The hacker known as S3rver.exe managed to breach the official website of the International Police Association of Australia (ipa-australiapolice.com.au), defacing the Houses domain.“I hacked it just because I felt like it :D. Because of [expletive] too much politics,” S3rver told us. “I have access to all their clients and their info.”
On this occasion S3rver was aided by another hacker called 3xpl0it.c.
“3xpl0it.c helped me data mine the site and scan it. He is learning software hacking, he is learning from me. But he is good at phone tapping and hardware hacking. Like, you know when they are building roads and there is a sign in big yellow thing like it says "Road Work ahead”. He can hack that :)” he explained.
A Pastebin paste made by the hackers contains the site’s database structure along with names, usernames, email addresses and password hashes.
The hackers claim that they have warned International Police Association representatives that the site contains some serious vulnerabilities, but apparently they did nothing to secure it.
“3xpl0it.c contacted them by email 1 or 2 days ago to tell them that the site is vulnerable, but they didn’t listen. They didn’t answer back at all. Or maybe they didn’t know how to fix it,” S3rver added.
The hackers also tried to root the servers, but apparently it can’t be rooted.
“Now that I got their attention I will mail them to tell them where the vulnerablity is :). My message to the Police Association is: Lol! I told you to improve your security :D , next time secure yourself!”
Minutes before this article was published, administrators began fixing the site, but according to the hacker the security hole was still there. Furthermore, S3rver stated that while he was in, he noticed that another hacker was also probing the website.
“A script kiddie used the logins I leaked and defaced it again right after the site was restored,” he concluded.