Self-Proclaimed LulzSec Leader Arrested In Australia 127
New submitter AlbanX writes "An IT professional working in Sydney has been arrested for hacking a government website as part of the LulzSec movement. The 24-year-old man, residing in Point Clare, was arrested at his workplace late yesterday. He claimed to be the leader of the hacker movement. 'Police say he was in a "position of trust" within the company and had access to information on government clients. The AFP says its investigation began less than two weeks ago when investigators found a government website had been compromised. The man has been charged with two counts of unauthorised modification of data to cause impairment and one count of unauthorised access to a restricted computer system. He faces a maximum of 12 years in jail.'"
Re:Oh Really? (Score:3, Interesting)
What the AFP claims is a total lie.
"He was a low-level support tech who was on a three-month probation,” Wurth said. “He had no access to any type of customer data apart from support tickets" [itnews.com.au]
So essentially a script kidding working a low level tech support job. Not exactly a criminal mastermind.
Re:Oh Really? (Score:2, Interesting)
Re:Oh Really? (Score:2, Interesting)
I used to work for a public sector body who gave their first line support peons (wheter outsorced or insourced) domain admin accounts. They 'required' this in order to fix issues remotely, but the higher-ups didn't understand the full extent of the access they had, and the lower-downs I guess didn't feel the need to restrict their access by telling them. The security guys were pointless.
We were going through a restructure, and I knew a bit about the document management system because I had to fix issues with it. I knew that all the files in that 'secure', 'auditable' database-driven software were held on a windows server in a windows file system which was shared, and you could access ALL CONTENT if you logged on to that server with your admin account and browsed the files. The files were gobbledigook names, but every file was stored in a directory named after the username of the uploader. So simply, we were able to browse the top level director who we knew was working on the restructure, find the latest edited versions of say, an excel spreadsheet and a visio diagram, and check out the future proposed org chart in draft. There was no audit on this. I felt ill with guilt the whole time I did it, but I wanted to know, damnit, and they were treating us like shit. So I stole the data, and was able to prepare my response once they finally announced the random manager they were planning to assign me and that salary and grade they were putting me at (oh and all my colleagues, too).
It is just an example of how clueless people are - even the trained 'security' guys and 'administrators' of software that these people deploy. Often the underlying way these crappy tools work is... crappy. Anyone with half a brain could have done this, and I managed it with only a quarter of one ;-) I feel bad that I didn't tell them before I jumped ship. I could access the CEOs docs if I wanted to. I didn't, because the whole thing made me scared shitless!