Jo writes:
Someone broke into my site in the last hour. My web manager says he’s sure it was an XSS attack. (I think that stands for cross site script.)
I will keep you posted. I have tweeted – but am still concerned that we don’t have all the info just yet. I don’t want to set any conspiracies running, but it is a concern. Run those back ups!
… She adds later
I am certain now it was an attack.
My webmaster is even hopeful he may track the individual responsible.
We may lose some comments, but I gather everything else should be ok. Phew.
Jo
===================================
And it seems to have been restored. Fast work.
=====================================
UPDATE from Jo Nova’s webmaster:
“The attack was undertaken over a 9 hour period using proxy servers from around the world including universities, schools and broadband providers. Unfortunately, hackers believe themselves to be smarter than they are. In this instance they have used the web01.defence.gov.au web server as a proxy which is located at the Woomera Air Force Base. No doubt the Department of Defence will be interested in all the data collected by the jonannenova.com.au web server pertaining to its machines. Additional confirmation will be sought from private broadband suppliers who keep detailed logs of their web traffic.”
It’s always the same with those people- silence any dissent.
I don’t think you understand how proxys work. The user often doesn’t know or have control over which servers the proxy connections go through. Somebody else sets that up. The user doesn’t hack anything.
I tend to think that this was a honeypot. The government set up this proxy network, specifically to catch crackers. It was set up deliberately to catch people trying to hide behind a proxy network.
When you can’t win by argument of facts, what is left to do but try to disrupt information lines. Typical response of the political and idealistic motivated, when saving the world. GK
Why ever would you think such a thing?
Government contracts go to the lowest qualified bid/bidder. Funny thing about bids, bids are tailored to meet the published (Federal register) contract requirements. If it ain’t stated it isn’t in the bid!
Perhaps you remember this bit of news?
When the contractors were originally questioned about the lack of encryption, they pointed out the requirements specified speed and ease of transmission, but not encryption. And that now they were given a contract to encrypt the video feed signal.
Ally E. says: August 6, 2012 at 1:20 am @ur momisugly Waffle. Forgive my ignorance, but if I don’t ask, I won’t learn. What the heck is a “honeypot proxy server”?
Well a proxy server is a computer that is set up with programs that will accept commands from a user and perform them on the user’s behalf as if it was the user and then send the results to the user; the proxy server seldom logs what it does or for whom. Proxy servers provide a wall of anonymity for the users to hide behind, when the users are dissidents of a despot we don’t like this is good, when it’s organized internet criminals it’s bad, most are used by businesses and governments for pretty mundane reasons.
Honeypots are computers set up to be false targets, or bait; like an internet version of a police sting operations. The honeypot meticulously records everything keeping of of the forensic evidence that the attackers had tried to avoid by using proxy servers. A honeypot may also be loaded with false documents. I honestly thought that Gleick’s forged Heartland document would prove to be an example of planted false documents, way to many “Warmist” keywords to be written by Heartland people for Heartland people
This could be something caused by global warming that has stopped.
The difference between warmists and skeptics, it seems, is that we skeptics WANT these guys to keep talking ( read; shooting themselves in the foot). On the other hand, they want to silence us at all cost. Curious.
“Unfortunately, hackers believe themselves to be smarter than they are.”
I am sure you meant, “Fortunately, hackers believe themselves to be smarter than they are.”
Waffle, sincere thanks.
kadaka (KD Knoebel) says:
The attack has been traced to an Australian military server? Since the military computers of the US and allies have virtually the tightest security on the planet due to ongoing continual cyber-attacks from inside China and elsewhere, does anyone honestly believe that “barely computer literate” hackers could subvert one for use in a “clumsy” internet attack?
Having been a computer operator in the USAF, yes, I do believe that. You’d be quite surprised at how insecure some of those computers might be. Especially ones that don’t deal with classified information. Unfortunately, bureaucracy plagues the military just as much as any other large organization.
Gee, wouldn’t they get all the info they wanted by simply visiting Jo’s site?
Ally E…. pointman is of course wrong in his knowledge of “honeypot” the idea of a honeypot comes from the time when the romans invaded the Mithraditc kingdom in Anatolia. As his army retreated they arranged for free gifts of honey jars to be placed in the path of the oncoming legions. They consumed these and found that after tripping, then bouts of diarrhea and sometimes death over the next three days this was not a good idea. Honey collected in Rhododendron forests is toxic. This is the origin of the term people with an actual knowledge of history used it later and applied it to espionage.
So the term is used to mean a free gift in this case a apparently open server to entrap a potential hacker it can also be used to redirect traffic when you are under a sustained attack from outside.
>>> But hey, a tool is a tool and hackers will always prove the rule that they are too stupid to be programmers. 🙂
Amen.
@ur momisugly Pointman, Waffle, Paul Jackson and Kitler:
Wow! Thank you for explaining “honey pot” so well. I had no idea! That is brilliant! 🙂
joannenova says:
August 6, 2012 at 4:15 am
“… proxy servers from around the world including universities, schools and broadband providers.”
This has all the markings of an attack through codeen/planetlab, a legitimate research project overseen by Princeton University (Hard to tell though, without knowing the IP #s), and a very stupid move by the hackers if this is indeed true. The Codeen network doesn’t intentionally set honeypots to trap hackers, It’s an ancillary result of their research since they archive all of their server logs and in the past have cooperated with law enforcement when something like this happens.
anyone who seriously thinks the military computers are foolproof needs to read The Cuckoo’s Egg. This guy broke into most of the military computers using the three default unix logins and passwords. Root user etc… He accidentally locked himself out of one and the system admin reset it for him.
….. LOL. They could have just read the comments, they didna haff ta steal ’em. 😉
In response to an upstream comment, guv’mnt contracts go to buddies who may or may not be the low hanging fruit. On paper and to look good, they may be the lowest bidder, but in applying the plan, there are always “overages”. As for guv’mnt security, it is as tight as they want it to be and as loose as they want it to be. That being the case, there are always exceptions to these rules. Loose lips. Traiterous profiteers. And of course stupid croonies being promoted past their IQ.
The electronic version of an ad hominem argument?
I think you’re an imposter. A real webmaster would know there’s no such word as “whare”, much less “wharehousing”.
A warehouse is a building (device) storing wares (goods or data). Duh-dumb!