[ISN] State Web site breach tied to foreign attacker

From: InfoSec News <alerts_at_private>
Date: Fri, 12 Mar 2010 00:14:22 -0600 (CST)

By William Petroski
The Des Moines Register
March 11, 2010 

A hacking incident on an Iowa homeland security Web site last week has 
been linked to a foreign attacker who gained access through a security 
vulnerability, a state official said Wednesday.

This hacker used an "abstract, colorful" image to deface the site 
operated by the Iowa Division of Homeland Security and Emergency 
Management, said Robert Bailey, communications director for the Iowa 
Department of Administrative Services. Access was gained by exploiting 
software that lacked a security patch, he said.

The breach was limited to an Iowa Department of Public Defense server, 
and no sensitive data were compromised, Bailey said. Investigators have 
concluded the attack occurred from outside North America, but they 
haven't identified a perpetrator, he added.

A total of six state Web sites were shut down temporarily because of the 
March 3 incident, including a Web site that advises the public about 
family and individual preparedness for emergencies. Only a bare-bones 
version of the homeland security Web site was back online as of 
Wednesday. The breach did not compromise any computer systems of the 
Iowa National Guard, said Maj. Michael Wunn, a Guard spokesman.


Register now for HITBSecConf2010 - Dubai, the premier 
deep-knowledge network security event in the GCC, 
featuring keynote speakers John Viega and Matt Watchinski! 
Received on Thu Mar 11 2010 - 22:14:22 PST

This archive was generated by hypermail 2.2.0 : Thu Mar 11 2010 - 22:25:19 PST