|
Hacker strikes again
31/10/2002 12:47 - (SA)
Cape Town - A hacker (code name: r00t3rs) who is targeting South African websites, successfully attacked five more websites on Tuesday.
"We have traced one attack back to a computer in France and another to a network in Brazil," says Reinhardt Buys of Buys Attorneys Inc.
"There is still a strong possibility that the hacker is a South African, but that cannot be confirmed due to the fact that machines internationally are being used as bounces to hide the origin of the attacks. We received some anonymous calls that claimed they where or knew the hacker. More than one caller identified a person in Stilbaai."
During the recent attacks the hacker even left an e-mail address on the defaced site: r00t3rs@kernel.net. But attempts to contact the hacker have been unsuccessful.
With the assistance of an information security company, 4D Digital Security and 're-born' hackers, some of the attacks where traced to computers or networks in foreign countries.
"The machine is actually a French machine, not American as was initially thought. It is a NetCache device, and resides at 38 Quai du Point du Jour, 92659, Boulogne-Billancourt, France. It is owned by French Telecoms operator 9TELECOM or 9TEL," says Justin Stanford of 4D Digital Security.
"The device is a web proxy-caching system, designed to speed up web browsing. It has no access restrictions, meaning that anyone can make web-requests through the cache system. This means that the hacker has been able to make his attack by going via the publicly accessible NetCache system, thus obscuring his identity and making it appear as though the attack originated from the French machine", says Stanford.
Stanford has attempted to contact the French administrators of the machine, to see if they can check through their NetCache logs and try to identify the original IP source of the request.
"If they can uncover this we may well have the guy in the bag already, but generally one will find that it's not that simple. There is a strong likelihood that he will be hiding behind yet another IP address, and the chase will continue."
"Our message to the online community is that they do not have to tolerate hacking - it is illegal in South Africa and with the necessary legal and technical expertise, such offenders can be brought to justice," Buys says.
Anyone with more information can contact him at (021) 461- 7387.
The five hacked sites are:
10/29/2002: http://www.kolpingsa.co.za/index.html
10/29/2002: http://www.signalhill.co.za/index.html
10/29/2002: http://www.tickey.co.za/index.html
10/29/2002: http://www.wertech.co.za/index.html
10/29/2002: http://www.vhf.co.za/index.html
|
