By Erika Morphy TechNewsWorld
10/05/07 12:17 PM PT
The U.S. government took down all of the state of California's government Internet sites this week in order to thwart a hack attack on Marin County's transportation authority site. Visitors to the county agency were being redirected to a porn site. The feds' decision was not "level-headed," said Shane Coursen, a senior technical consultant at security firm Kaspersky Lab.
How Much is 'Free' Costing You? Learn how DaveRamsey.com saw a 567% uplift in ROI with Omniture. This complimentary guide and webinar cover the most important factors in selecting an analytics solution. Download Now.
A compromised Marin County, Calif., Web site apparently prompted the U.S. government to temporarily shut down all of the state government's Internet sites this week.
Last month, the Marin County transportation authority Web site was reportedly hacked to redirect traffic to a porn site. Following several unsuccessful attempts to remedy the situation at the local level, the federal government, which owns the ca.gov domain, made the decision to shut down all of the Web sites with that domain for review -- a sudden and unexpected move that threw state operations into complete disarray.
Head Scratcher
It is unclear how a local county Web site hack attack led to the feds' decision to unceremoniously pull the plug on the state's entire Web operation. A public information officer with California's Department of Technology Services laid the decision at the General Services Administration's door, according to news accounts.
However it came about, it was not a standard operating procedure or best security practice, Shane Coursen, a senior technical consultant at Kaspersky Lab, told TechNewsWorld. "One of the key attributes of an incident response handler is to have a level head. Pulling the plug like that is not a level-headed decision."
Besides the security issues of a suddenly dark state Internet and the inconvenience to consumers whose preferred mode of state government interaction is the Web, going dark tipped off the hackers involved, he said. "You can destroy valuable forensic evidence this way and won't learn anything from the incident."
Local Security
An important lesson can be salvaged from the event, Dmitri Alperovitch, principal research scientist at Secure Computing, told TechNewsWorld. "Hopefully, the state will review all of its Internet security policies and make sure something like this doesn't happen again."
Alperovitch is referring to the original hack at the Marin County Web site, which apparently was woefully lacking in security safeguards.
"Government Web sites face the same problems that most businesses face, in that the number of vulnerabilities are enormous and their security tools are not well deployed. This event hopefully will raise awareness that anyone is vulnerable," he noted.
Indeed, governments are particularly vulnerable to hackers these days, said Rich Sutton, director of Labs at 8e6 Technologies, as their Internet security operations are typically underfunded.
"Especially at the local level, they are constantly playing catch-up with the day-to-day security tasks of keeping the system patched," he told TechNewsWorld.
At the same time, more hackers are focusing on slicing through so-called "trusted Web sites" defenses.
"Consumers have become savvier at recognizing fake Web sites set up to look like the real thing," Sutton said, "so hackers are compromising the real Web sites in order to download malware or for other purposes."
Web 2.0 Threats: A Blurring of Boundaries October 05, 2007
At the core of Web 2.0 are applications that use code written in Ajax and JavaScript, which make them behave in ways that traditional security technologies can't cope with, explained Alfred Huger, vice president of engineering for Symantec in Santa Monica, Calif. "Ajax blurs the line between the Web and my applications on the desktop," he told the E-Commerce Times.
Related Stories
California Shies Away From E-Voting August 06, 2007
Following the release of a controversial report on the ease of hacking into several e-voting systems scheduled for use in California's February elections, the secretary of state has decertified the machines adopted by 39 counties. She also instituted rigid new security precautions to be implemented for any systems that are recertified for use.
Bold California Software Pirate Arrested February 01, 2007
Gad Zamir, 64, was arrested Tuesday following police executions of search warrants at two of his residences in Menifee, Calif. Authorities said Zamir was selling copies of Microsoft SQL Server Enterprise, a $25,000 program, for $7,750, and copies of Adobe Photoshop Creative Suite 2, with a retail value of about $500, for less than $300.
More by Erika Morphy
Ballmer Gives Shareholders - and Dell - Cause for Optimism November 20, 2009
Microsoft CEO Steve Ballmer was all smiles at the company's shareholders meeting, as he touted the early success of Windows 7. Ballmer's cheer may have been contagious; after posting a massive earnings decline for the third quarter, Dell needed some good news to latch onto, and the prospect of broad enterprise adoption of Windows 7 could spur PC sales.
AA.com Sucks the Fun Out of Trip-Planning November 20, 2009
Using AA.com to book a flight was a painful experience. Densely packed, disorganized information was displayed in an unattractive format. On the plus side, it did seem as though the deals American Airlines advertised were real and not mere bait-and-switch lures. For anyone who wants a travel-planning Web site to inject a little pleasure into the experience, though, I say look elsewhere.
Salesforce.com Pumps Up Volume of Workplace Chatter November 19, 2009
Salesforce.com has developed a collaboration platform that puts social networking to work. Salesforce Chatter facilitates employee collaboration on projects through Facebook-like profiles, status updates, feeds and groups. The question remains whether employees will be as open to social networking in the workplace as they are in their personal lives.
Headline Feeds
Talkback: 
