http://www.tucsoncitizen.com/daily/local/71839.php By Renee Schafer Horton Tucson Citizen 12.18.2007 The Tucson Police Department's Web site will be coming back online within the next 48 hours, Pat Johnson, TPD webmaster, said. The Web site went down about two weeks ago after a man calling himself "Hmei7" hacked into it, Johnson said. There was no danger to police data files during this time, Johnson explained, because Hmei7 hit only the media release database. Johnson said Hmei7 is from Indonesia and has hacked into hundreds of government Web sites internationally. He said Hmei7 doesn't qualify as a professional hacker, because he doesn't seek to do permanent damage to a site, but rather cause a nuisance. "I'd call him a professional prankster," Johnson said. Using a technique called "SQL injection," which is pronounced "sequel injection," Hmei7 got into the TPD media release site and programmed a change into the search box. "On our media site, we have a search box for the media releases," Johnson said. "SQL injection allows someone to type 'Mr. Jones' and a SQL statement and that changed all the titles of all the media releases to read, 'Hmei7 has touched your soul.' " TPD was notified of the problem by someone trying to view the Web site, and TPD immediately shut the site down, Johnson said. Hmei7 was able to insert the SQL injection code by getting past the city of Tucson firewall and the TPD firewalls, Johnson said. Sgt. Mark Robinson said TPD information technology has been working the past two weeks to identify how Hmei7 gained access and to install security measures to prevent SQL injections from being used again. __________________________________________________________________ Visit InfoSec News http://www.infosecnews.org/
This archive was generated by hypermail 2.1.3 : Tue Dec 18 2007 - 22:30:40 PST