[ISN] Hackers get inside province's system

InfoSec News isn at c4i.org
Thu Mar 9 01:34:40 EST 2006


http://www.canada.com/vancouversun/news/story.html?id=20b74870-ceb9-4723-a6ee-cf55548e2001&k=21513

Miro Cernetig
Vancouver Sun
March 08, 2006 

VICTORIA -- The RCMP is investigating how hackers cracked the B.C.  
government's computer network to place unauthorized software and
movies on government hard drives, the provincial government disclosed
Tuesday.

The revelation, the latest in a spate of embarrassing security
breaches, came from the New Democratic Party, which raised the issue
in the legislature.

"The opposition has been advised that at least one breach of security
that involved a minimum of 78 government computers and access through
[the] highest level of passwords and involving several ministries
occurred," said NDP house leader Mike Farnworth. He did not name his
source.

"Apparently, the government found out on the sixth of February of this
year that outsiders had been accessing the system for at least two
months."

Government officials, who are still investigating revelations by The
Vancouver Sun that the province auctioned computer data tapes
containing confidential records on thousands of British Columbians,
initially suggested the NDP was exaggerating a minor breach in which
no personal information was stolen.

Less than an hour later, however, Labour Minister Michael de Jong
released a Feb. 3 "security incident report" that warned government
employees that 78 computers across various ministries were "heavily
compromised . . . by an intrusion that has loaded 'hacker' programs
and movie files onto them."

The attack came from a service provider in the Netherlands. The NDP
said it allowed round-the-clock use of government computers on
weekends, and from 5 p.m to 6 a.m. on weekdays.

De Jong said "this wasn't a privacy issue in the sense that somebody
was trying to access personal information.

"They [the hackers] were trying to make use of the network."

The mystery is what for?

De Jong did not say what type of material was being deposited onto the
government network and skirted answering a question about whether it
involved pornography.

But experts have found hackers often try to infiltrate networks with
large Internet bandwidth and storage capacity such as governments',
then set up illegal mirror sites that allow them to distribute and
store first-run movies and pornography for free.

Hackers then sell passwords to enable people to access the network and
the illegal material stored on it.

It does appear that some government computers have been targeted by
computer hackers, NDP researchers said.

Their search of Internet sites commonly used by hackers dealing in
pirated software, which hackers call Warez, found what appears to be
at least two government computers listed. It wasn't clear if they are
still actively being targeted by hackers.

Farnworth said he does not know the extent of the hackers' penetration
and has no evidence that people's privacy was compromised. But he is
asking Privacy Commissioner David Loukidelis to carry out his own
investigation to eliminate any concerns.

"If [the allegations are] proven accurate, I further request that you
report out on the causes of the breach, the magnitude of the breach
and what files were at risk," Farnsworth asks the commissioner in a
letter.





More information about the ISN mailing list