Law Enforcement Altered r00t-y0u Frontpage

| | Comments (0)
"We're just letting these people know that law enforcement has been watching them....and action will be taken" A Policeman making the biggest mistake of his life

Not so long ago, had a rather bizarre message posted to the frontpage of the forum which read:

This underground form has been monitored by law enforcement - every post, private message and all registration information has been captured. All member IP addresses and have been logged and identification processes are now underway.

The creation and distribution of malware, denial of service attacks and accessing stolen information are serious crimes.

Every movement on this forum has been tracked and where there is information to suggest a person has committed a criminal act, referrals will be forwarded to the relevant authority in each jurisdiction. There have already been a number of arrests as a result of current investigations. This message should serve as a warning not to engage in criminal activity.

At the time, we wondered if this was a typical prank being played by a leet hax0r - it's not uncommon to post up fake "THE FBI ARE WATCHING YOU" messages on forums, either as part of April 1st fun or because the site has been owned. The very thought that actual law enforcement would do something so dunderheaded was dismissed as a bit of a joke - and believe me, I've seen my fair share of law enforcement dunderheads.

However - hat-tip to Graham Cluley - if you go here (a documentary currently doing the rounds on Australian TV) and forward to about 38:00, you'll see something so utterly stupid it defies description.

"Hi gents, how we going", a policeman says as he walks over to a bunch of (clearly excited) boys with their toys, ready to unleash Hell on those evil script kiddies.


"What we're going to do, we're going to make a telephone call then post a message on this forum".

They then do the unthinkable - they actually have an Admin at the other end of a phoneline post THIS:

r00t-y0u_pwned.jpg the frontpage.

The idiocy involved in this action is staggering. Are they naive enough to think the forum users suddenly started to flee in terror? Apparently so:

"The chances of obtaining any more information were blown - but it would create fear and paranoia among the cyber crims"

Oh dear. "Fear and paranoia"? Really? Unless there was a worldwide sting that rumbled into life the moment they posted this - and "referrals will be forwarded to the relevant authority in each jurisdiction" suggests otherwise - then all they achieved is two things:

1) They caused hundreds or thousands of script kiddies wonder why the site admin was rolling out his April fools gag in August, then go back to regularly scheduled programming elsewhere and

2) They caused hundreds or thousands of script kiddies to burn, shred, wipe or otherwise destroy their hard drives along with any and all evidence they ever built up during their hacking escapades.

Take a forum down, sure - but DON'T tell the World you just did it without covering your tracks and don't assume they don't have a ring of fallback forums to go to while the main site is down. Doing something like this means other researchers and law enforcement don't catch their targets at Points B, C and D because they already know they're being watched and have wiped all the evidence.

I've written about plenty of forum takedowns, but I've always been careful to remove site names in the blogs, or edit them out completely, or make it look like I was talking about one place when in reality it was a completely different site. To this day, there are some extremely big forums that have no idea I was involved even though details of the takedown (along with lots of screenshots of people pretending to be leet) were all over the place.

The end result is that the bad guys who want to keep on playing at bad guys continue to be watched while the part timers fall off.

This? This is assisting people to not get into trouble and an amazing lapse of judgment by one particular group of law enforcement officials. Police don't tip off bank robbers that they're about to be caught in the act, and I don't understand why warning people potentially thousands of miles away is acceptable where cybercrime is concerned. It seems the police have already tasted a bit of payback as a result of their momentary lapse in common sense and you can bet more will follow...

Leave a comment

About this Entry

This page contains a single entry by Christopher Boyd published on August 18, 2009 10:15 AM.

Two Facebook Threats In One Day... was the previous entry in this blog.

Twitter Profile Image Spam Messages is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.