Another student hacks another police website

Another student hacks another police website

Summary: Oh the fun. Once again, another police website has been hacked by a student, showing that even the police aren't safe from all crimes.

SHARE:

front-page.PNGOh the fun. Once again, another police website has been hacked by a student, showing that even the police aren't safe from all crimes. This is another link in the long chain of attacks over the years from egotistical teenagers trying to get a kick out of life without sticking a needle in their arm.

Bedfordshire Police had their website hacked and defaced, replacing the content with Arabic and an animation of a man carrying a Tunisian flag. The perpetrator of the attack is known to be a 17 year old US student by the name of Arfaoui Firas, and a site snapshot shows the website after it was defaced. This comes as the news of the website being brought back from the ashes has finally gone live again.

A spokesperson for Bedfordshire Police said, according to the BBC:

"The website is hosted externally, away from all other police systems so no personal or confidential data could have been obtained. Bedfordshire Police take security extremely seriously, which is why the website is hosted independently and outside all other IT systems."

Let's throw in some background material here. Police forces around the country and around the world have databases packed with information about crimes, people and citizens, drivers license details, things like that. To then have a website on the same network or server as the rest of these secure databases would be a huge security risk; which is why they don't.

Many police and government websites are located off-site and have no direct connection to any internal police service databases, thus making it impossible for a hacker gaining control of a website, to then gain access to classified material.

Of course this isn't the first attack by a lone student. Many other "high profile websites" such as those of government and law enforcement have been attacked successfully before, a big two-fingers up to those who hunt them down; some cases actually involves a prosecution.

Devon and Cornwall Police were hacked in August 2006, which led to a prosecution of a 17 year old from London. Dallas State Police were hacked and defaced only a few months ago, with a handy screenshot from Fox News (eurgh...) leading to no apparent arrests. Tuscon Police Department were hacked just before Christmas last year by an Indonesian hacker, and last but not least...

carebear.PNGThe Metropolitan Police were hacked into, by a student I hear under good authority, leaving a big cuddly bear on the front page. The replaced text read:

OFFICER BROBEE SEZ: OH HAI GUYS do joo wanna bes a policeman lulz? I see that teh so15 anti-terrorism anti-lulz police are hiring more incompetent nervy edgy sociopaths to make london's streets just that little bit safer! OH LULZ! SHOUTS TO l0g1kal for being such a leet dude and to LULKITTEH for being so fancy

I asked my good friend Paul to translate for me:

Police officer Brobee says, "Oh hello, good day to you kind gentry. I see you want to become a policeman? Haha. I know that the SO15 Counter-Terrorism Command anti-fun-loving people are hiring even more incompetent nervy edged sociopaths to make London's streets a little better than what they are now. Oh the laughs! I'd like to 'shout out' to all my friends, and LULKITTEH for being very attractive and suchlike."

Even though the police of various quantities and forces are trying to hold back these attacks, it's probably not going to subside any time soon. Political protests, world events, plain belligerence, student revolution, these things can and do go on for a long time. Nevertheless, the police wouldn't mind speaking to you anyway if you were able to do such a thing; they could be more inclined to offer you a job than a prison cell.

Topics: Browser, Security, Software Development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • RE: Another student hacks another police website

    they should probably code their site correctly with decent form validatation (and revalidation), so that SQL injection attacks like this don't work. It's not that hard!
    james.faction
  • RE: Another student hacks another police website

    Hilariously funny, I try to stay current with the security risks around on the net by trying to stay up to date with the flaws that are around, yes SQL is very vulnerable to SQL injection, but what makes it even more embarrassing for the police in my view is I am given to understand from what I've been reading, that the site that was hacked is hosted on a Windows 2000 Machine. Perhaps someone should advise them to upgrade to GNU/GPL linux, for one thing it's free so getting your updated copy is not a problem and SQL injection becomes that little bit harder if their is no SQL running on the site add to that the bonus of using GNUPG Encryption and these embarrassing things like loosing peoples data to people with criminal intent just wouldn't happen. People all over the internet have been waking up to these security flaws for years isn't it time the government followed suit?
    Marlboro_Man