- Nokia's new N97 vs. the iPhone
- 10 Microsoft research projects
- Hard to get justice in MySpace case
- Smartphone smackdown: Storm vs. iPhone
- Apple removes antivirus support page
Hackers had made a state agency's network their old Kentucky home before being discovered by auditors, who revealed the incident publicly last week.
Kentucky State Auditor Ed Hatchett told reporters that the hackers, apparently from France, Croatia and Canada, broke into at least one server on the network of the Kentucky Transportation Cabinet, the state agency for transportation and vehicle-registration functions. Since at least April, the hackers have used it as a warehouse for pirated movies, music, electronic games and DVDs. They probably had access to state-held information such as driver's licenses, Hatchett said.
The discovery was made during a routine network vulnerability assessment as part of a financial audit.
The agency wasn't aware of the problem until Hatchett informed it a few hours before the news was made public. Spokesman Mark Pfeiffer, acknowledging that at least one server at the agency had been hacked, says they do not believe internal records and billing systems were compromised.
Jim Ramsey, CIO for the Transportation Cabinet, says the hacked server is a Microsoft Proxy Server that was sitting on the edge of the agency's Internet access point. "It looks like the hackers gained access by breaking the password and setting up a subdirectory on some obscure area of it, loaded an FTP application, and used it to send files," he says. "They essentially turned it into a file cabinet."
Ramsey, who says his job is probably on the line, didn't shirk from accepting responsibility. The agency lacks a firewall-based "demilitarized zone," as one defense to ward off penetration by hackers.
"We were just in the process of implementing a DMZ, and it was one of things we should have been doing but didn't," Ramsey says. In addition, the agency hadn't done vulnerability testing and has no one on staff with a high level of security experience. Nor had the agency received assistance through outside contractors.
"We were in the process of developing a security audit through state contracts, but we suspended the outside contract because it cost $60,000 and the state auditor was going to go in there and do this," says Ramsey, who has been CIO for three years. A bigger budget for IT and security would help remedy problems, he adds.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment