[ISN] Nuclear Safety Commission website hacked

From: InfoSec News (alerts@private)
Date: Sun Feb 11 2007 - 22:38:17 PST


CBC News 
February 8, 2007

Someone hacked into the Canadian Nuclear Safety Commission's website and 
inserted photographs of a nuclear explosion spurring the agency to call 
in the RCMP.

The commission said the media releases section of its website was 
vandalized by the hacker. However, a spokesman emphasized that a person 
without a secure government login would not be able to access 
potentially dangerous information such as part of the agency's internal 
site that tracks the movement of high-risk radioactive sealed sources.

According to a report in Thursday's Ottawa Citizen, the commission's 
current and archived news releases were renamed "security breaches" and 
contained a photo of a mushroom cloud.

The photo was under the heading "for Immediate Release" and was 
accompanied by a caption reading: "Please dont [sic] put me in jail 
oops, I divided by zero."

Commission spokesman Aurle Gervais confirmed the defacement of the site 
and said the pages were disabled minutes after the newspaper contacted 
the agency.

Gervais said the vandalism occurred on a part of the agency's site run 
by an external provider with no link to the internal site.

A secure government login is needed to access the internal site with 
sensitive information, he said.

Still, the commission considers the incident "very serious" and has 
called the RCMP to investigate, Gervais said. He said it is the first 
time such a breach has occurred at the commission.

Government sites 'surprisingly easy' to hack: expert

But the sensitivity of the commission's mandate raises legitimate 
concerns about the safety of government-run websites, said Brian 
O'Higgins, the chief technology officer with Third Brigade, an Ottawa 
internet security firm.

"It's surprisingly easy to get onto the big servers and do this kind of 
defacement. The threat isn't getting better, it's getting worse," 
O'Higgins told CBC News Online.

O'Higgins said the increased variety of software and software upgrades 
for publishing to the internet opens up more and more vulnerabilities 
for hackers to exploit.

O'Higgins said it was clear from the way the commission's site was 
defaced that the hacker was more interested in drawing attention to the 
vandalism than finding secrets.

But he warned that defacement of sites is a declining trend as more 
hackers adopt a stealthy approach in hopes of finding a way to profiting 
from their intrusions.

Subscribe to the InfoSec News RSS Feed

This archive was generated by hypermail 2.1.3 : Sun Feb 11 2007 - 22:45:22 PST