RAAF website defaced

Atul Dwivedi, an Indian hacker paid a visit to the Royal Australian Air Force (RAAF) last Monday by defacing their website.

This accident comes amid a raise in violence targeted towards Indian native in Australia and apparently Dwivedi protested this situation by leaving a message on the website:

“This site has been hacked by Atul Dwivedi. This is a warning message to the Australian government. Immediately take all measures to stop racist attacks against Indian students in Australia or else I will pawn all your cyber properties like this one.”

Racist incident in Australia against Indian students has increased in the last months
Racist incident in Australia against Indian students has increased in the last months

This site is now up and running as per normal. Of course the webserver wasn’t connected to any internal network and didn’t contain any classified information according to a spokewoman:

“No sensitive information was compromised as the air force internet website is hosted on an external server and, as such, does not hold any sensitive information,1

Microsoft products are used in pretty much every Western armed forces. So it’s save to assume the webserver used by the RAAF is probably running IIS. Of course, IIS implies as Windows machine and a Windows Server machine means that everything is almost certainly all Microsoft based. Of course we can now verify those claims and according to David M Williams from ITWire2 the website is hosted through Net Logistics, an Australian hosting company. The aforementioned article tries to explain the hack with the use of exploits. Which might have been the way Dwivedi did it, but the analysis is quite simple and lacks depth. The site still has an excellent link to a blog detailing the WebDAV exploit, see below for the link.

It’s not impossible to think that Dwivedi might have tricked someone into giving out too much information also. Social engineering can do lots and is usually easier than technical exploits. The Art of Deception by Kevin Mitnick should convince most people of that. Someone could look up on Facebook or another social networking site for some people in the RAAF and then try to pose as them and pose as them.

Then also, why not look for the FTP server? And God knows what else the server is running; maybe a SMTP server also (and probably it does). Now I wouldn’t suggest doing this, but running a port scan would probably reveal a lot of information. Moreover, using web vulnerability tools like Nikto could help find misconfigured settings in ASP or forgotten test/setup pages/files. Up to there, only two things are important: information gathering and imagination.

See also:

Hacker breaks into RAAF website”, AAP, Brisbane Times, July 16, 2009, http://news.brisbanetimes.com.au/breaking-news-national/hacker-breaks-into-raaf-website-20090716-dmrn.html accessed on 2009-07-17

WebDAV Detection, Vulnerability Checking and Exploitation”, Andrew, SkullSecurity, May 20, 2009, http://www.skullsecurity.org/blog/?p=285 accessed on 2009-07-17

1Indian hacks RAAF website over student attacks”, Asher Moses, The Sydney Morning Herald, July 16, 2009, http://www.smh.com.au/technology/security/indian-hacks-raaf-website-over-student-attacks-20090716-dmgo.html accessed on 2009-07-16

2 “How did Atul Dwivedi hack the RAAF web site this week?”, David M Williams, ITWire, July 17, 2009, http://www.itwire.com/content/view/26344/53/ accessed on 2009-07-16

Technology in the Mumbai Attacks – A Quick Overview

Details are now starting to emerge from the deadly attacks by terrorists on the city of Mumbai, formerly known as Bombay. News outlets are starting to report technologies used by the attackers to communicate and coordinate their attacks that killed an estimated 172 people from various nations[1]

Among all the commercial technologies used by the terrorists are GPS and satellite phones. The attackers, apparently trained in marine assault[2], entered the city by the MV Kuber[3], a hijacked fishing boat used as mother ship, and navigated by an experienced sailor using GPS maps[4]: “A trained sailor, [Abu] Ismail used the GPS to reach Mumbai coast on November 26.[5]” According to the Times of India, the GPS contained an escape route once the operation would be deemed completed[6].

Among the other objects found in the boat a satellite phone, a Thuraya model[7], was discovered which could be the key to find more information about the terrorists.

Satellite phone used by the terrorists

Satellite phone used by the terrorists[8]

The satellite phone could be used to track conversations between the individuals before their landing on the city. According to an article published by ABC News, Indian Intelligence also intercepted a satellite phone call:

“Nov. 18, Indian intelligence also intercepted a satellite phone call to a number in Pakistan known to be used by a leader of the terror group, Lashkar e Taiba, believed responsible for the weekend attack, Indian intelligence officials say.[9]

Officials from the RAW, the Indian Intelligence agency, said that they got hold of SIM cards found with the satellite phone, possibly bought in the U.S. Those are providing leads to Lashkar e Taiba, a Kashmir separatist group, according to the same ABC article.

Also, many of the articles reports that BlackBerries phones were used by the attackers to communicate between each other and to attest the medias’ reports about the attacks. Damien McElory from The Telegraph claims that the terrorists used them to monitor the situation using British medias[10].

Finally, it appears the terrorists proclaimed their identity by sending various forged emails to news outlets by using a remailer[11].

More to come as the investigation continues, now that the siege has ended…

Add to FacebookAdd to NewsvineAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to Ma.gnoliaAdd to TechnoratiAdd to Furl

[1] “India clears last Mumbai siege site”, Ravi Nessman, Associated Press, December 1, 2008, http://www.google.com/hostednews/ap/article/ALeqM5hz0C0SXcxgP0NxzlqGA_EI57FBkQD94PMPC00 (accessed on December 1, 2008)

[2] “‘No regrets’: Captured terrorist’s account of Mumbai massacre reveals plan was to kill 5,000”, Daily Mail, December 1, 2008, http://www.dailymail.co.uk/news/article-1090546/No-regrets-Captured-terrorists-account-Mumbai-massacre-reveals-plan-kill-5-000.html (accessed on December 1, 2008)

[3] “MV Kuber opens can of worms”,  Ninad Siddhaye, DNA, December 1, 2008,  http://www.dnaindia.com/report.asp?newsid=1210640 (accessed on December 1, 2008)

[4] “Is technology a toy in the hands of terrorists?”, CyberNews Media, November 28, 2008, http://www.ciol.com/News/News-Reports/Is-technology-a-toy-in-the-hands-of-terrorists/281108113190/0/ (accessed on December 1, 2008)

[5] “Arrested terrorist says gang hoped to get away”, Times of India, November 29, 2008, http://timesofindia.indiatimes.com/India/Arrested_terrorist_says_gang_hoped_to_get_away/rssarticleshow/3771598.cms (accessed on December 1, 2008)

[6] Ibid.

[7] “U.S. Warned India in October of Potential Terror Attack”, Richard Esposito, Brian Ross, Pierre Thomas, ABC News, December 1, 2008,  http://www.abcnews.go.com/Blotter/story?id=6368013&page=1 (accessed on December 1, 2008)

[8] “Mumbai attack: Satellite phone vital clue to solve mystery”, Yogesh Naik, The Times of India, November 28, 2008,  http://timesofindia.indiatimes.com/Mumbai_attack_Satellite_phone_vital_clue_to_solve_mystery/rssarticleshow/3770611.cms (accessed on December 1, 2008)

[9] “U.S. Warned India in October of Potential Terror Attack”, Richard Esposito, Brian Ross, Pierre Thomas, ABC News, December 1, 2008,  http://www.abcnews.go.com/Blotter/story?id=6368013&page=1 (accessed on December 1, 2008)

[10] “Mumbai attacks: Terrorists monitored British websites using BlackBerry phones”, Damien McElroy, The Telegraph, December 1, 2008, http://www.telegraph.co.uk/news/worldnews/asia/india/3534599/Mumbai-attacks-Terrorists-monitored-coverage-on-UK-websites-using-BlackBerry-phones-bombay-india.html?mobile=basic (accessed on December 1, 2008)

[11] “How Gadgets Helped Mumbai Attackers”, Noah Shachtman, Danger Room – Wired, December 1, 2008, http://blog.wired.com/defense/2008/12/the-gagdets-of.html (accessed on December 1, 2008)