Jo writes:
Someone broke into my site in the last hour. My web manager says he’s sure it was an XSS attack. (I think that stands for cross site script.)
I will keep you posted. I have tweeted – but am still concerned that we don’t have all the info just yet. I don’t want to set any conspiracies running, but it is a concern. Run those back ups!
… She adds later
I am certain now it was an attack.
My webmaster is even hopeful he may track the individual responsible.
We may lose some comments, but I gather everything else should be ok. Phew.
Jo
===================================
And it seems to have been restored. Fast work.
=====================================
UPDATE from Jo Nova’s webmaster:
“The attack was undertaken over a 9 hour period using proxy servers from around the world including universities, schools and broadband providers. Unfortunately, hackers believe themselves to be smarter than they are. In this instance they have used the web01.defence.gov.au web server as a proxy which is located at the Woomera Air Force Base. No doubt the Department of Defence will be interested in all the data collected by the jonannenova.com.au web server pertaining to its machines. Additional confirmation will be sought from private broadband suppliers who keep detailed logs of their web traffic.”
Discover more from Watts Up With That?
Subscribe to get the latest posts sent to your email.
Whatever you do don’t get the Norfolk Police to investigate.
To Gleick or not to Gleick.
Actually, she should invite the Norfolk Police to investigate – so they can see what an actual hack looks like.
I’ve got to hand it to the people who made the advertising widget. It showed “LifeLock” when I viewed this page. Good luck, Jo and go get ’em.
I backup to DVD and keep copies at separate physical locations. You never know when Norfolk’s finest may need to borrow your data.
Please, no conspirarcy theories again. The hacker/s are barely computer literate so, it wasn’t an organised attack. They took advantage of a plugin exploit discovered two months ago. I think there will be a better than average chance of catching the perprator/s, they seem to have used some honeypot proxy servers.
Peter Gleick is unreformed and unrepentant???
Wow tallbloke; that’s tough, man. Sorry to have to remember it happened to ya.
Waffle says: Please, no conspirarcy theories again. The hacker/s are barely computer literate
Enquiring minds would like to know – the evidence.
@ur momisugly Waffle.
Forgive my ignorance, but if I don’t ask, I won’t learn. What the heck is a “honeypot proxy server”?
Here’s Jo Nova’s articles prior to the hack:
Aug 2: David Evans in the Fairfax press: Climate change science is a load of hot air and warmists are wrong
Today in the Sydney Morning Herald and The Age, for the first time, David Evans has been published in the Op-Ed section. Something is going on in those newsrooms…? …
Aug 4: Major Australian dailies disappear the Muller “conversion” article: Opps. 404 error!
… The fact that all the news copies of the page went 404 for the network of Fairfax major dailies is just plain odd. It’s easy to imagine an accident taking down one copy, but not all the separate newspapers… The pages have not been restored, as we might expect, nor is there a “moved here” note. Who knows? …
Aug 5: Victory of the Denialists! says Robert Manne in The Monthly as his Gods of Science fail
“For reasonable citizens there ought to be no question easier to answer than whether or not human-caused global warming is real and is threatening the future of the Earth… Thousands of climate scientists in a variety of discrete disciplines have been exploring the issue for decades. They have reached a consensual conclusion whose existence is easily demonstrated.”
He’s right that the consensus is real (among government funded climate scientists). But that’s not evidence about the climate, it’s evidence about scientific processes, monopoly science, and university culture — not the climate… The single point that makes science different from a religion is that in science, opinions are always trumped by evidence. There are no high Priests. Manne thinks evidence means studies of the consensus — of how many scientists vote “Yes”. The entire philosophy of science is that evidence comes from things like thermometers, satellites and weather-balloons, not from internet surveys…
As always, with “intellectuals” when they analyze their failure, it’s impossible for them to have been defeated by better arguments and stronger evidence. Manne’s synopsis: “A Dark Victory: How vested interests defeated climate science”… even though evidence shows the vested interests are 3500 times larger on the believer side, and a $176 billion dollar market hangs for it’s very life on the truth (or not) of the great climate scare, Manne thinks he was beaten by big money…
As Jo Nova points out re Manne, it takes a second-rate mind to confuse real science with religious dogma. And it takes a mind that is unwilling to consider other points of view, to project its own tactics onto the other side (and get away with it for a while)… Manne did it re. funding as shown above, AFAIK all the evangelical warmists do it, so it is not at all unlikely that the hacker did it too… at a time when it seems as if the Oz media tables might be turning.
From Waffle on August 5, 2012 at 11:52 pm:
So who needs those? Jo Nova is a known insurrectionist against the Australian government who has advocated disobedience against the Carbon Tax, who also operates internationally. Thus cyber-attacks by the government against her site would not only be justified in the interest of National Security, but should be expected.
The snarky response would be that proves the government was involved.
In reality, this could be a good way to cover up what was really done. Make a big mess, the techs quickly clean up the big mess to get the site back up soon as possible, and who notices what logs were copied, or which pieces of site software have a few more lines of code added?
Just noted this on her “Site Hacked” article, in the “UPDATE from my webmaster” about the “hackers”:
The attack has been traced to an Australian military server? Since the military computers of the US and allies have virtually the tightest security on the planet due to ongoing continual cyber-attacks from inside China and elsewhere, does anyone honestly believe that “barely computer literate” hackers could subvert one for use in a “clumsy” internet attack?
With all the links Ms. Nova maintains to useful information on the great gaudy AGW fraud, I tend to cite her often (and emphatically) on visits to venues in which las warmistas proliferate, and doubtless she has earned much sputtering hatred thereby.
Ms. Nova might borrow her personal motto from Harry S Truman:
Latest from Jo Nova’s webmaster:
“The attack was undertaken over a 9 hour period using proxy servers from around the world including universities, schools and broadband providers. Unfortunately, hackers believe themselves to be smarter than they are. In this instance they have used the web01.defence.gov.au web server as a proxy which is located at the Woomera Air Force Base. No doubt the Department of Defence will be interested in all the data collected by the jonannenova.com.au web server pertaining to its machines. Additional confirmation will be sought from private broadband suppliers who keep detailed logs of their web traffic.”
Most website hacks, just like most burglaries, are purely opportunistic affairs.
UPDATE from Jo:
“The attack was undertaken over a 9 hour period using proxy servers from around the world including universities, schools and broadband providers. Unfortunately, hackers believe themselves to be smarter than they are. In this instance they have used the web01.defence.gov.au web server as a proxy which is located at the Woomera Air Force Base. No doubt the Department of Defence will be interested in all the data collected by the jonannenova.com.au web server pertaining to its machines. Additional confirmation will be sought from private broadband suppliers who keep detailed logs of their web traffic.”
Tallbloke: We all saw what you went through and we are more careful now about our personal computers and our back-ups. Your experience left its mark.
Before speculating on attackers or motives, I would point out that 99.99% of all cross site scripting attacks are to redirect users to rogue sites for revenue purposes.
Tallbloke,
What happened with you and the coppers? I assume you got all your kit back? I assume there were no charges? And no apologies, either?
I am not so sure she is going to find the culprit. She has been having a lot of problems of late. And is one of the most outspoken critics of the thing that cannot be mentioned down under.
@Ally E.
A honey pot server is one plugged into the internet backbone, just to study how it’s attacked by hackers. The term is derived from espionage and blackmailing a person of intelligence value by compromising them after a deliberately arranged sexual encounter, of either or both flavours.
Pointman
I and other commenters at Jo’s were loosing comments a couple days before this “Attack”
(I also just got a server down notice for WUWT a couple minutes ago)
Thanks, Pointman. We can also hope that the “military” computer was actually a honeypot which was set up so their boffins could study records of the traffic flowing through it.
Lucy, I am Jo’s webmaster. The reason I say no conspiracies(even though I love a good conspiracy) is that when we had the issues we had on the transfer of the website, the conspiracies got out of hand to the point where climate blog readers were contacting my network and data wharehousing guys throwing accusations at them. Those issues on the transfer were a result of me being too busy, and Jo not having the budget, to do a full risk analysis of transfer prior to moving. The result was something very out of the blue and very similar to the XSS attack Jo’s website just suffered. IE; loss of database.
The good news is that, we learned from that experience so, we were quite prepared for this attack. I will be making a few modifications to Jo’s codebase(not created by me) to further reduce downtime and the work involved to get back up the next time it happens(always inevitable).
The honeypot thing. I guesss I should explain. Honeypots are the basic weapon whereby (real) programmers anticipate and defeat attacks from hackers. The idea is to present a target for the attacker in which you can collect data. You know, the scientific method. From that data, you can either create algorithms to defeat the wider attack or create a log entry which can be used as evidence to prosecute the attacker. The open proxy server honey pot is often refered to as a proxypot. About a dozen web proxies were used in the attack of which about half I believe are proxypots. They are probably there for national intelligence, not criminal or civil matters. But hey, a tool is a tool and hackers will always prove the rule that they are too stupid to be programmers. 🙂
Honeypot wiki: http://en.wikipedia.org/wiki/Honeypot_%28computing%29