national security reasons. A spokesman for the Australian Government Information Management Office (AGIMO) said the domain was now firmly shut to foreign entities, with the defaced sites a legacy of a "an old policy prior to National Office for the Information Economy and the AGIMO control".

Horror show hits some local councils

By far the greatest number of defacements occurred on state and local government Web sites, with all states except the ACT and Northern Territory suffering at the hands of miscreants.

Victoria came off particularly badly with 14 local councils plastered with diabolic imagery and political slogans over 24 hours on May 30 and 31, courtesy of a group (or individual) calling itself Scriptx and claiming to be from Morocco.

Preying on Windows 2000 machines running IIS, the group attacked councils from East Gippsland, Baw Baw, Mildura, Corangamite and Nilumbuk and replaced idyllic rural scenery with pictures of a horned humanoid monster and the words "Free Irak And Free Palestine....Greatz: Alls Hackers Moslems".

Several council IT managers have confirmed the attacks, and mirrors of the defacements have been archived by

At least some of devilish deeds are understood to have been executed using a flaw in software supplied by specialist local government Web software vendor AusSoft, which frankly admitted there had been a problem.

However, AusSoft's software writer, Debbie Eary said she considered the attacks annoying rather than cyber-terrorism per se. "They are all database-driven attacks and in effect the problem was fixed within half a day, but it was more of a nuisance and an embarrassment if the public saw it – it was a horrible picture – the sort of things horror movies are made of," Eary said.

"We suspect [the attackers] may have gotten access to a secure area through a default password and username and [we] have since told our clients to delete a default user setting, but that may not be the cause of the problem.

"A councillor reported the problem to the local police and on that day we were notified by officers of the Hight Tech Crime Centre that they were gathering evidence to be forwarded on to the Federal Police," Eary said.

AusCert director Graeme Ingram said the defacement attacks, while illegal and distressing, contained some solace for victims in that they were at least visible – unlike more insidious means of attack which left far fewer traces. Ingram encouraged victims to report such crimes to the Australian High Tech Crime Centre.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?