Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Network Security / California Taken Offline To Block Hack
Feds Take California Offline To Block Porn Hack
Feds Take California Offline To Block Porn Hack
By Richard Koman / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
It's no secret that California is not the Bush Administration's favorite state, but did the General Services Administration overreact when it moved to shut off California's domain to prevent a hijacked county Web site from pointing to a porn site?

That's what happened on October 2. When GSA officials realized that the Transportation Authority of Marin site -- at -- had been compromised and was redirecting visitors to porn sites, it moved to cut off access to the entire domain. That sent state officials scrambling to repair the damage.

Jim Hanacek, acting deputy director for the state I.T. department's policy and planning division, said the GSA not only shut down the domain, but also didn't notify his office or even alert the right person after the fact. The GSA sent e-mail to a staffer who handles normal -- not critical communications -- and that person didn't see the e-mail for more than 24 hours.

GSA Apologizes

"We apologize for any inconvenience to the citizens of California. ... The potential exposure of pornographic material to the citizens -- and tens of thousands of children -- in California was a primary motivator for GSA to request immediate corrective action," the agency said in a statement.

The GSA has revised its policies to find more targeted ways to dealing with corrupt sites, the agency said. "GSA recognizes there must be a balance between protecting citizens while not, at the same time, adversely affecting government's ability to serve citizens via the Internet. We have therefore revised our policies to now include more internal checks and balances before a site is shut down and to find better ways to more precisely eliminate offending government sites without having to shut down the primary site."

Alex Eckelberry, CEO of Sunbelt Software, said in an e-mail that while GSA shouldn't have shut down, "I was privately quite happy to see it done, because our level of frustration with seeing these constant attacks is quite high. At least something was done, even if it was throwing out the baby with the bathwater."

While it's appropriate for GSA to take time to investigate these events, Eckelberry said, "it's also good for them to have the flexibility to take fast action in the event of something serious, such as a massive worm outbreak or terrorist threat." The GSA should continue to have the flexibility to "shut things off," he added.

Failure To Respond

As of this writing, the Marin Web site is unavailable. The site is now clean but "still has some dirt under its fingernails," Eckelberry said, adding that he discovered that the Madera County courts Web site and the Bank of Ghana Web site also were hacked and were serving porn. Tulare County, California, also appears to be inundated with links to drug and porn sites.

What should Web operators -- be they government entities or corporate enterprises -- do to prevent getting hacked? Four things, said Eckelberry. For outsourced sites, "require and have documentation as to the hosting companies' security practices -- especially as regards their patching strategies." For in-house sites, religiously patch software and use best practices. Regularly test for vulnerabilities. And, finally, "respond to security researchers when they contact you."

Eckelberry said that his firm, as well as other researchers, alerted the transportation agency as far back as September 12, but the agency failed to take any action. E-mails and calls to the agency were ignored. Dianne Steinhauser, executive director of the Marin Transportation Authority, said the I.T. team was afraid the messages were phishing attempts.

Marin's failure to respond to Sunbelt's warnings were "tragic," said Eckelberry. In a press report, California's Hanacek said that the state does not take responsibility for local governments' online activities.

"My personal feeling is that it's a bit scary to have small local governments and departments (the TAM group at Marin is only 10 people) running their own Web sites, and I do think there should be some centralized oversight," Eckelberry said, suggesting an omnibus security team could easily identify and fix problem sites.

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.