http://www.dailymail.com/news/News/2002122342/ Kris Wise Daily Mail staff <kriswiseat_private> December 23, 2002 A review of computer security in Kanawha County's courthouse has found county financial records, voters' registration information and other confidential computer documents could be vulnerable to hackers. The county's Web site and wireless network had to be shut down today in an effort to prevent potential attacks on the system, County Commissioner Kent Carper said. County Manager Dan Blue last week hired Terradon Corp. to conduct a review of the county's computer network and its security system. A security engineer hacked into the county commission's network within an hour and a half, sent employees an e-mail that appeared to be from Carper, directed staff members to issue a check for $75 million and created a county file that warned officials he "owned the network." Terradon's engineer hacked into the system from his laptop while parked in a vehicle outside the courthouse. He then sent fictitious e-mails and directives while sitting between two state troopers in the courthouse lobby, County Manager Allen Bleigh said. "He did it very easily without anyone having any idea he was doing this," Bleigh said. The county's wireless network allows county employees to enter information into the system from laptops and cell phones. Though only 3 percent of information is entered through the wireless system, it is "an open door" to all county records, Bleigh said. "It was a terrific error in judgment to set the system up this way," Carper said. "You would never go off and leave financial records unlocked at night and that's essentially what we have done. There are all kinds of people out there who are very skilled and knowledgeable. I'm going to assume someone else has done this or could easily do this." Carper notified fellow commissioners and elected officials last week to warn them that a security breach was possible and to get permission to tap into certain records. Initial concerns were that people could erase or change financial records, change registration for voters, put a virus in the system or gain access to criminal records, commissioners said. Terradon's engineers still are working to see what information would have been vulnerable if the system still were operating with the wireless network. Law enforcement records, criminal records and grand jury information kept by the Sheriff's Department and Prosecutor's Office are stored in another protected system and were not included in the test, Carper said. Commission President Dave Hardy said the most substantial security risk for the county was that individuals could have used the county's system as a platform to break into other systems or host their own Web site. "My biggest concern is how a hacker could mask his own identity through our system," Hardy said. "It's very hard to get someone in-house to do this kind of (security) work for what governments can pay. It's something all agencies need to take a look at." County systems administrator Dennis Wyer said the wireless network was established to allow employees to enter information into the county system during meetings or court proceedings. Today's shutdown of the Web site and network will prevent any unauthorized person from gaining access to the system until further security measures are in place, Wyer said. The county had planned to buy more than $500,000 of new financial software in the coming year. Commissioners will discuss at the Jan. 16 meeting whether to buy additional computer security equipment or to extend a contract with the computer-engineering firm to conduct security audits. The network that stores records for the commission, the County Clerk's Office and the Assessor's Office also has no warning system to alert administrators of an attempted security breach. Last week's review found there had been recent attempts to hack into county clerk's records. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Dec 24 2002 - 09:10:50 PST