Red-faced IT bosses at Stafford Borough Council are hacked off after the authority’s website was broken into by a Turkish protest group.
The hackers forced the council to close its site after a member of staff noticed the problem when they tried to log on and saw a black screen proclaiming the Turkish Cyber Army.
The group broke into the server which provides the site, run by Mid Counties Co-op, redirecting surfers to their own site. Their home screen displayed a picture of an ancient scroll. with the words “world protest”.
It also said: “We are the king of the world/Turkish Cyber Army!” It is the first time the site, which has been running for 15 years, has been compromised and IT chiefs said no data was at risk.
The site was taken down last Wednesday, August 11, afternoon until Thursday morning.
Council spokesman Will Conaghan said the public web site is a copy that doesn’t contain any sensitive details or data.
The master site containing key information was kept safe behind firewalls, he added.
Peter Kenrick, the council’s head of technology, said: “There was no risk to data at any time. We took the site down to make sure we had the full picture. The company that services the website needs to look at security there.” The site attracts more than a thousand hits every day.
Exclusive: Defense Department investigators subpoena records from Google, Microsoft, and Yahoo in connection with ongoing probe.
Paul McDougall
InformationWeek
A known computer hacking clan with anti-American leanings has successfully broken into at least two sensitive Web servers maintained by the U.S. Army, InformationWeek has learned exclusively.
Department of Defense and other investigators are currently probing the breaches, which have not been publicly disclosed.
The hackers, who collectively go by the name “m0sted” and are based in Turkey, penetrated servers at the Army’s McAlester Ammunition Plant in McAlester, Okla., and at the U.S. Army Corps of Engineers’ Transatlantic Center in Winchester, Va.
The breach at the McAlester munitions plant occurred on Jan. 26, according to records of the investigation obtained by InformationWeek. On that date, Web users attempting to access the plant’s site were redirected to a Web page that featured a protest against climate change.
On Sept. 19, 2007, the same hackers electronically broke into Army Corps of Engineers’ servers. That hack sent Web users to www.m0sted.net. The page, at the time, contained anti-American and anti-Israeli rhetoric and images, records show. It currently appears to be an Internet landing spot that features airline reservation links.
Beyond the redirects, it’s not clear whether the group was able to obtain sensitive information from the Army’s servers.
The hacks are the subject of an ongoing criminal investigation by Defense Department officials and members of the U.S. Army’s Judge Advocate General’s Office and Computer Emergency Response Team. Investigators have executed records search warrants against Microsoft (NSDQ: MSFT), Yahoo (NSDQ: YHOO), Google (NSDQ: GOOG), and other Internet service and e-mail providers as part of their efforts to unmask the hackers’ true identities.
Investigators believe the hackers used a technique called SQL injection to exploit a security vulnerability in Microsoft’s SQL Server database to gain entry to the Web servers. “m0sted” is known to have carried out similar attacks on a number of other Web sites in the past — including against a site maintained by Internet security company Kaspersky Lab.
The hacks are troubling in that they appear to have rendered useless supposedly sophisticated Defense Department tools and procedures designed to prevent such breaches. The department and its branches spend millions of dollars each year on pricey security and antivirus software and employ legions of experts to deploy and manage the tools.
Equally troubling is the fact that the hacks appear to have originated outside the United States. Turkey is known to harbor significant elements of the al-Qaida network. (!) It was not clear if “m0sted” has links to the terrorist group.
Defense Department officials did not immediately return calls seeking comment on the case.
InformationWeek Analytics has published an independent analysis on what executives really think about security. Download the report [on the website] (registration required).
The hackers forced the council to close its site after a member of staff noticed the problem when they tried to log on and saw a black screen proclaiming the Turkish Cyber Army. 