A compromised Marin County, Calif., Web site apparently prompted the U.S. government to temporarily shut down all of the state government’s Internet sites this week.
Last month, the Marin County transportation authority Web site was reportedly hacked to redirect traffic to a porn site. Following several unsuccessful attempts to remedy the situation at the local level, the federal government, which owns the ca.gov domain, made the decision to shut down all of the Web sites with that domain for review — a sudden and unexpected move that threw state operations into complete disarray.
Head Scratcher
It is unclear how a local county Web site hack attack led to the feds’ decision to unceremoniously pull the plug on the state’s entire Web operation. A public information officer with California’s Department of Technology Services laid the decision at the General Services Administration’s door, according to news accounts.
However it came about, it was not a standard operating procedure or best security practice, Shane Coursen, a senior technical consultant at Kaspersky Lab, told TechNewsWorld. “One of the key attributes of an incident response handler is to have a level head. Pulling the plug like that is not a level-headed decision.”
Besides the security issues of a suddenly dark state Internet and the inconvenience to consumers whose preferred mode of state government interaction is the Web, going dark tipped off the hackers involved, he said. “You can destroy valuable forensic evidence this way and won’t learn anything from the incident.”
Local Security
An important lesson can be salvaged from the event, Dmitri Alperovitch, principal research scientist at Secure Computing, told TechNewsWorld. “Hopefully, the state will review all of its Internet security policies and make sure something like this doesn’t happen again.”
Alperovitch is referring to the original hack at the Marin County Web site, which apparently was woefully lacking in security safeguards.
“Government Web sites face the same problems that most businesses face, in that the number of vulnerabilities are enormous and their security tools are not well deployed. This event hopefully will raise awareness that anyone is vulnerable,” he noted.
Indeed, governments are particularly vulnerable to hackers these days, said Rich Sutton, director of Labs at 8e6 Technologies, as their Internet security operations are typically underfunded.
“Especially at the local level, they are constantly playing catch-up with the day-to-day security tasks of keeping the system patched,” he told TechNewsWorld.
At the same time, more hackers are focusing on slicing through so-called “trusted Web sites” defenses.
“Consumers have become savvier at recognizing fake Web sites set up to look like the real thing,” Sutton said, “so hackers are compromising the real Web sites in order to download malware or for other purposes.”
Loading ...
