http://www.cbc.ca/technology/story/2007/02/08/cnsc-hacked.html CBC News February 8, 2007 Someone hacked into the Canadian Nuclear Safety Commission's website and inserted photographs of a nuclear explosion spurring the agency to call in the RCMP. The commission said the media releases section of its website was vandalized by the hacker. However, a spokesman emphasized that a person without a secure government login would not be able to access potentially dangerous information such as part of the agency's internal site that tracks the movement of high-risk radioactive sealed sources. According to a report in Thursday's Ottawa Citizen, the commission's current and archived news releases were renamed "security breaches" and contained a photo of a mushroom cloud. The photo was under the heading "for Immediate Release" and was accompanied by a caption reading: "Please dont [sic] put me in jail oops, I divided by zero." Commission spokesman Aurle Gervais confirmed the defacement of the site and said the pages were disabled minutes after the newspaper contacted the agency. Gervais said the vandalism occurred on a part of the agency's site run by an external provider with no link to the internal site. A secure government login is needed to access the internal site with sensitive information, he said. Still, the commission considers the incident "very serious" and has called the RCMP to investigate, Gervais said. He said it is the first time such a breach has occurred at the commission. Government sites 'surprisingly easy' to hack: expert But the sensitivity of the commission's mandate raises legitimate concerns about the safety of government-run websites, said Brian O'Higgins, the chief technology officer with Third Brigade, an Ottawa internet security firm. "It's surprisingly easy to get onto the big servers and do this kind of defacement. The threat isn't getting better, it's getting worse," O'Higgins told CBC News Online. O'Higgins said the increased variety of software and software upgrades for publishing to the internet opens up more and more vulnerabilities for hackers to exploit. O'Higgins said it was clear from the way the commission's site was defaced that the hacker was more interested in drawing attention to the vandalism than finding secrets. But he warned that defacement of sites is a declining trend as more hackers adopt a stealthy approach in hopes of finding a way to profiting from their intrusions. ______________________________________ Subscribe to the InfoSec News RSS Feed http://www.infosecnews.org/isn.rss
This archive was generated by hypermail 2.1.3 : Sun Feb 11 2007 - 22:45:22 PST