| _____________________________________________________________________ Other Reports
*As the
cases are classified, CyberPol can only reveal a general
picture of what
actually happened. The hardware, software, other related
technology and the names
involved are confidential.*
The
Singnet Hacker
In 1999,
the Phoenix hacking tracking system, the Phoenix Warbird,
went operational
on the Internet. Shortly after its online status went
active, The Phoenix Warbird
detected a probing and an intrusion attempt from a
hacker. The alarm was sounded
and the IP address of the hacker was immediately
logged. Phoenix sent a very stern
warning over to the hacker and also identified the hacker
as a singnet user.
The
Cyberway Hacker
In another
incident in 1999, The Phoenix Warbird once again went
active online to
lure intruders. A hacker was detected and his IP
address was logged. He was identified
as a user from Cyberway probing vulnerable PCs. He
too was issued a very serious warning.
The
Malicious Yahoo E-mail Abuser
In the
year 2000 A.D., Phoenix received a distress plea for help
from a family in the USA.
A hacker had sent malicious e-mails to other parties
using their family's yahoo e-mail
account, causing the state police to question the
family's daughter. Phoenix suspected
that the hacker either forged the sender's address or
actually gained access into Yahoo's
e-mail account. After extensive investigations, analysis
and experiments, Phoenix concluded
that the hacker actually had the password and gained
unauthorised access into the family's
Yahoo account. An important clue was that the suspect
possessed an e-mail stating that
the attempt to send out malicious e-mails was
rejected. This led Phoenix to conclude that
the suspect must have gained access to the family's
account and received the rejected e-mail.
The suspect never expected that what he/she
possessed on hand could be used as evidence
against him/her. The family's Yahoo account was
shut down to prevent further unauthorised
accesses. The state police was unable to prosecute the
family's daughter due to lack of evidence.
Phoenix
WarBird Detected and Tracked More Hackers in the month of
July/August 2000
In the
month of July and August, the Phoenix Warbird went
operational again, this time
there were 24 attempts by 4 hackers to hack into PCs in a
single night. They were detected
and tracked. These are the details:
First
hacker (a user of Singnet using ICQ):
Whois
Server: whois.geektools.com
Query: 165.21.208.19
Registry: whois.arin.net
Results:
Singapore Telecommunications Pte Ltd (NET-SINGNET)
31 Exeter Road
Singapore, 239732
SG
Netname: SINGNET
Netnumber: 165.21.0.0
Coordinator:
Owner of Domains (OD-ORG-ARIN) hostmaster@SINGNET.COM.SG
+65 / 4722580
Fax- +65 / 4753273
Domain System inverse mapping provided by:
DNSSEC1.SINGNET.COM.SG 165.21.83.11
DNSSEC2.SINGNET.COM.SG 195.13.10.226
DNSSEC3.SINGNET.COM.SG 165.21.100.11
Record last updated on 04-May-1999.
Database last updated on 2-Aug-2000 06:06:51 EDT.
Results brought to you by the GeekTools WHOIS Proxy v3.0
Server results may be copyrighted and are used with
permission.
Your host (165.21.175.152) has visited 5 times today.
2nd Hacker (a user of National University of
Singapore)
Whois
Server: whois.geektools.com
Query: 137.132.95.74
Registry: whois.arin.net
Results:
National University of Singapore (NET-NUS)
10 Kent Ridge Crescent119260
SG
Netname: NUSNET
Netnumber: 137.132.0.0
Coordinator:
Domain Admin (DA18-ORG-ARIN) CCEWANAdm@NUS.EDU.SG
+65 8748026
Fax- +65 7780198
Domain System inverse mapping provided by:
ID4.NUS.EDU.SG 137.132.123.4
NUSCC.NUS.EDU.SG 137.132.5.2
DNSSEC1.SINGNET.COM.SG 165.21.83.11
DNSSEC2.SINGNET.COM.SG 195.13.10.226
Record last updated on 18-Jun-1999.
Database last updated on 2-Aug-2000 06:06:51 EDT.
Results brought to you by the GeekTools WHOIS Proxy v3.0
Server results may be copyrighted and are used with
permission.
Your host (165.21.175.152) has visited 6 times today.
Third
hacker (a user of Singnet using Ping)
Whois
Server: whois.geektools.com
Query: 165.21.89.12
Registry: whois.arin.net
Results:
Singapore Telecommunications Pte Ltd (NET-SINGNET)
31 Exeter Road
Singapore, 239732
SG
Netname: SINGNET
Netnumber: 165.21.0.0
Coordinator:
Owner of Domains (OD-ORG-ARIN) hostmaster@SINGNET.COM.SG
+65 / 4722580
Fax- +65 / 4753273
Domain System inverse mapping provided by:
DNSSEC1.SINGNET.COM.SG 165.21.83.11
DNSSEC2.SINGNET.COM.SG 195.13.10.226
DNSSEC3.SINGNET.COM.SG 165.21.100.11
Record last updated on 04-May-1999.
Database last updated on 2-Aug-2000 06:06:51 EDT.
Results brought to you by the GeekTools WHOIS Proxy v3.0
Server results may be copyrighted and are used with
permission.
Your host (165.21.175.152) has visited 7 times today.
Fourth
Hacker (a user of Singnet)
Whois
Server: whois.geektools.com
Query: 203.124.1.166
Registry: whois.apnic.net
Results:
% Rights restricted by copyright. See
http://www.apnic.net/db/dbcopyright.html
inetnum: 203.124.0.0 - 203.124.3.255
netname: SINGNET-MSN-SG
descr: Singapore Telecom/Microsoft Network
country: SG
admin-c: SH9-AP
tech-c: SH9-AP
mnt-by: MAINT-SG-SINGNET
changed: hostmaster@singnet.com.sg 19990601
source: APNIC
person: SingNet Hostmaster
address: SingNet Engineering & Operations
address: 2 Stirling Road
address: #03-00 Queenstown Exchange
address: Singapore 148943
phone: +65 7845922
fax-no: +65 4753273
e-mail: hostmaster@singnet.com.sg
nic-hdl: SH9-AP
notify: hostmaster@singnet.com.sg
mnt-by: MAINT-SG-SINGNET
changed: shafiah1@singnet.com.sg 19991222
source: APNIC
Results brought to you by the GeekTools WHOIS Proxy v3.0
Server results may be copyrighted and are used with
permission.
Your host (165.21.170.14) has visited 3 times today.
|
