If you had trouble accessing government websites in California a few days ago, don't worry, you weren't hallucinating: the federal government apparently briefly suspended the entire "ca.gov" domain after a hacker managed to insert redirects to porn sites onto several government subdomains using a DNS hack. The site which triggered the red flag was the Transportation Authority of Marin, California, belonging to a small ten person agency in charge of helping people move in and about Marin County. However, this tiny agency managed to cause big trouble for the entire state, as it turns out.
The shutdown, initiated by the General Services Administration (GSA), a US agency in charge of all top-level ".gov" domains, began at roughly 4:00PM (PST), quickly turning into such a problem that Gov. Arnold Schwarzenegger even considered calling the President himself. Internet and email access for the entire state government was restricted, but not all at once, as the problem manifested itself in the form of increasing connectivity issues. Curiously enough, the California IT Department found out about the shut-down only after users began complaining of connectivity issues. Fortunately, after being notified, the IT Department quickly moved to resolve the problem using a technique known as force propagation, manually requesting domains to update their addresses with DNS servers rather than at the regularly scheduled time. By 7:30PM, everything was in fairly normal order. Officials later concluded that no sensitive data or services had been stolen or compromised. At the moment, the TAM's site has an image of what it formerly looked like, with the text: "Sorry for the inconvenience, our website is currently under construction. Please check back later. Thank you !!!"
But here's where the story gets interesting: apparently Sunbelt Security informed the county government about the hack nearly a month ago on Sept. 12, 2007. However, according to Dianne Steinhauser, executive director of the Marin transportation authority, there was no official response due to fears that the warnings were "phishing" attacks (nevermind that a simple check of their site could've confirmed the reports). Of course, this isn't the first time that the TAM website has had trouble; in April of this year, the agency received security warnings about its website, prompting it to tighten security and limit access to only three-staff officials; the measure seemed to be working until last month, when the above stated warnings arrived. And, to top it off, there's still some lingering traces of dirt on the Californian domain: simply do a search on Google with "porn sex site:ca.gov". At the time of writing, there are at least two sites which appear compromised.
View: Story on Marin Independent Journal View: Sunbelt Blog Warning
3 Comments - Add comment