some things about the fedpol hacking
Just back from holidays and more busy with backing up stuff than getting back to the actual deer state of the internet security in Belgium.
When the lone stupid young hacker was arrested the day after he hacked the forgotten website from the police (during lunch hours) he surely got the attention of the press - and as ususal the press felt silent afterwards. The press is only interested in the picture, the comical story effect of the act and is not asking any critical questions.
You can ask questions like
- are there many sites hacked in Belgium every week ? Yes there are. You can find a history and a fresh line up on http://be-hacked.skynetblogs.be
- is somebody actively informing those webmasters that they are hacked and that they should clean up their act ? No. I have done it sometimes but it sometimes takes too much time or even an agressive response. The reason is that nobody is taking any responsability for anything here.
- Are websites that are being hacked and stay hacked taken offline or blocked by the ISP's to protect their users ? No and even if Google is starting to block some hacked websites, they don't do it for all, even if I find them based on search words I use in Google.
- Are hackers being prosecuted or are ISP's trying to block access to and from control- or attackcenters on Belgian websites ? Sure not, who cares ?
So the SANS formed technician from the Belgium internet crime center didn't have to much trouble finding the stupid press hungry hacker and so he did what he had to do in the time-frame that it had to be done.
Let it be a lesson for anybody that reads and finds here security materials and guides. You can not under any circumstances use any of this stuff against any belgian infrastructure for which you don't have the explicit approval of the owner of the website and maybe of the infrastructure (if for example you are trying a DDOS or a DNS attack) .
For those who remember redattack. Well he is at home without work.
There is in Belgian no protection or exception for security researchers nor for white hackers and as far as I know there is also no sure way you can inform the people responsable of security wholes you have stumbled upon without putting yourself in danger. Maybe this is one thing to do for the next government. Or for the Computer crime center to reach out to the community.