'Friendly' hacker spotlights security flaws

A computer hacker using a Polish address has defaced up to 50 Australian Web sites in the past week as part of a campaign to expose a lack of IT security by local business.

The defaced Web sites, which are listed on the German public service site www.alldas.de, have been hacked into and defaced with messages criticising the state of online security in Australia.

The attacks began last week when the hacker, who goes by the name L4m4, defaced the Web site of Adelaide law firm Moloney and Partners and left the threat that unless businesses improved their security, they would be next.

"Your IT guy who you have trusted for so many years has no idea when they told you that your Web server is 'safe as houses, mate'," the message said.

Since then another 46 sites have been defaced, including Sky Channel, legal firm Blake Dawson Waldron and allegedly Dymocks, according to the German Web site archiving the successful attacks.

Before these attacks, fewer than 100 Australian Web sites have been defaced in the last two years.

Sky Channel Internet site manager Alex Harradine said the defacement of its Web site, the first ever, was fixed in a matter of 10 minutes.

Harradine said the hacker could have done some serious damage "but he's quite friendly. He even backed up some of our files".

Sky Channel's Web site page was replaced with "Owned by L4m4. Once again really bad Australian server security. Pick up your act or I will have your job".

Peter Coroneos, Internet Industry Association chief executive, said while the attacks appeared to be relatively harmless, it was possible hackers could go further into the system and steal data and even credit card details.

"Everyone recognises security is looming as an issue for the Internet. It's something we've got to work hard to resolve," he said.

Coroneos said the intention of the defacements, which were basically online graffiti, seemed to be to warn the sites of their weaknesses.

Carlton Duston, technical manager of Websecure Technologies, a Sydney-based Internet security company, said the level of security in Australia was not high.

He said businesses that had been hacked needed to audit their Web site and find how the hacker got in, work out the impact of the information that had been compromised, and raise security levels.

Greg Kowalski, technical director of Biko, the webmaster for Dymocks, denied the site had been defaced, although the bookseller had been listed on www.alldas.de.

- AAP

Join the newsletter!

Error: Please check your email address.

More about AAPAshurst - AustraliaBlake Dawson WaldronDymocksInternet Industry AssociationWebSecure Technologies

Show Comments