Hackers compromise govt websites

Hackers compromise govt websites

Summary: Although April fools has passed, a number of government system administrators may wake up today finding the joke is still on them as they find their websites are defaced or have security holes.

SHARE:

Although April Fools Day has passed, a number of government system administrators may have woken up this morning to find the joke is still on them, since their websites have been defaced or have had security holes highlighted.

Hacker "alsa7r" leaves their calling card on the Bourke council's website
(Screenshot by Michael Lee/ZDNet Australia)

Over the weekend, hackers hit the websites of NSW Bourke Shire Council, the WA Shire of Cue, the WA Government's Public Sector Management (PSM) Program and the Victorian North East Victorian Regional Waste Management Group (Nevrwaste).

A hacker going by the alias alsa7r broke into the Bourke council and Nevrwaste sites, while another hacker called Mr.XHat claimed responsibility for Cue council and the WA PSM sites.

While Bourke council's main website was left untouched, alsa7r left a calling card, demonstrating that he or she had the ability to upload files to the council's webserver and indicating that the string of attacks is part of a hacking challenge. It has since been removed. Nevrwaste, meanwhile, had been less lucky, since the the main site was replaced with just the hacker's name, and an additional calling card was left on the web server.

This morning, Cue council's website contained the message, "Security is a joke! Your box owned by Mr.XHat", although the site's administrators have now restored it to its former condition.

WA PSM also appears to have restored its website completely, but Nevrwaste was still showing signs that security issues have not been addressed.

The message left by hacker "Mr.XHat" on the website of the Shire of Cue this morning
(Screenshot by Michael Lee/ZDNet Australia)

Hackers have compromised government websites in the past, but have not always defaced the front page of such sites to avoid detection. One such case occurred earlier this year when two hackers, in two separate incidents, both left calling cards on the Governor General's website, demonstrating that over a period of at least 10 months, it had been vulnerable.

Topics: Government, Government AU, Security

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Looking at a management point of view, instead of going after hackers.
    Recognise them... Creating compeition and hire them as security specialist. The job is finding security black hole. Give them a purpose. No matter how good your security system is, with their special skill, they would be able to give you something that might suprise you.
    The best way to test how good your security system is running a test by hackers!
    ngoctranminh
    • On the surface, that's quite logical, but to governments and businesses that have a lot to lose, the last thing they'll want to do is let someone who had ill intentions close to their systems. It's simply too risky and they'll take the view that once you're a blackhat, you're always a blackhat.
      Michael Lee (Mukimu)
  • @ngoctranminh : Far better to ensure you have your system assessed by a reputable _external_ security organisation. If they want to employ former hackers, that's their business, and their responsibility to manage, but it places the onus on them to employ secure, trustworthy staff. Letting any old rogue hacker attack your system is pretty foolhardy, especially for a government resource. I doubt it's legal too. There are plenty of great security organisations who can do more with less direct risk. But I agree, if your system's security hasn't been professionally audited, you are not taking enough care.
    wheelyweb