Feds Shut Down State of Calif. Internet on Whiff of Smut
The U.S. government took down all of the state of California's government Internet sites this week in order to thwart a hack attack on Marin County's transportation authority site. Visitors to the county agency were being redirected to a porn site. The feds' decision was not "level-headed," said Shane Coursen, a senior technical consultant at security firm Kaspersky Lab.
10/05/07 12:17 PM PT
A compromised Marin County, Calif., Web site apparently prompted the U.S. government to temporarily shut down all of the state government's Internet sites this week.
Last month, the Marin County transportation authority Web site was reportedly hacked to redirect traffic to a porn site. Following several unsuccessful attempts to remedy the situation at the local level, the federal government, which owns the ca.gov domain, made the decision to shut down all of the Web sites with that domain for review -- a sudden and unexpected move that threw state operations into complete disarray.
It is unclear how a local county Web site hack attack led to the feds' decision to unceremoniously pull the plug on the state's entire Web operation. A public information officer with California's Department of Technology Services laid the decision at the General Services Administration's door, according to news accounts.
However it came about, it was not a standard operating procedure or best security practice, Shane Coursen, a senior technical consultant at Kaspersky Lab, told TechNewsWorld. "One of the key attributes of an incident response handler is to have a level head. Pulling the plug like that is not a level-headed decision."
Besides the security issues of a suddenly dark state Internet and the inconvenience to consumers whose preferred mode of state government interaction is the Web, going dark tipped off the hackers involved, he said. "You can destroy valuable forensic evidence this way and won't learn anything from the incident."
An important lesson can be salvaged from the event, Dmitri Alperovitch, principal research scientist at Secure Computing, told TechNewsWorld. "Hopefully, the state will review all of its Internet security policies and make sure something like this doesn't happen again."
Alperovitch is referring to the original hack at the Marin County Web site, which apparently was woefully lacking in security safeguards.
"Government Web sites face the same problems that most businesses face, in that the number of vulnerabilities are enormous and their security tools are not well deployed. This event hopefully will raise awareness that anyone is vulnerable," he noted.
Indeed, governments are particularly vulnerable to hackers these days, said Rich Sutton, director of Labs at 8e6 Technologies, as their Internet security operations are typically underfunded.
"Especially at the local level, they are constantly playing catch-up with the day-to-day security tasks of keeping the system patched," he told TechNewsWorld.
At the same time, more hackers are focusing on slicing through so-called "trusted Web sites" defenses.
"Consumers have become savvier at recognizing fake Web sites set up to look like the real thing," Sutton said, "so hackers are compromising the real Web sites in order to download malware or for other purposes."