February 8, 2007
Someone hacked into the Canadian Nuclear Safety Commission's website and
inserted photographs of a nuclear explosion spurring the agency to call
in the RCMP.
The commission said the media releases section of its website was
vandalized by the hacker. However, a spokesman emphasized that a person
without a secure government login would not be able to access
potentially dangerous information such as part of the agency's internal
site that tracks the movement of high-risk radioactive sealed sources.
According to a report in Thursday's Ottawa Citizen, the commission's
current and archived news releases were renamed "security breaches" and
contained a photo of a mushroom cloud.
The photo was under the heading "for Immediate Release" and was
accompanied by a caption reading: "Please dont [sic] put me in jail
oops, I divided by zero."
Commission spokesman Aurle Gervais confirmed the defacement of the site
and said the pages were disabled minutes after the newspaper contacted
Gervais said the vandalism occurred on a part of the agency's site run
by an external provider with no link to the internal site.
A secure government login is needed to access the internal site with
sensitive information, he said.
Still, the commission considers the incident "very serious" and has
called the RCMP to investigate, Gervais said. He said it is the first
time such a breach has occurred at the commission.
Government sites 'surprisingly easy' to hack: expert
But the sensitivity of the commission's mandate raises legitimate
concerns about the safety of government-run websites, said Brian
O'Higgins, the chief technology officer with Third Brigade, an Ottawa
internet security firm.
"It's surprisingly easy to get onto the big servers and do this kind of
defacement. The threat isn't getting better, it's getting worse,"
O'Higgins told CBC News Online.
O'Higgins said the increased variety of software and software upgrades
for publishing to the internet opens up more and more vulnerabilities
for hackers to exploit.
O'Higgins said it was clear from the way the commission's site was
defaced that the hacker was more interested in drawing attention to the
vandalism than finding secrets.
But he warned that defacement of sites is a declining trend as more
hackers adopt a stealthy approach in hopes of finding a way to profiting
from their intrusions.
Subscribe to the InfoSec News RSS Feed