By William Petroski
The Des Moines Register
March 11, 2010
A hacking incident on an Iowa homeland security Web site last week has
been linked to a foreign attacker who gained access through a security
vulnerability, a state official said Wednesday.
This hacker used an "abstract, colorful" image to deface the site
operated by the Iowa Division of Homeland Security and Emergency
Management, said Robert Bailey, communications director for the Iowa
Department of Administrative Services. Access was gained by exploiting
software that lacked a security patch, he said.
The breach was limited to an Iowa Department of Public Defense server,
and no sensitive data were compromised, Bailey said. Investigators have
concluded the attack occurred from outside North America, but they
haven't identified a perpetrator, he added.
A total of six state Web sites were shut down temporarily because of the
March 3 incident, including a Web site that advises the public about
family and individual preparedness for emergencies. Only a bare-bones
version of the homeland security Web site was back online as of
Wednesday. The breach did not compromise any computer systems of the
Iowa National Guard, said Maj. Michael Wunn, a Guard spokesman.
Register now for HITBSecConf2010 - Dubai, the premier
deep-knowledge network security event in the GCC,
featuring keynote speakers John Viega and Matt Watchinski!