Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
News

Australian Stock Exchange Crack Attempt Came From US Military Installation 149

Hamish writes "The Sydney Morning Herald is reporting the US military may have tried to crack the Australian Stock Exchange (ASX). Have a look at the article. No one is actually claiming that the attack was officially sanctioned but the attack did originate from a US military institution. "
This discussion has been archived. No new comments can be posted.

Australian Stock Exchange Crack Attempt Came From US Military Installation

Comments Filter:
  • This is all very odd; no offense to our Australian friends, but if you were going after a foreign stock market, wouldn't you take Tokyo, London, or Berlin?
  • UhOh! I sure hope this isn't grounds for WW III ;)
  • by PurpleBob ( 63566 ) on Sunday October 03, 1999 @07:09PM (#1641048)
    It's no wonder the Australian site was so secure - any data that looked remotely harmful would be immediately censored out of existence.
    --
  • As a sysop for the Air Force Research Labs, I tell you straight up that I had nothing to do with it whatsoever. The fact that I now own massive shares of Sydney Opera House is a coincidence. Pay no attention to the man behind the curtain.

    phil
    (hoping that nobody else in his directorate reads /.)
  • by mattdm ( 1931 ) on Sunday October 03, 1999 @07:12PM (#1641051) Homepage
    1. The source IP address was spoofed

    or

    2. The machine from which the attack oriented was, as they say, owned.

    --

  • That's not good at all. I mean, having a stock exchange in a developed country come under attack is bad enough, but having the attack look like it came from the U.S. (regardless of whether or not it did) is even worse.

    Scary thought about what could happen if this happened to, say, Russia, and cooler heads did not prevail. Or between India and Pakistan, except those two really do assault each other's systems all the time.

  • I'm so glad my government is keeping me safe from the dangers of the Australian economy!

    (Note: I don't actually believe the USMil is behind this...)

  • 1000 monkeys with 1000 typewriters can write the great American novel.

    So I guess 100 Kangaroos with 1000 whatever-machine-they-use-down-there can create the server the US Government can't break into.

    Fear the power of the Roo.
  • Ok, it seems highly unlikely that the US government would actually be behind this (If you really wanted to do some damage, go after an exchange that's important like the Nikkei, FTSE, etc.) What's more likely is that someone cracked a box which resides under a government domain and did all their telnetting from there. Haven't a couple of the armed services websites been defaced lately? If you can overwrite files you can certainly run telnet. Thus, it may have looked like the attack was coming from a military installation, but was actually just some bored kid who finished his math homework.
  • by HalJohnson ( 86701 ) on Sunday October 03, 1999 @07:30PM (#1641056) Homepage
    Is if they detect so many attempts (and I doubt they detect them all), why would an obvious spoofed attack be headline news?

    Of the "plenty of attacks" on the ASX computer system, Mr Humphry said none had been successful, with "amateurs trying fairly frequently".

    Why wasn't this just dismissed as another amateur attempt, instead of slandering the US military. I mean, everyone has problems with their government. I'm no huge fan of ours (US), but considering Oz's track record in regards to technology, this just seems to be an outright insult towards the US.

    Are you telling me they honestly believed our military was trying to attack their stock exchange? It simply doesn't make sense.

    Mr Humphry said authorities were notified after the hackers from the US military installation tried to break into the site and "broke into another site to achieve that objective".

    If they had control of a machine between their servers and the supposedly source, someone with enough technical expertise could make the attack seem like it was coming from literally anywhere. As long as the packets route through that machine, it wouldn't matter.

    And even if the attacks genuinely came from a US military institution, I doubt it was from anything but an unsecured web server that was cracked. Of course the article doesn't give many details.

    It just bothers me that they'd publish this garbage and make it seem as if that was exactly how it happened, when there are numerous possibilities of how the attempt could've occured. And without any details.

    You can try to blame this on the Australian media, but I can't, since they should've dismissed this attack, and the media shouldn't even have been notified.
  • More likely: 3. Some Airman who fancies himself a [c|h]racker was using one of the computers in his shop during his break. Or even more likely: 4. Some Airman who fancies himself a [c|h]racker was using one of the computers in his shop when he should have been doing his work. AME [former Airman, USAF]
  • I agree to some point, if you're going for the golden egg, you might as well go for the goose that laid it. However, one might consider something like this as a small stagin arena for a much larger "project". Yes, this is getting press, but if *I* were a s00p3r cr4c|3r, I'd try my skills on smaller fish before going for the big kahuna.

    In either case, it's still an interesting case study and really should remind everyone that the main security concern they must face is not the threat to *their* data, but the threate that someone will use their computer illegally to access *other* peoples' data. Therein lies the real problem.
  • C'mon. This kind of crap is what I'd except from ZDNet. Slashdot lending even the slightest bit of legitimacy to this joke makes my stomach churn.
  • So now the Australians are going to 'upgrade' their laws? This is reminiscent of The Onion article on the US constitution v2.0. Really, a good look at the article can tell you a lot about the slant. Computer analogies are beginning to be overused IMHO.
  • Its amazing how Americans always seem to come up with the idea that we have really strict censorship in Australia.

    I can tell you right now there is more censorship in the US. It is mainly about the application of the laws that matters, and here the laws are applied in an appropriate maner (mostly).

    In case you are wondering why this was reported (about 24 hours ago), the guy is supposed to report such attacks and the rest is just a media beatup.

    Do I trust the US, not really.

  • 1. a military host was compromised and then used to attack the Aussie stock exchange,

    or,

    2. the US Army decided to audit the Aussie stock exchange without authorization.

    Quite frankly, I hope it's the latter.
  • I hope for their sake it wasn't #1. It would be humbling, to say the least, to brag to the press about your "multi-level" firewalls and then, oops, find out that they can't even detect spoofed packets.
  • by Anonymous Coward
    The Military? Bullshit..


    The box the attack was launched from was probably cracked.. Military boxes aren't exactly secure..


    If you look at [attrition.org]
    http://www.attrition.org/mirror/attrition/stats. html


    Breakout Total
    Government Systems 79
    NASA Systems 27
    ARMY Systems 19
    Military Systems 47

    .. and that counts only hacked boxes where the webpage was replaced..
  • i sort of doubt the government had any involvment or knowledge of the hack. i bet it was some people hacking from .gov machines. remember folks anyone can use any machine if they have access, and cover it all up.

    and if it hasnt been said enough yet, .gov is notorious for having bad security.
    dont go bashing innocent .gov computer nerds yet ;)

    tyler
  • No. You would go for whichever one you thought you could make it into.
  • by Anonymous Coward
    Okay, I think this is going too far. I seriously doubt that the US military would hack the Australian Stock Exchange. But it sure makes a good media pitch.

    If a .mil host has been compromised, then I'd be waiting to see which major computer system the US military tries to crack into next. Hackers use other systems as jumping points. They don't, for example, hack/crack directly from their own system. They might have a trail of maybe 5 or 6 hosts between them and their destination. the .mil host just happens to be the last one before the asx system.

    It makes things more challenging for the hackers, and almost impossible for admins if the owner of any one of those hosts along the line doesn't know what they are doing.

    Now if one of those systems was an NT box, or a socks5 proxy (perhaps an open insecure wingate) with open access, then there would be little chance of the hacker/cracker being found.

    -zardoz
  • by goon ( 2774 )
    this is a possible. I dont know if any slashdotters at the moment realise australian troops are in east timor enforcing the peace. This could be an indonesian 'crack' posing as a US IP.

    given the current state of affairs this is a possibility.
  • America is the most uptight censored country I have ever been in. No cursing, no nudity, no nothin. The media is scrubbed clean before it ever reaches the pristine and virginal ears and eyes of the citizenry. Also many subjects are just plain taboo. I am still waiting for an American politician to admit he does not believe in god, Or that drugs should be legalized. I have never been in Australia but I can not imagine that it's more censored then here.
  • they have leet klawz, tew.

    -warren
  • Thank god we are note elite then :)
  • East Timor is currently being used as a pawn by US military to convince the Aussie military that they are not properly prepared for their own defence. While its looking like a full on pissing war between the sides, this should just add more fuel for the fire. Australia has asked the US (its best ally) for help in the E Timor mess and the US said they would not send any troops even though every time the US asked the Oz military for troops, they were sent. Now the US military just lent 4000 suits of body armour and keep adding other little bits of hardware all while politely pointing out that if the Oz government spent a bit more on US made hardware, these little problems wouldn't happen. This little incident just switches things around a bit the other way.
  • I don't reckon Military computer security would be any better than anyone else's. Probably worse, seeing as how you can generally make more money with computers in the private sector than you can in military. Wouldn't surprise me in the least if a lot of the systems in the military -- especially the unclassified areas -- had security weaknesses going back five to ten years.
  • IP spoofing is a myth. It can be done on a lan, but the laws of tcp/ip simply forbids it on the net. This is probably fake information the aussie government put out to get the media all rowdy. Clearly the government is furthering their attempts censor the net. How far will they go? Then again it could be real and some idiot government hired script kiddie forgot to cover their tracks.
  • What "track record" are you referring to?
  • Its based on a point system. There are points awarded for skin color and religion. There are bonus points for nuclear weapons. Lighter skin colors get higher number and darker skin colors get lower numbers. If you are mostly christian or jewish you get bumped up but if you are moslem or hindu or budhist you get bumped down. Yellow people are in a category of their own and are a wild card. Lets score a some countries as an example
    Israel: light brown people -1, jewish +1, Nuclear weapons +1. Score 2 first world!
    India: Dark brown people -2, hindu religion -1, nuclear weapons +1 score -2 second world!.
    Khazakistan: light brown people -1, nuclear weapons +1, moslem religion -1, score -1 second world.
    Japan: Budhist/shinto -1, no nukes 0, yellow people +3 (Wild card!) score +2 first world!
    You can use this simple guide to determine where in the world countries stand. Politicians use a very similar guide to set foreign policy too!.

    I hope I was able to clarify this for you. In guess who is coming to dinner there is a quote that I love.
    If you're white you're all right
    if you're brown stick around
    if you're black stay back!
  • With all the secret agent men, contingency plans for contingencies which may or may not have contignency plans, and the number of really smart people they pay just to "think" about a problem and find a solution, I find it difficult to belief they'd be dumb enough to try to gained unauthorized access into a "high level" type machine/network from their own network. If they were really going to do such a thing, they'd setup an account with sprintlink or something...
  • C'om on guys.. it hadda been spoofed..
    On top of that.. I'd be willing to bet it was one of our own guys....
    in fact.. i'd bet a new athlon that it was one of ours AND either from tasmania/queensland or over here in western australia..
    :-)
    (but that doesn't mean we can turn our backs on you yankees yet... *grin*)
  • ...Undoubtedly trying to affect the price of those tasty Aussie Beef Snacks.

  • This [slashdot.org] and This [slashdot.org] ... Etc.
  • by Anonymous Coward
    The .mil machine in question was most likely owned first. I wonder if broadsheet and lower quality papers will bother to explain concepts like "telnet" or "ssh" (let alone IP Spoofing!!) to their non-computer-literate readers. This might raise interesting questions - I mean if cyberwarfare's the future, and the media have such a shaky understand of technology and feel even less dutiful about reporting on it (see the RSA cracking story recently) 'God help us' .
  • I've simply got to reply to all the "It was a spoof" posts (about 13 when I counted). My God you people speculate a lot! Read the article, It literally says we traced it back as far as possible and it landed in an IP range that is associated with the particular US military base.

    Now, chances are the would be cracker targeted the ASX, believing it to be inferior, for personal gains or whatever, but failed.

    The fact that it seemed to have come from another source, after originating from the Military base would indicate that the 'owned' box was where the guy was going to have his trail end. I would say he was literally 'caught in the act' before he covered his path at this point. Routers pass a lot of information on and it is oh so possible to link back spoofed IP's to the source route. On a wide area scale, spoofed IP's do not return to the host very easily. If the connection is open, the trace can be made to the source IP.

    Now for my 2c worth: It would not surprise me one bit if he just dialed-in to a MIL server that he just 'happened' to have a number for, so was designated an IP in their adress range. If this guy was any good though, he would have removed any evidence of ever actually having dialed in though. IMO, this is about the only plausible explaination.

    You can break the law all you like -- until you're caught. Remeber one thing. It is only the dumb criminals that are in jail.
  • I think that any US citizens/residents that take this to matter personally have a whole bunch of problems of their own. I'm sure most people (including the guy that noticed the attack) would assume that the address of the machine was either spoofed, or the machine had been "owned".

    Do you seriously believe that simply because a single media outlet gets their hands on some information (info which another poster points out had to be reported to authorities), and then twists it around to try and grab a headline, that all Australians believe it to be true and that the Americans are all against us? Of course we do!! Newspapers and other media outlets would never twist a story or try a bit of scare-mongering to lure in a few extra $$

    Shame on them.
  • Why on earth would australia fabricate such a wild story??
    Most astralians are simple especially our journalists and politicians.
    No Body seem's to think that mabey the US didnt do it, mabey it was the bored system administratior?
    Australia has every thing to lose here....
  • I have a friend who does computer security and networking stuff for the air force in DC. When he came home on leave last month, he was telling me stories of some of the goings on there... I guess one guy in particular tries breaking into their public systems but isn't good enough to do anything so let let him play until they get annoyed and disconnect him. He said he sees up to a dozen different IPs trying to crack various systems every day and a large number of the computers are running NT( he's their "UNIX specialist" and he just called me yesterday to try to get his mouse working on his home box in linux so we know what kinda people admin these boxes) so I see it as definately plausable someone could have found a method to grab the box and use it for their own needs. Whether or not the military can find out who it was that did it is another thing.

    On a slightly different note, considering our "cyberwar" on Yugoslavia, I'm sure many other governments could be concerned and so are initiating counter attacks( ie, if they're going to get us, we might as well get them ).
  • "the laws of tcp/ip"?

    AFAIK, TCP/IP is a protocol, not a set of laws :)

    Spoofing is very real, and if you believe otherwise, you're being illogical. Think about the essence of data communications, just a bunch of electrical pulses travelling down a wire. If you have access to that wire, you can send anything down it and make it seem like it was coming from anywhere on the other end. You can also deny traffic, or modify it en route. Basically, you can do anything.

    Don't kid yourself, spoofing is a common occurance, and those who do it properly are usually not even noticed.

    And encryption doesn't help much either, if the format of the data is known (the protocol), you can easily just proxy the authentication and none would be any the wiser. 3rd party authentication is slightly better, but for a determined entity, its really just one more wire to compromise.
  • Actually, spoofing is possible if the hijacker resides on a network along the route of the two other identities. Also, spoofing should be possible in one way attacks, like some denial of service attacks.
  • I can't believe the other post got moderated up to a +2 interesting! The terms have nothing to do with skin color, and certainly not a point system!

    The reference to 1st, 2nd, 3rd world date back to a paper by a political geographer (whose name escapes me) he used 1st world to describe the "free nations", 2nd world to describe the USSR and it's children.

    And 3rd world was used to describe the "Unaffiliated" countries.

    Zl
  • by Yarn ( 75 )
    yes, W3c is bad enough :/
  • No No you americans have got it all wrong, Atm as you may well all know Australia is literally at war with Indonesia over their handling of the whole East Timor independance deal.

    But really and truly the only thing that is stopping Indonesia from declaring war on Australia is the presense of International military espically from the United States, who are believed to be the most powerful military force in the World

    Possibly they thought they could piss us Aussies off by *trying* to hack out ASX from The US Military whom we believe to be our friends



  • First they hurt our farmers by stoping our TOP QUALITY beef coming in and now they try to hit everyone else by taking down our Stock Exchange

    Come america go back to picking on the Russians
    hehehehhe
  • by Anonymous Coward
    The media in Australia is owned by Rupert Murdoch and Kerry Packer. They have no interest in opposing the Internet censorship proposals because it would help people inform themselves rather than relying on Murdoch and Packers bullshit generators.

    The Australian Government, most notably Senator "dick" Alston are pushing for Internet censorship in Australia. They need media beatup, overkill and sensationalism to push their warped little barrow.

    This article is to make the plebs feel that the government is doing the right thing keeping all Australians, especially little children, safe from all us evil paedophile 'net users.

  • Fear the power of the Roo.

    Don't you mean "ph33r th3 p0w3r 0f th3 r00"? Our kangaroos are very l33t :)
  • getting a free telnet account on a .mil account sounds like fun if a bit dangerous. lots of free disk space, a good connectivity, and if you use a password cracker on a thing that has any security they accuse the US military and you get on /.,..
    I bet they all use their girlfriend's first name as password too. I know that is how it works in the french army. The sysop is a private, and when you are a private you do not want to tell an officer that 'barbara' is not a secure password.
    Not that the french army is connected to the net either but they lock their windows box so that nobody beats their Tetris hi-score.
    way too much fun!
    ---
  • Very very very good point.

    From my personal experience 99.9% of attacks come from an already hacked site. It is interesting that they did not use a university as a staging area which is the usual case.
  • by Chuck Chunder ( 21021 ) on Monday October 04, 1999 @01:14AM (#1641119) Journal
    It's funny how an AAP story on a story on an Australian TV program suddenly becomes international news on Slashdot.

    From what I recall of the original story on TV (I was half asleep at the time).

    1. The ASX gets loads of people trying to get into it.
    2. Almost all of these people are idiots who have seen "Wargames" and think they'll give it a try.
    3. There have been a few serious (ie more than clueless) attempts, he mentioned two, one from Victoria (the state, not a person), and another which was traced back to a military installation in the US (via a hacked site in New Zealand IIRC).
    4. The ASX has pretty good security, using multiple firewalls through which noone has got further than the first. The guy was also very careful not to boast about how good it was or to go into any great detail. He merely stated a few facts.

    A lot of you seem to be saying 'well obviously the military box was compromised' as if such a point had never crossed the guys mind.

    It seems to me that they simply went to the right source to stop their problem (unless you expect them to hack back in to the US military box to trace the hacker, news at 10, Australian Stock Exchange hacks into US Military site).

    That and the fact that they want local laws changed to make prosecuting local hackers easier (as the person from Victoria was traced but could not be prosecuted because he was not caught 'in the act').

    Hardly Earth shattering stuff Slashdot.
    The Great Chunder Page - Alcohol Induced Fun!
  • The Geran stock exchange is Frankfurt AFAIK
  • C'mon mate, get a grip on reality.

    Firstly, countries are not "literally at war" until there is a public declaration. Have you heard one of these? Of course, this doesn't exclude a campaign of dirty tricks or covert interfearance like the US involvement in Afghanistan in the mid 80's.

    Secondly, the US and Australia are firm allies. This doesn't mean that each country isn't soverign, and sometimes their national interests clash. However, it is on nothing as important as national security. Remember that Australia hosts some important US satellite bases on its soil. Now, of course, the US military will not grind to a halt without these bases, but they are important "assets".

    Finally, invasion of Australia from the north is a subject that has engaged the brains of Australian military planners for a long time. Summary: it would be extremely difficult and probably couldn't be done by anyone except the US itself. Remember that after the city of Darwin on the coast, to the south there is 2000km of really nasty desert. To the east there is 2000km of really nasty crocodile infested tropical rainforest. Logistics for supporting an invasion over that kind of terrain is Australia's defense.

  • > There is a pronounced 'i' in "aluminium", In fact Aluminum and Aluminium came into existence at about the same time, thus both are correct. Read Bill Bryson's "Made in America" for an excellent history of American English - and America.
  • Almost exactly the same GNP and growth rate.
    India has about 50 times as many people
  • You forget such things as "level of corruption" and "openness of economy".

    How about "per capita GNP".

    I agree with your sentiment though.
  • Well he seems pretty sure that no one has breached their outside firewall. How can he be so sure though?

    Similar to: 90% crime is never reported -> 90% of hackers are never detected...

    I can understand the reason for using a Multilayer firewall to build a secure demilitarised zone in your network, but if you are accepting incoming packets through both firewalls to your internal network then the method of exploiting is exactly the same, say, as if you have 1,3 or 100 layers of firewalls, because the packets will pass through them all (assuming they match the firewall criteria as valid packets)

    I expect plenty of hackers are now also armed with the extra information that there is another firewall beyond the first, because if they get access to a host within the demilitarised zone they now know what to look for (another firewall).
  • Making this into a media-thingie about "US attacking australia" is absurd. The .mil box was obviously cracked. Some scriptkiddie playing around with a remote-exploitable bufferoverflow-script-thingie that the military has been to lazy to plug. Then the australian site was attempted for some reason. Maybe some australian from the 'attempted cracked domain' had @ status on some big IRC channel..


    --
  • uh eh?

    ermmm... yes, right, hmmm....

    did you forget what you were reading?

    and....

    Japan - no nukes? ha, you DO make me laugh..., plenty of nuclear, perhaps no nukes...
  • this is a possible. I dont know if any slashdotters at the moment realise australian troops are in east timor enforcing the peace. This could be an indonesian 'crack' posing as a US IP.

    Blah. Blindspoofing a tcpconnection isn't exactly easy. So my guess is that spoofed ip packets are out of the question. The american military got a box cracked again. Or maybe they forgot to close their wingate.

    And if you don't think this is a realistic explanation, then start using IRC and visit a couple of "eLiTe takeover-kiddie-channels". you'll be surprised when you see how many who uses .gov and .mil domains.


    --
  • I assume US military installations have at least a firewall protecting us from them?

    Why should they filter outgoing packets?

    And, no, I don't think all US-.mil sites filter outgoing packets. Not when you think about the amount of .mil domains you see on irc during a year. Scriptkiddies have a tendency to 'brag' by using them as vanitydomains.


    --
  • its trivial to spoof your IP into a different ADDRESS when portscanning a box...

    You've got to get packets back to yourself, to get to know what ports are open. In other words -- it's not that easy. You've got to be "in between" so that you can packetsniff the packets coming from the host you're scanning, and the address you've spoofed.

    (correct me if i'm wrong)

    --
  • 1. a military host was compromised [..] or,
    2. the US Army decided to audit [..] Quite frankly, I hope it's the latter.


    But, it's probably the first alternative that's correct. The US military have thousands of *nix'es up'n running, some for years without any upgrades. There are bound to be hundreds of easily crackable boxes in the .mil domain.

    and the .gov domain .. oh, don't get me started. I'm getting tired of all the EFNet scriptkiddies bragging by using .gov-domains as vanitydomains.


    --
  • Now if one of those systems was an NT box, or a socks5 proxy (perhaps an open insecure wingate) with open access, then there would be little chance of the hacker/cracker being found.

    My guess it that he did two or three bounces via insecure @home boxes. (there are hundreds of open wingates there..) Then via some .gov domain - to a .mil domain (so that the .mil wouldn't get too suspicious) - and then finally to australia.

    Of course, just a guess, but thats what I would've done if i wanted to go on a cracking run. (@home really should start blocking port 23, 1080 and so forth)


    --
  • That's not a reasonable comparison unless you count attempts, as well.

    While I kept a box on the local Ethernet for four years, there were no successful breakins. On the other hand, considering that almost all the "attempts" were simple probes (as in: "let's portscan 128.2.*.*" etc), it wouldn't be fair to say that my box was more secure than, oh, one with a full-time sysadmin auditing the code. It simply wasn't targetted as much as a .mil box would be, for instance.
  • Spoofing is very real, and if you believe otherwise, you're being illogical.

    Either there need to be a cracked host in the route between the .mil box and the australien box, or a cracker resided on the same LAN (non-switched..) as the .mil box, or the australian box. if not, the only possibility would be blindspoofing -- and since that is next-to-impossible to accomplish on the net (due to lag, and pretty random numbers used in the handshakes) -- we can pretty much rule that out.

    And, since I guess the .mil is connected 'straight to the backbone' -- and the australian site the same .. I really doubt any of the backbone routers are cracked -- and -- I really doubt any of them are on unswitched networks.

    Therefore .. american military has a crackec box..


    --
  • Also, spoofing should be possible in one way attacks, like some denial of service attacks.

    DoS attacks cannot really be called 'cracking' ;)

    SYNflooding / smurfing / udp-flooding with spoofed sender-addresses is nothing new. But I really, really doubt that is what this is all about.


    --
  • The real question here is what the hell is the ASX database doing connected to a public network at all? Firewalls or not, a database that can be harmed by tampering doesn't belong on a public network. The ASX is just airing its bad security practices.
  • Hey Phil-

    OSI is on its way to your cube...I suggest you panic and run.

    Dunno about AFRL but HQ AMC/SC reads. Well, at least one of his staff weenies does.

    ObArticle: [...]associated with military activities[...]

    This is pretty vague. I don't necessarily read *.mil here. It could be MITRE, or RAND, or a DoD host. I suspect that somebody (maybe an Aussie) broke into the host to perform the attack. If we were really trying to mess up ASX, I assume we'd do it through a front. At least, I hope so.

    Next article: Host associated with US Military Posts to Slashdot

    Neutron

  • And then they try to swamp the market with their hormone infested american beef.
  • ...the attack came from a .mil IP? All the article says is that it came from "a US military installation". That could mean the attacker was actually some kid whose dad is stationed on an Army base in Nevada.
  • > You've got to get packets back to yourself, to
    > get to know what ports are open. In other words
    > -- it's not that easy. You've got to be "in
    > between" so that you can packetsniff the packets
    > coming from the host you're scanning, and the
    > address you've spoofed.
    >
    > (correct me if i'm wrong)

    What's often overlooked is that 'in between' can be *either* in between the scanner and the victim or the victim and the spoofee. If you do the second part, it's more likely that you'll have a case of denyability if you're also the spoofee if you can route the replies to the spoofed packets out-of-band.

    "We were sniffing our network that day because we seemed to be under some sort of attack, here're the logs and you can see that we didn't send any traffic out, it must have been spoofed" is possibly a good defense in such situations, especially if the spoofee is say a college network with a significant number of hosts and shared media.

    Paul
  • The real question here is what the hell is the ASX database doing connected to a public network at all?

    Eh. Say you run a company. Your server serves vital information to your employees - so that they can do their work. Your employees also need to use the internet.

    Ok, what do you do? Well, you put everything on the same network, and make a hell of a firewall. You should be able to connect out -- but nobody should be able to connect from the outside to any of your machines. If you need a machine to be accessible from the internet, you put it outside the firewall -- or enable special rules for that machine. Furthermore, that machine should now be treated as 'non-trustable' by the rest of your network -- so that if it gets compromised, the rest of your network should not suffer at all.

    *puh*

    In other words -- the moment you put the host behind a secure firewall, it's not on a "public network" anymore. Now the next question is "what on earth may be looked upon as a 'secure firewall' -- does it exist?



    --
  • Actually I always thought it's the berlin DAX, at least that's what the BBC always reports. German news reports about 6 different exchanges throughout the country from each major city. Not all the exchanges are in on city like New York.

    -----
  • > and since that is next-to-impossible to
    > accomplish on the net (due to lag, and pretty
    > random numbers used in the handshakes) -- we can
    > pretty much rule that out.

    (A) You're missing the fact that TCP isn't the only protocol you can blindly spoof. So, if we're talking about spoofing in general, there's a UDP and ICMP-sized hole there waiting for poorly written applications.

    (B) Lag has _nothing_ to do with a blind spoof attack, since you can either flood the spoofee or pick a host that's behind a network that doesn't report unreachables.

    (C) Very diffuclt to predict sequence numbers are a relatively new occurance. I wouldn't bet my hard-earned money on everything using them either.

    (D) Why are you ok with cracked end-boxes, but not
    anything cracked in the path? You wouldn't believe the number of poorly administered routers, older routers with vulnerabilities, and new Web browser configuarble routers set up by morons.

    Your conclusion is probably correct, but your premises are flawed.

    Paul
  • I'd heard (no I can't find any corroboration for this at all :-) that the reason it is spelt aluminum in America is that someone made a typo when doing a patent application. May well just be a UL, but for what its worth I heard it from some US academic speaking at a graduation dinner at an Australian university.
  • (A) You're missing the fact that TCP isn't the only protocol you can blindly spoof. So, if we're talking about spoofing in general, there's a UDP
    and ICMP-sized hole there waiting for poorly written applications.


    This is of course well known to the australians. You've got to be pretty damn stupid if you say that someone was involved in attacking you -- because of the sourceaddress of icmp / udp packets (or tcp-syn packets). I assume that we're talking about a successfull tcp-handshake. If not - I don't get why this got into the media at all.

    (B) Lag has _nothing_ to do with a blind spoof attack, since you can either flood the spoofee or pick a host that's behind a network that doesn't report unreachables.

    Very wrong. If you've followed bugtraq the last week or so, you would've noticed the "bug" in the linux 2.2 kernel that makes blindspoofing easy on a network with little lag. On the internet the blindspoofing would be difficult, because of lag. Also - if i remember correctly - the two machines would need to have quite syncronized clocks.

    (C) Very diffuclt to predict sequence numbers are a relatively new occurance. I wouldn't bet my hard-earned money on everything using them either.

    Any recent tcpip implementation should should have difficult to predict sequence numbers. I don't know how older systems works, so you're probably right.

    (D) Why are you ok with cracked end-boxes, but not anything cracked in the path? You wouldn't believe the number of poorly administered routers, older routers with vulnerabilities, and new Web browser configuarble routers set up by morons.

    I have a tendency to believe that most core-routers are well-configured. Of course, there are extreme amounts of poorly administered routers ... but are there extreme amounts of poorly administred core-routers?

    Of course, it may be that I'm not paranoid enough about THIS. :-)


    --
  • Information is a tool. It doesn't take a genius to realise that the ASX generates a hell of a lot of information and that there are many people tapping into it (or perhaps you think someone is typing in all those stock tickers).

    An ASX separated from the outside world would be much less useful.

    Oh, and what part of the article mentioned 'the ASX database' (whatever that means!) and what bad security practices does it reveal?

    Surely you aren't suggesting that using multiple firewalls is a bad idea?
    The Great Chunder Page - Alcohol Induced Fun!
  • Oh yeah, I'm sure that now crackers are 'armed' with the knowledge that there are more than two firewalls they'll be into the thing in minutes.
    I mean, multiple firewalls on something pretty important to the economy, who'd a thunk it?


    The Great Chunder Page - Alcohol Induced Fun!
  • I think PurpleBob was making reference to the Australian internet censorship situation.
  • Oh no, look out. Yet another hack attempt comming from a military outpost or educational institution.
    Who woulda thought? (Gee) Sure is hard to bust into these mammoth vaults that have similar securities to... "A brick of swiss-cheese". Get with it clan. People have been using military systems and ARPANET for years as not only a target, but a drop point to break into other systems. Not very much news here. What would be the icing is if someone found out it was Kevin Mitnick.

    Stick a fork in it: ding I'm done.

    -Bf
  • Hello, I don't want you to think that I am some paranoid phreak. But whom in this country (US) likes to attempt unauthorized and unsanctioned cracks on other country's boxen. Anyone remember the little TLA referred to as the NSA.

    Why? Well why not it, was a challenge to their skills and it can give them an insight to depth of security other countries implement.

    Why make it appear to originate from a US military installation? Because then it would be easily dismissed as a spoof attack. Because we all believe the US Military is neither intelligent enough to attempt to crack the system, nor do we believe they are stupid enough to try. Also with all of the compromised US military boxen it gives the military a perfect out. This way no one gets blamed except for the Airman acting as sysop over that box who just got demoted for failure to secure it and almost causing an international incident.

    Remember US intelligence agencies do some pretty harry stuff afterward they can then classify it without fear of reprisal. Because remember, it is for the sake of national security. Well, that and there is no one in this country with balls enough to keep them in check.

  • The same authority that gives them the right to dictate other country's internal policies.. pure arrogance.
  • I think the security analysts at the ASX would have checked this out pretty thoughly before they made any claims liket this about the US military. It's a serious claim and I'm sure they checked it seriously before alerting the media and making formal complaints to the US government. Note they're not blaming the US military the attack just origninated from a US military institution. It's not the Aust. media, the head of the ASX made these claims.
  • For the younger generation. Read Clifford Stoll's book "The Cuckoo's Egg". It will shed a bit of light on the abilities (or lack there of) of the US government.
  • It was a joke dude!
  • Story One: "US Military launches Minuteman II Missile from Vandenburg Range in the general direction of Australia. US claims that the missile was 'modified' to prevent nuclear detonation, and anyway, they shot it down with an ExoAtmospheric 'kill' Vehicle. Not many hurt." Story Two: "US Military Installation in Western California launches attack on Australian Stock Exchange Server. Not many hurt" Just what have you guys got against the Aussies anyway? If I were Australian I'd be starting the get paranoid. Feed The Hungry. Save the Whales. Free the mallocs
  • Story One:

    "US Military launches Minuteman II Missile from Vandenburg Range in the general direction of Australia. US claims that the missile was 'modified' to prevent nuclear detonation, and anyway, they shot it down with an ExoAtmospheric 'Kill' Vehicle. Not many hurt."

    Story Two:

    "US Military Installation in Western California launches attack on Australian Stock Exchange Server. Not many hurt"

    Just what have you guys got against the Ozzies anyway? If I were Australian I'd be starting the get paranoid.

    Feed The Hungry. Save the Whales. Free the mallocs
  • What, HQ/AMC reads Slashdot. That can't be right, that would mean that someone there has a clue. Not my experience at all. Then again maybe I'm just bitter.
  • Well you would be wrong. The name arose from the material it was originally extracted from: "Alum". The metal's name came from this on both sides of the Atlantic.
  • can you say script kiddiez w/ telnetz? Of course I keep getting more curious what good ol' Uncle Sam is doing behind that curtan. And again as always that was a CRACKER not a hacker, im creating a .sig that says that now.

    Did you mean 'hacker' or 'cracker'?
    Do you know the diffrence? I don't think you do.

  • Not only that, every time I end up with Australia in RISK, I end up kicking ASS!

    "The number of suckers born each minute doubles every 18 months."
  • I wasn't talking about the military; in the article an IT guy for the Australian stock exchange mentions multi-level (or something to that effect) firewalls. Think NYSE and all their computer gadgetry, which is light years ahead of anything the US military has, except for maybe a few exceptions for code-breaking or whatever they do.
  • I am still waiting for an American politician to admit he does not believe in god,

    His name is Governor Jessie Ventura.

    Or that drugs should be legalized.

    His name is Governor Jessie Ventura.

    oh, and he also wants to legalize prostitution.
  • was, last time I heard, not an Australian
  • and like no American would ever make a comment without adhering to a burden of proof? ;P
  • Hmm, AsiaPac recently had a financial meltdown as very much in the throes of recovery.

    The ASX survived pretty well and was one of the very few that did. If we fell on our arses now, I can guarantee you in the US would feel the effects.

  • What are you talking about? The border of the first world ends at Mexico and Canada! :)

    *Removes tongue from cheek*

  • Don't know if it was mentioned by anyone else yet, but that piece of info about the crack coming from a US.mil installation was provided by a suit. I watched the program and he was supposed to be expounding on the new installation of boxen to run the ASX and got drawn on a comment he made about security. He mentioned they get lots of script kiddie style attacks, but said they got a couple of serious attacks recently, one local and one that "appeared" to come from a a US.mil box, but there was certainly no clarification ("Business Sunday" certainly isn't up to discussing spoofed IPs and compromised hosts).

    cheers
    marty

  • If you are australian I hope you watched 60 minutes, they were over there to interview someone and when they introduced themself they were told that the person wouldnt talk to them and made some threat, also how many times does your embassay have to be shot at , in the space of 2 days,for you to know that there is some extreme hostatility

    I believe they wouldnt have to come to Australia, they are believed to have missilies which can reach Darwin

  • With all due respect. BIG DEAL. So someone doesn't like Aussies. No-one likes everyone.

    $sarcasm on$
    The English don't like the Germans. The Belgians don't like the Dutch. Many people don't like the USA. No one likes the French.
    $sarcasm off$

    But really, it doesn't matter at all whether Indonesians as a race like or dislike Aussies.

    What matters somewhat is a country's official foreign policy. What matters a lot from Australia's point of view is the US's official foreign policy. This real-politik has served Australia well since the war.

    I agree that having your embassy shot at is not great. However, this is why the people representing Australia over there are called "diplomats". They are supposed to be diplomatic about these kind of things.

    If embassies are consistantly shot at, to the outside world, the host nation just looks incompetent for not being able to keep peace on their streets.

    Finally, everyone in politics (even Nth Korea) realises that the firing of a missile which hits a foreign country is an act of war - and these days will probably get a multinational force arrayed against them. And anyway, why would Indonesia provoke a shooting war that they could never win with one of their biggest trading partners?

"The whole problem with the world is that fools and fanatics are always so certain of themselves, but wiser people so full of doubts." -- Bertrand Russell

Working...