Slashdot Mirror
Australian Stock Exchange Crack Attempt Came From US Military Installation
Hamish writes "The Sydney Morning Herald is reporting the US military may have tried to crack the
Australian Stock Exchange (ASX).
Have a look at
the article. No one is actually claiming that the attack was officially sanctioned but the attack did originate from a US military institution. "
This is all very odd; no offense to our Australian friends, but if you were going after a foreign stock market, wouldn't you take Tokyo, London, or Berlin?
----
Am I the only one who thinks Microsoft is a misnomer? Perhaps Macrosoft would be a better fit?
UhOh! I sure hope this isn't grounds for WW III ;)
It's no wonder the Australian site was so secure - any data that looked remotely harmful would be immediately censored out of existence.
--
Win dain a lotica, en vai tu ri silota
Australian Stock Exchange crack....wow...I never knew it was copy protected!
As a sysop for the Air Force Research Labs, I tell you straight up that I had nothing to do with it whatsoever. The fact that I now own massive shares of Sydney Opera House is a coincidence. Pay no attention to the man behind the curtain.
/.)
phil
(hoping that nobody else in his directorate reads
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
or
2. The machine from which the attack oriented was, as they say, owned.
--
Scary thought about what could happen if this happened to, say, Russia, and cooler heads did not prevail. Or between India and Pakistan, except those two really do assault each other's systems all the time.
(Note: I don't actually believe the USMil is behind this...)
My Freakin Blog
1000 monkeys with 1000 typewriters can write the great American novel.
So I guess 100 Kangaroos with 1000 whatever-machine-they-use-down-there can create the server the US Government can't break into.
Fear the power of the Roo.
Ok, it seems highly unlikely that the US government would actually be behind this (If you really wanted to do some damage, go after an exchange that's important like the Nikkei, FTSE, etc.) What's more likely is that someone cracked a box which resides under a government domain and did all their telnetting from there. Haven't a couple of the armed services websites been defaced lately? If you can overwrite files you can certainly run telnet. Thus, it may have looked like the attack was coming from a military installation, but was actually just some bored kid who finished his math homework.
I think there is a world market for maybe five personal web logs.
Is if they detect so many attempts (and I doubt they detect them all), why would an obvious spoofed attack be headline news?
Of the "plenty of attacks" on the ASX computer system, Mr Humphry said none had been successful, with "amateurs trying fairly frequently".
Why wasn't this just dismissed as another amateur attempt, instead of slandering the US military. I mean, everyone has problems with their government. I'm no huge fan of ours (US), but considering Oz's track record in regards to technology, this just seems to be an outright insult towards the US.
Are you telling me they honestly believed our military was trying to attack their stock exchange? It simply doesn't make sense.
Mr Humphry said authorities were notified after the hackers from the US military installation tried to break into the site and "broke into another site to achieve that objective".
If they had control of a machine between their servers and the supposedly source, someone with enough technical expertise could make the attack seem like it was coming from literally anywhere. As long as the packets route through that machine, it wouldn't matter.
And even if the attacks genuinely came from a US military institution, I doubt it was from anything but an unsecured web server that was cracked. Of course the article doesn't give many details.
It just bothers me that they'd publish this garbage and make it seem as if that was exactly how it happened, when there are numerous possibilities of how the attempt could've occured. And without any details.
You can try to blame this on the Australian media, but I can't, since they should've dismissed this attack, and the media shouldn't even have been notified.
Nah, that can't happen.
Injured software engineer wins against Mattel! Ain't that swell?
C'mon. This kind of crap is what I'd except from ZDNet. Slashdot lending even the slightest bit of legitimacy to this joke makes my stomach churn.
Blar.
So now the Australians are going to 'upgrade' their laws? This is reminiscent of The Onion article on the US constitution v2.0. Really, a good look at the article can tell you a lot about the slant. Computer analogies are beginning to be overused IMHO.
I am that that is, not that that is not, that is.
its trivial to spoof your IP into a different ADDRESS when portscanning a box...its also very easy to insert fake information( and also erase info) in utmp/wtmp/lastlog. If the US gov't. wanted to crash a machine, they could've just lanuched an ICBM missile headed straight to their a$$...jk =)
Its amazing how Americans always seem to come up with the idea that we have really strict censorship in Australia.
I can tell you right now there is more censorship in the US. It is mainly about the application of the laws that matters, and here the laws are applied in an appropriate maner (mostly).
In case you are wondering why this was reported (about 24 hours ago), the guy is supposed to report such attacks and the rest is just a media beatup.
Do I trust the US, not really.
We are one people. With one will. One resolve. One cause. We shall prevail!
1. a military host was compromised and then used to attack the Aussie stock exchange,
or,
2. the US Army decided to audit the Aussie stock exchange without authorization.
Quite frankly, I hope it's the latter.
The Military? Bullshit..
. html
The box the attack was launched from was probably cracked.. Military boxes aren't exactly secure..
If you look at
http://www.attrition.org/mirror/attrition/stats
Breakout Total
Government Systems 79
NASA Systems 27
ARMY Systems 19
Military Systems 47
.. and that counts only hacked boxes where the webpage was replaced..
i sort of doubt the government had any involvment or knowledge of the hack. i bet it was some people hacking from .gov machines. remember folks anyone can use any machine if they have access, and cover it all up.
.gov is notorious for having bad security. .gov computer nerds yet ;)
and if it hasnt been said enough yet,
dont go bashing innocent
tyler
I agree 100%. Seems Mr Richard Humphry just wanted to get his name in the paper. In the mean time, he slandered the U.S. military and by extension the U.S. government and all the citizens of the United States. And he has not even met a reasonable burden of proof to make his claims.
He said another serious attack came from Victoria.
Well, geesh, it must have been an Aussie attacking. Call out the Federal police!! We must mount a defence! We have found the enemy--and he is us.
Okay, so I apologize, that last comment may be inappropriate, and two wrongs don't make a right, but I want justice!
And one more thing, how does/would Dick know the attack originate via the attempts of more than one individual? That is, how come he says hackers, and not just hacker?
If indeed this attack came from a 'mitilitary institution' (which I doubt they know for sure) I must have been a hacked one. That's just simple. However, making statements like: "We build multi-layered firewalls," he said of the ASX security strategy. The hackers had not been able to pass "through the first wall". Not a good idea Mr. Humphry. That smells just like another crack-this-box-a-thon. Have at it boys and girls. Make the USA proud!!!
At least we can spell.
You doofus.
And the US is the biggest trigger happy country in this world.
"At Least we can spell."
What kind of english is that my friend?
Okay, I think this is going too far. I seriously doubt that the US military would hack the Australian Stock Exchange. But it sure makes a good media pitch.
.mil host has been compromised, then I'd be waiting to see which major computer system the US military tries to crack into next. Hackers use other systems as jumping points. They don't, for example, hack/crack directly from their own system. They might have a trail of maybe 5 or 6 hosts between them and their destination. the .mil host just happens to be the last one before the asx system.
If a
It makes things more challenging for the hackers, and almost impossible for admins if the owner of any one of those hosts along the line doesn't know what they are doing.
Now if one of those systems was an NT box, or a socks5 proxy (perhaps an open insecure wingate) with open access, then there would be little chance of the hacker/cracker being found.
-zardoz
this is a possible. I dont know if any slashdotters at the moment realise australian troops are in east timor enforcing the peace. This could be an indonesian 'crack' posing as a US IP.
given the current state of affairs this is a possibility.
peterrenshaw ~ Another Scrappy Startup
And we can read too. And cut'n'paste. (There's no captial L in there). And we use the Queen's English.
hehe. Man, this thread is burning up!
Make it idiot-proof and someone will build a better idiot.
Does the Queen favor sentence fragments?
East Timor is currently being used as a pawn by US military to convince the Aussie military that they are not properly prepared for their own defence. While its looking like a full on pissing war between the sides, this should just add more fuel for the fire. Australia has asked the US (its best ally) for help in the E Timor mess and the US said they would not send any troops even though every time the US asked the Oz military for troops, they were sent. Now the US military just lent 4000 suits of body armour and keep adding other little bits of hardware all while politely pointing out that if the Oz government spent a bit more on US made hardware, these little problems wouldn't happen. This little incident just switches things around a bit the other way.
I don't reckon Military computer security would be any better than anyone else's. Probably worse, seeing as how you can generally make more money with computers in the private sector than you can in military. Wouldn't surprise me in the least if a lot of the systems in the military -- especially the unclassified areas -- had security weaknesses going back five to ten years.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
If the attack was succesful, the mil would have free access to the Australian economy, they got BUSTED so it was a attack from a spoofed IP. Maybe the military sys-admins should learn from the ASX how to build a network that is actually secure??
IP spoofing is a myth. It can be done on a lan, but the laws of tcp/ip simply forbids it on the net. This is probably fake information the aussie government put out to get the media all rowdy. Clearly the government is furthering their attempts censor the net. How far will they go? Then again it could be real and some idiot government hired script kiddie forgot to cover their tracks.
--
Karma: -1,257,423
if you can't beat 'em might as well join 'em
With all the secret agent men, contingency plans for contingencies which may or may not have contignency plans, and the number of really smart people they pay just to "think" about a problem and find a solution, I find it difficult to belief they'd be dumb enough to try to gained unauthorized access into a "high level" type machine/network from their own network. If they were really going to do such a thing, they'd setup an account with sprintlink or something...
C'om on guys.. it hadda been spoofed..
:-)
On top of that.. I'd be willing to bet it was one of our own guys....
in fact.. i'd bet a new athlon that it was one of ours AND either from tasmania/queensland or over here in western australia..
(but that doesn't mean we can turn our backs on you yankees yet... *grin*)
"Consider how lucky you are that life has been good to you so far. Alternatively, if life hasn't been good to you so far
...Undoubtedly trying to affect the price of those tasty Aussie Beef Snacks.
by Mike Buddha -- Someday the mountain might get him, but the law never will.
The .mil machine in question was most likely owned first. I wonder if broadsheet and lower quality papers will bother to explain concepts like "telnet" or "ssh" (let alone IP Spoofing!!) to their non-computer-literate readers. This might raise interesting questions - I mean if cyberwarfare's the future, and the media have such a shaky understand of technology and feel even less dutiful about reporting on it (see the RSA cracking story recently) 'God help us' .
I've simply got to reply to all the "It was a spoof" posts (about 13 when I counted). My God you people speculate a lot! Read the article, It literally says we traced it back as far as possible and it landed in an IP range that is associated with the particular US military base.
Now, chances are the would be cracker targeted the ASX, believing it to be inferior, for personal gains or whatever, but failed.
The fact that it seemed to have come from another source, after originating from the Military base would indicate that the 'owned' box was where the guy was going to have his trail end. I would say he was literally 'caught in the act' before he covered his path at this point. Routers pass a lot of information on and it is oh so possible to link back spoofed IP's to the source route. On a wide area scale, spoofed IP's do not return to the host very easily. If the connection is open, the trace can be made to the source IP.
Now for my 2c worth: It would not surprise me one bit if he just dialed-in to a MIL server that he just 'happened' to have a number for, so was designated an IP in their adress range. If this guy was any good though, he would have removed any evidence of ever actually having dialed in though. IMO, this is about the only plausible explaination.
You can break the law all you like -- until you're caught. Remeber one thing. It is only the dumb criminals that are in jail.
Dan. -- So what if it's spelt wrong, nobody's perfect
Why on earth would australia fabricate such a wild story??
Most astralians are simple especially our journalists and politicians.
No Body seem's to think that mabey the US didnt do it, mabey it was the bored system administratior?
Australia has every thing to lose here....
No No you americans have got it all wrong, Atm as you may well all know Australia is literally at war with Indonesia over their handling of the whole East Timor independance deal.
But really and truly the only thing that is stopping Indonesia from declaring war on Australia is the presense of International military espically from the United States, who are believed to be the most powerful military force in the World
Possibly they thought they could piss us Aussies off by *trying* to hack out ASX from The US Military whom we believe to be our friends
Someday, we'll look back on this, laugh nervously and change the subject.
Missing words as in "I'll write you" (you write a character in a book, not a real life person. Well, unless you're a political spin-doctor.)
Redefining chemical elements. There is a pronounced 'i' in "aluminium", and sulphur is sulphur!
Hi. I have been in that situation, somewhat, before. No, I wasn't cracking or hacking, but telneting all over the place.
I could telnet into a machine, turn around and telnet back to the base I was at and set up loops. The crazy thing is, it is easier (or was then, several years ago) to get into unsecure or semi-secure military systems then it is to get into your regional library's system.
Many huge military systems have little or no security, like those in the hospitals, simply because there is no reason to.
The Pentagon system is comprimised all the time, More than 200,000 times in 1997 IIRC. They just don't put important information on those systems.
I have seen secure military systems, and secure(relatively) military webs, and those contain actual important stuff.
To return to the point, it would be trivial to use a unsecure military network to launch some sort of attack, and from anywhere in the world. They have good hardware(usually) and wide ranges of IPs(usually) and lots of traffic(usually).
I am actually more surprised that it doesn't happen more often.
Sorry, but the fifth amendment demands I post AC.
The media in Australia is owned by Rupert Murdoch and Kerry Packer. They have no interest in opposing the Internet censorship proposals because it would help people inform themselves rather than relying on Murdoch and Packers bullshit generators.
The Australian Government, most notably Senator "dick" Alston are pushing for Internet censorship in Australia. They need media beatup, overkill and sensationalism to push their warped little barrow.
This article is to make the plebs feel that the government is doing the right thing keeping all Australians, especially little children, safe from all us evil paedophile 'net users.
getting a free telnet account on a .mil account sounds like fun if a bit dangerous. lots of free disk space, a good connectivity, and if you use a password cracker on a thing that has any security they accuse the US military and you get on /.,..
I bet they all use their girlfriend's first name as password too. I know that is how it works in the french army. The sysop is a private, and when you are a private you do not want to tell an officer that 'barbara' is not a secure password.
Not that the french army is connected to the net either but they lock their windows box so that nobody beats their Tetris hi-score.
way too much fun!
---
Dev elpizw tipota, dev phoboumai tipota eimai lephteros http://euclidian.org
Well they could have as many laws as they want, but there is always going to be someone out there who want to hack something. It is no point in using a waste of money on policework, when there is just a new kid the next day.
It would be more efficient to generate better secutity on computer-systems. Because it's impossible to hack anything without access from the system beeing hacked
It's funny how an AAP story on a story on an Australian TV program suddenly becomes international news on Slashdot.
From what I recall of the original story on TV (I was half asleep at the time).
1. The ASX gets loads of people trying to get into it.
2. Almost all of these people are idiots who have seen "Wargames" and think they'll give it a try.
3. There have been a few serious (ie more than clueless) attempts, he mentioned two, one from Victoria (the state, not a person), and another which was traced back to a military installation in the US (via a hacked site in New Zealand IIRC).
4. The ASX has pretty good security, using multiple firewalls through which noone has got further than the first. The guy was also very careful not to boast about how good it was or to go into any great detail. He merely stated a few facts.
A lot of you seem to be saying 'well obviously the military box was compromised' as if such a point had never crossed the guys mind.
It seems to me that they simply went to the right source to stop their problem (unless you expect them to hack back in to the US military box to trace the hacker, news at 10, Australian Stock Exchange hacks into US Military site).
That and the fact that they want local laws changed to make prosecuting local hackers easier (as the person from Victoria was traced but could not be prosecuted because he was not caught 'in the act').
Hardly Earth shattering stuff Slashdot.
The Great Chunder Page - Alcohol Induced Fun!
Boffoonery - downloadable Comedy Benefit for Bletchley Park
> There is a pronounced 'i' in "aluminium", In fact Aluminum and Aluminium came into existence at about the same time, thus both are correct. Read Bill Bryson's "Made in America" for an excellent history of American English - and America.
You forget such things as "level of corruption" and "openness of economy".
How about "per capita GNP".
I agree with your sentiment though.
Well he seems pretty sure that no one has breached their outside firewall. How can he be so sure though?
Similar to: 90% crime is never reported -> 90% of hackers are never detected...
I can understand the reason for using a Multilayer firewall to build a secure demilitarised zone in your network, but if you are accepting incoming packets through both firewalls to your internal network then the method of exploiting is exactly the same, say, as if you have 1,3 or 100 layers of firewalls, because the packets will pass through them all (assuming they match the firewall criteria as valid packets)
I expect plenty of hackers are now also armed with the extra information that there is another firewall beyond the first, because if they get access to a host within the demilitarised zone they now know what to look for (another firewall).
Making this into a media-thingie about "US attacking australia" is absurd. The .mil box was obviously cracked. Some scriptkiddie playing around with a remote-exploitable bufferoverflow-script-thingie that the military has been to lazy to plug. Then the australian site was attempted for some reason. Maybe some australian from the 'attempted cracked domain' had @ status on some big IRC channel..
--
"Rune Kristian Viken" - http://www.nwo.no - arca
The real question here is what the hell is the ASX database doing connected to a public network at all? Firewalls or not, a database that can be harmed by tampering doesn't belong on a public network. The ASX is just airing its bad security practices.
...the attack came from a .mil IP? All the article says is that it came from "a US military installation". That could mean the attacker was actually some kid whose dad is stationed on an Army base in Nevada.
01101100 01101001 01101110 01110101 01111000 01110010 01110101 01101100 01100101 01110011
If it was the US military do you honestly think that they would use thier own server? Or maybe they did that to make us think that? It's all very confusing.
Actually I always thought it's the berlin DAX, at least that's what the BBC always reports. German news reports about 6 different exchanges throughout the country from each major city. Not all the exchanges are in on city like New York.
-----
Do you even know anything about perl? -- AC Replying to Tom Christiansen post.
There is a pronounced 'i' in "aluminium"...
In fact, aluminum and aluminium came into existence at about the same time, thus both are correct. Read Bill Bryson's Made in America for an excellent history of American English -- and America.
(Rolls eyes...) AFAIK, the American spelling and pronunication aluminum came about because a leading American aluminum manufacturer (probably Reynolds) misspelled aluminium on their stationery and advertisements. It was wrong at the time, but it grew in popularity and eventually stuck and became accepted as right.
No you don't, you speak commoner's english. The only people that I've ever heard speak "Queen's English" or "Oxford English" are german teachers and students learning english at school.
We know that sulphur is sulphur.
Nutn' like a good ol' flaem krieg!
I'd heard (no I can't find any corroboration for this at all :-) that the reason it is spelt aluminum in America is that someone made a typo when doing a patent application. May well just be a UL, but for what its worth I heard it from some US academic speaking at a graduation dinner at an Australian university.
Information is a tool. It doesn't take a genius to realise that the ASX generates a hell of a lot of information and that there are many people tapping into it (or perhaps you think someone is typing in all those stock tickers).
An ASX separated from the outside world would be much less useful.
Oh, and what part of the article mentioned 'the ASX database' (whatever that means!) and what bad security practices does it reveal?
Surely you aren't suggesting that using multiple firewalls is a bad idea?
The Great Chunder Page - Alcohol Induced Fun!
Boffoonery - downloadable Comedy Benefit for Bletchley Park
Practice.
I honestly don't think any one from the US Military would be trying to sabotage the Aussie economy, but lets face it, After Japan and Canda, Australia is right up there in Internet conectivity (per capita) an technical skills. So with all the recent "cybeterrosim" hype, and as a test of skills, they might have tried to crack a secure site or two just to see if they could.
The US wouldn't dream of attacking Japan (too politically charged -- they'd make a HUGE deal about it) or Canada (trade relations, proximity etc.) So Australia's the next choice.
Oh yeah, I'm sure that now crackers are 'armed' with the knowledge that there are more than two firewalls they'll be into the thing in minutes.
I mean, multiple firewalls on something pretty important to the economy, who'd a thunk it?
The Great Chunder Page - Alcohol Induced Fun!
Boffoonery - downloadable Comedy Benefit for Bletchley Park
you don't shit where you eat.
- that the US military decided to hack the ASX, or that someone was able to hack a US military site, but not the ASX?
Oh no, look out. Yet another hack attempt comming from a military outpost or educational institution.
Who woulda thought? (Gee) Sure is hard to bust into these mammoth vaults that have similar securities to... "A brick of swiss-cheese". Get with it clan. People have been using military systems and ARPANET for years as not only a target, but a drop point to break into other systems. Not very much news here. What would be the icing is if someone found out it was Kevin Mitnick.
Stick a fork in it: ding I'm done.
-Bf
Hello, I don't want you to think that I am some paranoid phreak. But whom in this country (US) likes to attempt unauthorized and unsanctioned cracks on other country's boxen. Anyone remember the little TLA referred to as the NSA.
Why? Well why not it, was a challenge to their skills and it can give them an insight to depth of security other countries implement.
Why make it appear to originate from a US military installation? Because then it would be easily dismissed as a spoof attack. Because we all believe the US Military is neither intelligent enough to attempt to crack the system, nor do we believe they are stupid enough to try. Also with all of the compromised US military boxen it gives the military a perfect out. This way no one gets blamed except for the Airman acting as sysop over that box who just got demoted for failure to secure it and almost causing an international incident.
Remember US intelligence agencies do some pretty harry stuff afterward they can then classify it without fear of reprisal. Because remember, it is for the sake of national security. Well, that and there is no one in this country with balls enough to keep them in check.
"Help me Obi-/.-Kenobi,your my only hope!" -$
For the younger generation. Read Clifford Stoll's book "The Cuckoo's Egg". It will shed a bit of light on the abilities (or lack there of) of the US government.
aids might be spread through keyboards. no wait that was the 80s. ok flesh eating bacteria resistant to modern antibiotics because might be spread through the keyboard. especially microsoft keyboards. especially if you are using windows.
Story One: "US Military launches Minuteman II Missile from Vandenburg Range in the general direction of Australia. US claims that the missile was 'modified' to prevent nuclear detonation, and anyway, they shot it down with an ExoAtmospheric 'kill' Vehicle. Not many hurt." Story Two: "US Military Installation in Western California launches attack on Australian Stock Exchange Server. Not many hurt" Just what have you guys got against the Aussies anyway? If I were Australian I'd be starting the get paranoid. Feed The Hungry. Save the Whales. Free the mallocs
Story One:
"US Military launches Minuteman II Missile from Vandenburg Range in the general direction of Australia. US claims that the missile was 'modified' to prevent nuclear detonation, and anyway, they shot it down with an ExoAtmospheric 'Kill' Vehicle. Not many hurt."
Story Two:
"US Military Installation in Western California launches attack on Australian Stock Exchange Server. Not many hurt"
Just what have you guys got against the Ozzies anyway? If I were Australian I'd be starting the get paranoid.
Feed The Hungry. Save the Whales. Free the mallocs
i think someone in the us military is trying to pick a fight with the aussies...
Large print giveth, and the small print taketh away
Well you would be wrong. The name arose from the material it was originally extracted from: "Alum". The metal's name came from this on both sides of the Atlantic.
Did you mean 'hacker' or 'cracker'?
Do you know the diffrence? I don't think you do.
was, last time I heard, not an Australian
Open Source. Closed Minds. We are Slashdot.
The ASX survived pretty well and was one of the very few that did. If we fell on our arses now, I can guarantee you in the US would feel the effects.
Open Source. Closed Minds. We are Slashdot.
*Removes tongue from cheek*
Open Source. Closed Minds. We are Slashdot.
cheers
marty
"I can't buy want I want because it's free. Can't be what they want because I'm me." -Corduroy, Pearl Jam
With all due respect. BIG DEAL. So someone doesn't like Aussies. No-one likes everyone.
$sarcasm on$
The English don't like the Germans. The Belgians don't like the Dutch. Many people don't like the USA. No one likes the French.
$sarcasm off$
But really, it doesn't matter at all whether Indonesians as a race like or dislike Aussies.
What matters somewhat is a country's official foreign policy. What matters a lot from Australia's point of view is the US's official foreign policy. This real-politik has served Australia well since the war.
I agree that having your embassy shot at is not great. However, this is why the people representing Australia over there are called "diplomats". They are supposed to be diplomatic about these kind of things.
If embassies are consistantly shot at, to the outside world, the host nation just looks incompetent for not being able to keep peace on their streets.
Finally, everyone in politics (even Nth Korea) realises that the firing of a missile which hits a foreign country is an act of war - and these days will probably get a multinational force arrayed against them. And anyway, why would Indonesia provoke a shooting war that they could never win with one of their biggest trading partners?