http://www.adn.com/news/alaska/story/7069608p-6974390c.html By SEAN COCKERHAM Anchorage Daily News October 10, 2005 JUNEAU -- The state is in the midst of a $7 million computer security upgrade as a result of a cyber-assault that sliced through the defenses of the state network. The Jan. 18 attack affected about 110 state computer servers and prompted an investigation by the FBI and a specialist unit of the U.S. Department of Homeland Security. The attack appeared to come from Brazil, state officials said. The hackers were "data mining" -- looking for information to steal -- according to Kevin Brooks, the deputy commissioner of the state Department of Administration. Brooks said no information was stolen. But, if it had been, the attack could have led to identity theft using personal information on the state network. "It was kind of a wake-up call," Brooks said. The state and federal governments will say little about the attack. What is known is that a Department of Health and Social Services server was found to be "defaced," meaning its security was breached. The state investigation then discovered about 110 other servers with similar signs of hacking. That's when the FBI and the Homeland Security Department's United States Computer Emergency Readiness Team got involved. State officials on Wednesday refused to release the report that resulted from the investigation, citing the federal Department of Homeland Security's demand that it remain confidential. State officials said they planned before the attack to ask the Legislature for money to upgrade the computer network. But the attack prompted them to speed it up. They drew up a proposal that would spend $41 million on upgrades over five years. Brooks said the state has $7 million to spend on immediate security work before the end of the fiscal year next June. Measures are now in place that should prevent the kind of attack that hit in January, he said. Brooks said part of the work is to replace technology. An analysis after the attack revealed some of the servers and switches on the network were outdated, he said. Thousands of state computers are getting Cisco security software installed, he said. The Department of Administration provided a statement about the ongoing work from Darrell Davis, the state's chief security officer. "It would be counterproductive to tell those involved in fraud and terrorism exactly what we are doing to make their criminal acts far more difficult," he said. "(It) includes replacing significant amounts of aging infrastructure, hardening of routers and servers, deploying firewalls, establishing security policies and other extra intrusion prevention measures." © Copyright 2005, The Anchorage Daily News _________________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Mon Oct 10 2005 - 21:07:24 PDT