NEWS FROM THE LAB - Tuesday, August 18, 2009

Case r00t-y0u.org Posted by Mikko @ 13:36 GMT

Five days ago, an anonymous comment was left in the comments section of our blog:

www.r00t-y0u.org a carder/hacker forum says its been taken over by feds. bet there's alot of scared script kiddies out there

Intrigued by the comment, I checked out r00t-y0u.org. Indeed, last week it had this on the front page.


So, I tweeted about it and didn't think much more of it. I wasn't familiar with this hacker forum beforehand, but apparently it was run in Australia by someone called h1t3m, who was now arrested on malware-related charges.


Mr. h1t3m's other website is still up at h1t3m.org.


According to Australian media, "Federal police officers in co-operation with Victoria Police executed a search warrant on premises in Brighton, Melbourne, connected to the administrator of an underground hacking forum, r00t-y0u.org, which had about 5000 members."



1. r00t-y0u.org was taken over by the police
2. …but it was still up and running

And now, someone calling himself KillaWho infiltrated r00t-y0u.org, replacing the front page again.


Mr. Killawho also posted details about the system itself and files found from it. He posted full details to this posting on pastebin.com. "I decided I would move on to getting control of r00t-y0u.org. See what the authorities know about server maintenance.. and how secure they can make stuff."


Right now the server seems to be taken down for good.

There are already several media reports that claim that Australian Police itself got hacked.

Now, if the police take over a web server run by hackers, and that server later gets hacked, I wouldn't be too worried!

We've seen no evidence showing that any internal police systems would have been infiltrated.

Signing off,