Pages

Monday, 9 November 2015

Police Raided Researcher Link From Script Kiddie Opened

An American system and security researcher who has lived in Austria had to deal with a police raid after his own words opened a link from a script kiddie. Christian Haschek decided to visit an IRC channel of the hacker collective Lulzsec.

There he made contact with a boy who had discovered Nikto, a tool to help search automatically for vulnerabilities in Web servers. "It was a nice guy, but obviously a script kiddie, so I did not too long talk with him," said Haschek. A few hours later he was approached by the boy through a private chat and was sent to a link. It was the address of a political party behind it a directory called 'tools'. Directory listing was switched so that all files in the directory were visible. The researcher claims to have a number of files opened, but it seemed to him as a folder where the webmaster had placed a number of files that may have been linked elsewhere on this website.

Because Haschek only wanted to chat on IRC he used to have no VPN or proxy. "And usually I open any links, but in this case seemed to link legitimate and not suspicious." He thought therefore no more about it until the next day he read in the media that the website of a political party was hacked. The same website that he had visited the night before. The attacker had usernames, email addresses and hashed passwords found and posted on Pastebin. "The kiddie had clearly found an exploit in the tools directory and used to access the server," says the researcher.

Police raid

Four months passed and Haschek had already forgotten the incident until he came home and the police anti-terror officers and a prosecutor encountered. The police claimed that they had evidence that he had hacked the website of the political party and they had a search warrant. "They thought I was the script kiddie and that my VPN any time had not worked and she therefore saw my public IP address." The police also asked for his password and encrypted data that he had on his computer, which was not the case.

Haschek stated that he had only the link from the script kiddie opened and that he had not used a VPN because he had done nothing illegal. The police revealed the investigator to have followed for weeks and drained in order if possible to identify the leaders. Eventually took all his computers, hard drives, USB sticks and laptops. In addition, he was told that his property would probably recover a year later. When the incident occurred not know exactly Haschek late, but he reports that he is indeed back a year later got everything.

Dropbox

"By a happy coincidence, I had all my personal and business files a few days before the invasion put in Dropbox," he observes. The police let the investigator know that they cloud data not like it, because they have to get an international warrant to retrieve the data to Google or Dropbox. Eighteen months after the incident, the Austrian Public Prosecutor's Office decided to drop the case to Haschek nothing was wrong. However, he had to buy a new computer because the police who held him so long. In addition, he found one of his USB sticks a Word document containing a photograph of someone. The Word document was not of the investigator and he suspects that the Austrian police file accidentally posted on his USB stick.However Haschek has learned his lesson. "Do not open links from random people on the Internet."

No comments:

Post a Comment