March 29, 2006
CONCORD, N.H. -- A state computer specialist who was put on leave two
days after a security breach was announced says bosses ignored his
warnings about more serious weaknesses in New Hampshire's computer
Doug Oliver of Tilton, 44, was suspended with pay last month after the
announcement of the security breach affecting motor vehicle offices,
the state veterans home in Tilton, the Liquor Commission and state
Oliver spoke to the Concord Monitor and New Hampshire Public Radio,
saying he wants to clear his name. He said officials underreported the
extent of the hacking. And he said they knew as early as last summer
that perhaps more than half the state's computer systems were at
significant or severe risk of being attacked.
"I'm not looking to do any harm to anybody," Oliver told the Monitor.
"I'm just looking to make sure that the debate and the right questions
are getting asked, because I'm not convinced the right questions are
Rick Bailey, New Hampshire's chief information officer and Oliver's
boss, declined to comment on Oliver's allegations, citing personnel
"It's a difficult situation," he said, declining to name the employee
who was suspended. "An investigation was ongoing. The FBI and the
Department of Justice recommended that this individual not be in the
environment while the investigation ran its course, and we followed
that direction. Administrative-leave scenarios are not intended to
suggest guilt or innocence."
In February 2005, a hacker defaced the state's NH.gov Web site with
internet graffiti. In response, Bailey compiled a three-person team,
including Oliver, which was directed to act like hackers to test state
The testing, which concluded last summer, revealed that more than 60
percent of the sampled servers were at risk for "significant to
severe" security breaches, Oliver said.
One of the biggest problems the team identified was a failure to
upgrade databases to protect them from a worm that caused widespread
damage on the internet a few years ago. Microsoft has provided patches
to protect against that worm since 2003, Oliver said, but had not been
"There were events and incidences being reported by this (security
tool) that I was seeing multiple network machines being touched by
this worm," Oliver told NHPR. "In addition, there were other
signatures, other flags or events that this tool was firing at the
same time that were strongly indicative of an attack against the
Bailey said the security tool Oliver used is good, but not perfect,
raising the possibility of false alerts.
No reports of illegal activity were reported as a result of the
security breach the state announced, but officials asked people who
used credit cards in the previous six months to report any suspicious
purchases to the state Consumer Protection Bureau.
State information technology experts became aware of the breach when
they spotted software in the system that can allow a hacker to watch
transactions, but not to recover earlier records, said Bailey.
Oliver said the program also can be used as a security test, and that
he installed it last year during the security checking. It was
supposed to have been removed.
Oliver, who has worked for the state since 2002, was a technical
support specialist who had written software and performed security
checks on computer servers that handle credit card transactions. He
says he was scanning state servers for hacker vulnerability on Feb. 16
when his supervisors asked him to speak with the FBI. Shortly after
that interview, he said he was locked out of his network account, and
told he was placed on leave. He was not given a specific reason.
"I feel that I'm coming under fire inappropriately," he said. "Perhaps
(I'm) being scapegoated or retaliated against because of what I know."
In his last days on the job, he said, his supervisor accused him of
"being chicken little, or being disgruntled somehow, and of being
overzealous because of a new toy"- an expensive security device the
state had been testing.
InfoSec News v2.0 - Coming Soon!