<<<
Tuesday, August 18, 2009
>>>
 
Case r00t-y0u.org Posted by Mikko @ 13:36 GMT

Five days ago, an anonymous comment was left in the comments section of our blog:

www.r00t-y0u.org a carder/hacker forum says its been taken over by feds. bet there's alot of scared script kiddies out there

Intrigued by the comment, I checked out r00t-y0u.org. Indeed, last week it had this on the front page.

r00t-y0u

So, I tweeted about it and didn't think much more of it. I wasn't familiar with this hacker forum beforehand, but apparently it was run in Australia by someone called h1t3m, who was now arrested on malware-related charges.

unkn0wn.ws

Mr. h1t3m's other website is still up at h1t3m.org.

h1t3m.org

According to Australian media, "Federal police officers in co-operation with Victoria Police executed a search warrant on premises in Brighton, Melbourne, connected to the administrator of an underground hacking forum, r00t-y0u.org, which had about 5000 members."

h1t3m

So:

1. r00t-y0u.org was taken over by the police
2. …but it was still up and running

And now, someone calling himself KillaWho infiltrated r00t-y0u.org, replacing the front page again.

r00tfront

Mr. Killawho also posted details about the system itself and files found from it. He posted full details to this posting on pastebin.com. "I decided I would move on to getting control of r00t-y0u.org. See what the authorities know about server maintenance.. and how secure they can make stuff."

killawho

Right now the server seems to be taken down for good.

There are already several media reports that claim that Australian Police itself got hacked.

Now, if the police take over a web server run by hackers, and that server later gets hacked, I wouldn't be too worried!

We've seen no evidence showing that any internal police systems would have been infiltrated.

Signing off,
Mikko






<<< 0wn1ng Delphi
|
Fellow's Paper on Worms >>>