Jo Nova’s site has been hacked

Jo writes:

Someone broke into my site in the last hour. My web manager says he’s sure it was an XSS attack. (I think that stands for cross site script.)

I will keep you posted.  I have tweeted – but am still concerned that we don’t have all the info just yet. I don’t want to set any conspiracies running, but it is a concern. Run those back ups!

… She adds later

I am certain now it was an attack.
My webmaster is even hopeful he may track the individual responsible.

We may lose some comments, but I gather everything else should be ok. Phew.

Jo

===================================

And it seems to have been restored. Fast work.

http://joannenova.com.au/

=====================================

UPDATE from Jo Nova’s webmaster:

“The attack was undertaken over a 9 hour period using proxy servers from around the world including universities, schools and broadband providers. Unfortunately, hackers believe themselves to be smarter than they are. In this instance they have used the web01.defence.gov.au web server as a proxy which is located at the Woomera Air Force Base. No doubt the Department of Defence will be interested in all the data collected by the jonannenova.com.au web server pertaining to its machines. Additional confirmation will be sought from private broadband suppliers who keep detailed logs of their web traffic.”

Advertisements

45 thoughts on “Jo Nova’s site has been hacked

  1. Actually, she should invite the Norfolk Police to investigate – so they can see what an actual hack looks like.

  2. Please, no conspirarcy theories again. The hacker/s are barely computer literate so, it wasn’t an organised attack. They took advantage of a plugin exploit discovered two months ago. I think there will be a better than average chance of catching the perprator/s, they seem to have used some honeypot proxy servers.

  3. @ Waffle.

    Forgive my ignorance, but if I don’t ask, I won’t learn. What the heck is a “honeypot proxy server”?

  4. Here’s Jo Nova’s articles prior to the hack:

    Aug 2: David Evans in the Fairfax press: Climate change science is a load of hot air and warmists are wrong
    Today in the Sydney Morning Herald and The Age, for the first time, David Evans has been published in the Op-Ed section. Something is going on in those newsrooms…? …

    Aug 4: Major Australian dailies disappear the Muller “conversion” article: Opps. 404 error!
    … The fact that all the news copies of the page went 404 for the network of Fairfax major dailies is just plain odd. It’s easy to imagine an accident taking down one copy, but not all the separate newspapers… The pages have not been restored, as we might expect, nor is there a “moved here” note. Who knows? …

    Aug 5: Victory of the Denialists! says Robert Manne in The Monthly as his Gods of Science fail

    “For reasonable citizens there ought to be no question easier to answer than whether or not human-caused global warming is real and is threatening the future of the Earth… Thousands of climate scientists in a variety of discrete disciplines have been exploring the issue for decades. They have reached a consensual conclusion whose existence is easily demonstrated.”

    He’s right that the consensus is real (among government funded climate scientists). But that’s not evidence about the climate, it’s evidence about scientific processes, monopoly science, and university culture — not the climate… The single point that makes science different from a religion is that in science, opinions are always trumped by evidence. There are no high Priests. Manne thinks evidence means studies of the consensus — of how many scientists vote “Yes”. The entire philosophy of science is that evidence comes from things like thermometers, satellites and weather-balloons, not from internet surveys…

    As always, with “intellectuals” when they analyze their failure, it’s impossible for them to have been defeated by better arguments and stronger evidence. Manne’s synopsis: “A Dark Victory: How vested interests defeated climate science”… even though evidence shows the vested interests are 3500 times larger on the believer side, and a $176 billion dollar market hangs for it’s very life on the truth (or not) of the great climate scare, Manne thinks he was beaten by big money…

  5. As Jo Nova points out re Manne, it takes a second-rate mind to confuse real science with religious dogma. And it takes a mind that is unwilling to consider other points of view, to project its own tactics onto the other side (and get away with it for a while)… Manne did it re. funding as shown above, AFAIK all the evangelical warmists do it, so it is not at all unlikely that the hacker did it too… at a time when it seems as if the Oz media tables might be turning.

  6. From Waffle on August 5, 2012 at 11:52 pm:

    Please, no conspirarcy theories again.

    So who needs those? Jo Nova is a known insurrectionist against the Australian government who has advocated disobedience against the Carbon Tax, who also operates internationally. Thus cyber-attacks by the government against her site would not only be justified in the interest of National Security, but should be expected.

    The hacker/s are barely computer literate so, it wasn’t an organised attack.

    The snarky response would be that proves the government was involved.

    In reality, this could be a good way to cover up what was really done. Make a big mess, the techs quickly clean up the big mess to get the site back up soon as possible, and who notices what logs were copied, or which pieces of site software have a few more lines of code added?

    Just noted this on her “Site Hacked” article, in the “UPDATE from my webmaster” about the “hackers”:

    In this instance they have used the web01.defence.gov.au web server as a proxy which is located at the Woomera Air Force Base. No doubt the Department of Defence will be interested in all the data collected by the jonannenova.com.au web server pertaining to its machines.

    The attack has been traced to an Australian military server? Since the military computers of the US and allies have virtually the tightest security on the planet due to ongoing continual cyber-attacks from inside China and elsewhere, does anyone honestly believe that “barely computer literate” hackers could subvert one for use in a “clumsy” internet attack?

  7. With all the links Ms. Nova maintains to useful information on the great gaudy AGW fraud, I tend to cite her often (and emphatically) on visits to venues in which las warmistas proliferate, and doubtless she has earned much sputtering hatred thereby.

    Ms. Nova might borrow her personal motto from Harry S Truman:

    “I never gave anybody hell. I just told the truth and they think it’s hell.”

  8. Latest from Jo Nova’s webmaster:

    “The attack was undertaken over a 9 hour period using proxy servers from around the world including universities, schools and broadband providers. Unfortunately, hackers believe themselves to be smarter than they are. In this instance they have used the web01.defence.gov.au web server as a proxy which is located at the Woomera Air Force Base. No doubt the Department of Defence will be interested in all the data collected by the jonannenova.com.au web server pertaining to its machines. Additional confirmation will be sought from private broadband suppliers who keep detailed logs of their web traffic.”

  9. UPDATE from Jo:
    “The attack was undertaken over a 9 hour period using proxy servers from around the world including universities, schools and broadband providers. Unfortunately, hackers believe themselves to be smarter than they are. In this instance they have used the web01.defence.gov.au web server as a proxy which is located at the Woomera Air Force Base. No doubt the Department of Defence will be interested in all the data collected by the jonannenova.com.au web server pertaining to its machines. Additional confirmation will be sought from private broadband suppliers who keep detailed logs of their web traffic.”

  10. Tallbloke: We all saw what you went through and we are more careful now about our personal computers and our back-ups. Your experience left its mark.

  11. Before speculating on attackers or motives, I would point out that 99.99% of all cross site scripting attacks are to redirect users to rogue sites for revenue purposes.

  12. I am not so sure she is going to find the culprit. She has been having a lot of problems of late. And is one of the most outspoken critics of the thing that cannot be mentioned down under.

  13. @Ally E.

    A honey pot server is one plugged into the internet backbone, just to study how it’s attacked by hackers. The term is derived from espionage and blackmailing a person of intelligence value by compromising them after a deliberately arranged sexual encounter, of either or both flavours.

    Pointman

  14. I and other commenters at Jo’s were loosing comments a couple days before this “Attack”

    (I also just got a server down notice for WUWT a couple minutes ago)

  15. Thanks, Pointman. We can also hope that the “military” computer was actually a honeypot which was set up so their boffins could study records of the traffic flowing through it.

  16. Lucy, I am Jo’s webmaster. The reason I say no conspiracies(even though I love a good conspiracy) is that when we had the issues we had on the transfer of the website, the conspiracies got out of hand to the point where climate blog readers were contacting my network and data wharehousing guys throwing accusations at them. Those issues on the transfer were a result of me being too busy, and Jo not having the budget, to do a full risk analysis of transfer prior to moving. The result was something very out of the blue and very similar to the XSS attack Jo’s website just suffered. IE; loss of database.

    The good news is that, we learned from that experience so, we were quite prepared for this attack. I will be making a few modifications to Jo’s codebase(not created by me) to further reduce downtime and the work involved to get back up the next time it happens(always inevitable).

    The honeypot thing. I guesss I should explain. Honeypots are the basic weapon whereby (real) programmers anticipate and defeat attacks from hackers. The idea is to present a target for the attacker in which you can collect data. You know, the scientific method. From that data, you can either create algorithms to defeat the wider attack or create a log entry which can be used as evidence to prosecute the attacker. The open proxy server honey pot is often refered to as a proxypot. About a dozen web proxies were used in the attack of which about half I believe are proxypots. They are probably there for national intelligence, not criminal or civil matters. But hey, a tool is a tool and hackers will always prove the rule that they are too stupid to be programmers. :)

    Honeypot wiki: http://en.wikipedia.org/wiki/Honeypot_%28computing%29

  17. The attack has been traced to an Australian military server? Since the military computers of the US and allies have virtually the tightest security on the planet due to ongoing continual cyber-attacks from inside China and elsewhere, does anyone honestly believe that “barely computer literate” hackers could subvert one for use in a “clumsy” internet attack?

    I don’t think you understand how proxys work. The user often doesn’t know or have control over which servers the proxy connections go through. Somebody else sets that up. The user doesn’t hack anything.

    I tend to think that this was a honeypot. The government set up this proxy network, specifically to catch crackers. It was set up deliberately to catch people trying to hide behind a proxy network.

  18. When you can’t win by argument of facts, what is left to do but try to disrupt information lines. Typical response of the political and idealistic motivated, when saving the world. GK

  19. “kadaka (KD Knoebel) says:
    August 6, 2012 at 2:09 am

    The attack has been traced to an Australian military server? Since the military computers of the US and allies have virtually the tightest security on the planet due to ongoing continual cyber-attacks from inside China and elsewhere, does anyone honestly believe that “barely computer literate” hackers could subvert one for use in a “clumsy” internet attack?”

    Why ever would you think such a thing?

    Government contracts go to the lowest qualified bid/bidder. Funny thing about bids, bids are tailored to meet the published (Federal register) contract requirements. If it ain’t stated it isn’t in the bid!

    Perhaps you remember this bit of news?

    When the contractors were originally questioned about the lack of encryption, they pointed out the requirements specified speed and ease of transmission, but not encryption. And that now they were given a contract to encrypt the video feed signal.

  20. Ally E. says: August 6, 2012 at 1:20 am @ Waffle. Forgive my ignorance, but if I don’t ask, I won’t learn. What the heck is a “honeypot proxy server”?
    Well a proxy server is a computer that is set up with programs that will accept commands from a user and perform them on the user’s behalf as if it was the user and then send the results to the user; the proxy server seldom logs what it does or for whom. Proxy servers provide a wall of anonymity for the users to hide behind, when the users are dissidents of a despot we don’t like this is good, when it’s organized internet criminals it’s bad, most are used by businesses and governments for pretty mundane reasons.
    Honeypots are computers set up to be false targets, or bait; like an internet version of a police sting operations. The honeypot meticulously records everything keeping of of the forensic evidence that the attackers had tried to avoid by using proxy servers. A honeypot may also be loaded with false documents. I honestly thought that Gleick’s forged Heartland document would prove to be an example of planted false documents, way to many “Warmist” keywords to be written by Heartland people for Heartland people

  21. The difference between warmists and skeptics, it seems, is that we skeptics WANT these guys to keep talking ( read; shooting themselves in the foot). On the other hand, they want to silence us at all cost. Curious.

  22. “Unfortunately, hackers believe themselves to be smarter than they are.”
    I am sure you meant, “Fortunately, hackers believe themselves to be smarter than they are.”

  23. kadaka (KD Knoebel) says:
    The attack has been traced to an Australian military server? Since the military computers of the US and allies have virtually the tightest security on the planet due to ongoing continual cyber-attacks from inside China and elsewhere, does anyone honestly believe that “barely computer literate” hackers could subvert one for use in a “clumsy” internet attack?

    Having been a computer operator in the USAF, yes, I do believe that. You’d be quite surprised at how insecure some of those computers might be. Especially ones that don’t deal with classified information. Unfortunately, bureaucracy plagues the military just as much as any other large organization.

  24. Ally E…. pointman is of course wrong in his knowledge of “honeypot” the idea of a honeypot comes from the time when the romans invaded the Mithraditc kingdom in Anatolia. As his army retreated they arranged for free gifts of honey jars to be placed in the path of the oncoming legions. They consumed these and found that after tripping, then bouts of diarrhea and sometimes death over the next three days this was not a good idea. Honey collected in Rhododendron forests is toxic. This is the origin of the term people with an actual knowledge of history used it later and applied it to espionage.
    So the term is used to mean a free gift in this case a apparently open server to entrap a potential hacker it can also be used to redirect traffic when you are under a sustained attack from outside.

  25. >>> But hey, a tool is a tool and hackers will always prove the rule that they are too stupid to be programmers. :)

    Amen.

  26. @ Pointman, Waffle, Paul Jackson and Kitler:

    Wow! Thank you for explaining “honey pot” so well. I had no idea! That is brilliant! :)

  27. joannenova says:
    August 6, 2012 at 4:15 am
    “… proxy servers from around the world including universities, schools and broadband providers.”

    This has all the markings of an attack through codeen/planetlab, a legitimate research project overseen by Princeton University (Hard to tell though, without knowing the IP #s), and a very stupid move by the hackers if this is indeed true. The Codeen network doesn’t intentionally set honeypots to trap hackers, It’s an ancillary result of their research since they archive all of their server logs and in the past have cooperated with law enforcement when something like this happens.

  28. anyone who seriously thinks the military computers are foolproof needs to read The Cuckoo’s Egg. This guy broke into most of the military computers using the three default unix logins and passwords. Root user etc… He accidentally locked himself out of one and the system admin reset it for him.

  29. In response to an upstream comment, guv’mnt contracts go to buddies who may or may not be the low hanging fruit. On paper and to look good, they may be the lowest bidder, but in applying the plan, there are always “overages”. As for guv’mnt security, it is as tight as they want it to be and as loose as they want it to be. That being the case, there are always exceptions to these rules. Loose lips. Traiterous profiteers. And of course stupid croonies being promoted past their IQ.

  30. Waffle says:
    August 6, 2012 at 6:53 am

    Lucy, I am Jo’s webmaster.

    contacting my network and data wharehousing guys

    I think you’re an imposter. A real webmaster would know there’s no such word as “whare”, much less “wharehousing”.
    A warehouse is a building (device) storing wares (goods or data). Duh-dumb!

Comments are closed.