It appears that several government websites have been hacked. Of interest is the NIS website which has been the subject of robust discussion in recent days – http://www.bginis.gov.bb/, http://www.lawcourts.gov.bb/, http://www.barbadospolice.gov.bb/images/, http://www.zone-h.org/archive/notifier=Xrapt0r, http://bao.gov.bb/
Subscribe to get the latest posts sent to your email.
Websites get hacked all the time, however several government websites hacked is NEWS. Why are the people being kept in the dark?
Cybercrime is a major problem and it seems like Barbados is not exempt from either a cartel of hacktivists or from lone wolf geeks who have a lot of time on their hands to wreak havoc on the inside of the so-called “FIREWALLS” set up by IT engineers which clearly falls short of what is adequate gateway protocols…
It is worrying because filing and paying VAT and Inland Revenue are now being done online.
Identity theft, credit card theft etc. etc. etc. ……….. oh France
@John
There is a view that the Inland Revenue went to online before it was ready.
@ DAVID
Maybe Chris Halsall would be better able to answer whether the systems in question were being run on Windows 2003 servers?
Is that INFO available?
@ David
Could the issue also be the necessary UPGRADES* that is needed to improve and protect the back-doors of the government key departments infrastructure???
I know government is USELESS* at allocating taxpayer $$$ but surely SOFTWARE* INFRASTRUCTURE is key to protecting national assets, securing top secret info and guaranteeing that critical information does not get into the wrong hands…
Maybe this breach of NATIONAL SECURITY* will wake up a few sleeping dogs!!!
@TB
Regarding IT in government it is known we face challenges.
@TMB… Yup, all WinBlows 2003. Probably haven’t been updated in years….
Interesting…
National Security , eh? For a few “secrets” that EVERYBODY knows about? REALLY?
As the world turns…
@ CH:
Here are some wonderful opportunities for you to make an important contribution to the local IT landscape. But CH, unless you are showing the stripes of the current boys in power it might be almost impossible for any IT Security Improvement contracts to come your way. In this place the award of contracts is solely dependent on political branding. It is not how competent you are but who you support politically.
What a waste of talent and technical competence in this little place that can hardly afford this luxury!
@millertheanunnaki… LOL…
The police have my contact details, and know what I can do. (I’m “white-hat”; I’m on their side.) I’d be happy to help if desired.
Note received:
From: James Bynoe, Senior Vice President for Cyber Security – Brownstone Consulting Firm (Washington D.C).
As a native of Barbados and international Cyber Security executive, the protection of the Caribbean’s Public and Private Information and Communication Infrastructures is one of the most serious economic and security challenges facing our region. Our ability to effectively ensure the Confidentiality, Availability and Integrity (CIA) of regional informational technology assets has significant economic and security implications for both the public and private sectors.
More than ever before a comprehensive regional Caribbean centric approach to Cyber Security is needed which takes into consideration the many technical, management, operational, and cultural nuances of the Caribbean.
It is important that we as a region start to view ourselves as a “single cyberspace entity” in order to leverage best of breed Caribbean centric cyber security best practices and lessons learned.
… thing is no matter how advanced the technology is there is always the possibility that somebody knows somebody who has the goods on somebody who can supply passwords!!
@James Bynoe: “More than ever before a comprehensive regional Caribbean centric approach to Cyber Security is needed which takes into consideration the many technical, management, operational, and cultural nuances of the Caribbean.
The good news is this is happening. ROK and I (and over 20 other people, including representatives from the RBPF) attended five days of “HIPCAR” meetings sponsored by the ITU and hosted by the Telecommunications Unit to review the existing cyber-crime legislation and how it should be modified to be more in alignment with other countries — not just within the Caribbean, but throughout the world.
Overall, what is already on the books is good, but will hopefully soon be even better.
@John… But a properly configured server shouldn’t even allow remote access beyond the “Admin LAN”.
Dedicated firewalls and IDS could and should have prevented this.
@ CHRIS
How do you explain the quantum sums of money spent on “LUXURY” ministerial cars and all the “FLUFF” used as window dressing for elected officials to “SHOW OFF” but moreover, the disgraceful spendthrift attitude of government throwing good “TAXPAYERS” $$$ at DEFUNCT* public works and other projects – yet refuse to “UPGRADE” existing 2003 WINDOWS SERVERS which would offset intrusions into INFO* regarding national security???
CAN SOME EXPLAIN THIS KINDA’ FOLLY?
@ DAVID
What kinda’ government you guys running down there?
@TMB… I do not *know* that the WinBlow servers had not been upgraded; I do not know the vector of the compromise.
But the fact that the copyright notice on the RBPF web site had not been updated since 2005, for example, suggests it wasn’t getting the regular attention an Internet accessible machine should.
But it is a truism that very few people think about InfoSec until after they’ve been hacked….
@TB
Servers can hacked all the time, even the your area of the pond.
@Chris
Is it fair to conclude from your last comment that information technology is treated as a low priority matter? If so how should we view the strategy of the police given the mouthings of Commissioner Dottin and his promise to the increase use of technology as a communications tool.
I have a hole in the tree in my yard where I keep my money
If I catch anybody near my tree -BOOM -bye -bye in a idiot boy head
@Chris
What should we read into several government websites targeted? Are all of these websites managed on the same server.
@David… As you said to TMB, servers are hacked all the time, including those of high-end security firms (for example, RSA).
As to your question, all I can say is: talk is cheap; implementation is expensive.
As an aside, half of the fifth day of the HIPCAR meetings was a closed-door session with five members of the RBPF. I found them to be very technically savy, and truly able to deal with Cybercrime.
But, as always, resources and ongoing training are needed for the entire police force in this ever changing new form of crime. Hopefully this experience will put an underline to this requirement; including the need for a formal Cybercrime Unit to be established.
@David: “Are all of these websites managed on the same server.
http://www.lawcourts.gov.bb and http://www.barbadospolice.gov.bb are on the same server.
bginis.gov.bb and bao.gov.bb are each on different servers.
We continue to run ministries with senior civil servants and permanent secretaries can not even turn on a computer, and feel very satisfied to walk or send documents or letters to be typed by stenotypists. Do you expect any concern about data security or anything to do with information technology. Furthermore, ALL secrets in ministries are readily available; try dismissing any one; he or she knows before the discussion is over. We need to put a little sign on our web sites: open to all, no need to hack; that should fix our security problem.
@David: “What should we read into several government websites targeted?
Sorry… Realized I’d only answered one of your two questions.
Two possibilities…
1. The Barbados IP range was scanned by a “‘bot” which found holes. We only have a few subnets — much smaller than the world’s approximately 2^32 aggregate IP addresses.
2. Someone decided that it was time to mess with the GoB.
It would be interesting to know if any non-government, Barbados based Internet services were also compromised (or, at least, probed). This would help differentiate between the above two possibilities.
@Christopher Halsall | October 13, 2011 at 10:07 AM |
@TMB… Yup, all WinBlows 2003. Probably haven’t been updated in years…
u speak as if it is expected that all govt IT system run on 2003. that is NOT SO. . it is interesting to note that the NIS, Police and The Court were the ones hacked. this leads me to believe this has nothing to do with easy access to the systems. When i first heard of the depts that were involved, i assumed that somebody was paying top dollars to get rid of some kind of serious evidence and they intended to removed all evidence, what the cost. it’s really fishy. but the problem still is that some departments run on 2003, 2007 and 2010. there is no unison
@David and “chocolate city hussle”…
I was trying to hold off on this, but you should consider compromised and possibly dangerous all web sites listed below:
81.221.214.205.in-addr.arpa. 43200 IN PTR worldnetball2003.org.
81.221.214.205.in-addr.arpa. 43200 IN PTR dlpstjamescentral.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR homebuildersguide.com.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR pickeringbarbados.com.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR stpaulsfiesta2003.org.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR businessclubbarbados.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR barbadosvillaservices.com.
81.221.214.205.in-addr.arpa. 43200 IN PTR starelectronicssecurity.com.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR childprotectioninthebots.com.
81.221.214.205.in-addr.arpa. 43200 IN PTR bwu.org.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR caa.com.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR itp.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR lei.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR nec.com.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR npc.com.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR rmg.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR rss.org.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR rta.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR ssl.candwall.com.
81.221.214.205.in-addr.arpa. 43200 IN PTR tmr.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR vsi.com.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR http://www.blpc.com.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR cimh.edu.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR csme.com.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR capfa.org.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR cartac.com.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR equity.com.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR sjwlaw.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR whweb1.candwall.com.
81.221.214.205.in-addr.arpa. 43200 IN PTR cssbdos.com.
81.221.214.205.in-addr.arpa. 43200 IN PTR impsltd.com.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR schools.org.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR stpeter.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR lawcourts.gov.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR netbussol.org.
81.221.214.205.in-addr.arpa. 43200 IN PTR stleonard.org.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR capitallaw.com.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR mancalbank.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR topupandgo.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR webhosting.candwall.com.
81.221.214.205.in-addr.arpa. 43200 IN PTR activestate.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR barbadosport.com.
81.221.214.205.in-addr.arpa. 43200 IN PTR gymnasiumltd.com.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR mariusbridge.com.
81.221.214.205.in-addr.arpa. 43200 IN PTR popsbarbados.org.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR refugeescamp.com.
81.221.214.205.in-addr.arpa. 43200 IN PTR e-net-secrets.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR gmcministries.org.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR jurischambers.com.
81.221.214.205.in-addr.arpa. 43200 IN PTR thompsonhenry.com.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR barbadospolice.gov.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR oldharrisonian.org.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR belcantosingers.net.
81.221.214.205.in-addr.arpa. 43200 IN PTR cctvplussystems.com.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR hamptonchambers.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR spsenquirypoint.gov.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR dessertbeautyinc.com.bb.
81.221.214.205.in-addr.arpa. 43200 IN PTR onthebeachntrack.com.
81.221.214.205.in-addr.arpa. 43200 IN PTR worldnetball2003.com.
And below…
17.244.212.204.in-addr.arpa. 38400 IN PTR http://www.youthaffairs.gov.bb.
17.244.212.204.in-addr.arpa. 38400 IN PTR landtax.gov.bb.
17.244.212.204.in-addr.arpa. 38400 IN PTR intranet.fireservice.gov.bb.
17.244.212.204.in-addr.arpa. 38400 IN PTR services.gov.bb.
17.244.212.204.in-addr.arpa. 38400 IN PTR bao.gov.bb.
17.244.212.204.in-addr.arpa. 38400 IN PTR mrd.gov.bb.
17.244.212.204.in-addr.arpa. 38400 IN PTR http://www.bao.gov.bb.
17.244.212.204.in-addr.arpa. 38400 IN PTR http://www.mrd.gov.bb.
17.244.212.204.in-addr.arpa. 38400 IN PTR http://www.landtax.gov.bb.
17.244.212.204.in-addr.arpa. 38400 IN PTR http://www.services.gov.bb.
17.244.212.204.in-addr.arpa. 38400 IN PTR http://www.fireservice.gov.bb.
@Chris
Why would the Barbados light & Power be on this list?
It appears the hackers didn’t attack the GoB so much as the local Internet Service Providers…
I suspect I will now have to retain yet another lawyer for daring to speak the truth….
@Chris
Please expand as much as you can.
@David: “Why would the Barbados light & Power be on this list?
Because their web-site is served from 205.214.221.81.
The rule (amongst serious InfoSec practitioners) is once a machine has been compromised it can never be trusted again.
@Chris
Where is 205.214.221.81.staged?
@David: “Where is 205.214.221.81.staged?
Barbados.
But you stated machine, what machine?
@David: “But you stated machine, what machine?
The machine (computer/server) that answered HTTP (port 80) TCP requests at IP address 205.214.221.81.
Much like the machine (computer/server) which answers HTTP requests for bajan.wordpress.com; which is currently at 76.74.254.123.
@Chris
Based on the listings you posted must we assume that 205 IP range is assigned to government?
@Chris
Ok, following you.
@David: “Based on the listings you posted must we assume that 205 IP range is assigned to government?
Absolutely not.
this thread is a bit dry-must be for techie nerds like CH
@kiki: “this thread is a bit dry
Have you considered the possibility that the world is not all fun?
Have you, further, considered the possibility that some of us enjoy complexity?
To David and Chris:
I smell a rat here; compromised a lot but throw in the police, the courts and the rss (regional security system). You go figure who benefits from such a compromise.
@lemuel: “I smell a rat here
Could you please tell us all EXACTLY what you mean?
To Chris:
That why you end up in court or have to retain a lawyer. When “searchers” are seeking information whether that information is about you the subject or your environment, it is normal to spread the net as wide as possible; hence the intended targets or targets are not obvious. Do you who funds the regional security system; it is a military arm for the caribbean. As we speak and type they know that we are typing and speaking.
@lemuel: “That why you end up in court or have to retain a lawyer.
You have no sense of humour….
To Chris:
Innocence is golden on your part; they know that I know; it is not golden on my part, and it could involve lots more than a lawyer.
The blogmaster invites you to join the discussion.