Hacked Marin County website prompts shutdown of all California state sites

Share this article:

A hacked county website in California that redirected users to a pornographic site triggered the federal government late Tuesday to initiate a system-wide shutdown of all government sites in the Golden State.

The process was never completed, after state officials urged the feds to reverse their decision to take offline all state websites bearing the "ca.gov" suffix. The U.S. General Services Administration (GSA) is responsible for all ".gov" sites.

"It was kind of like a rolling blackout," Jim Hanacek, spokesman for the California Department of Technology Services, told SCMagazineUS.com today. "Fortunately we were able to get to it before it completely took down ‘ca.gov.'"

Aaron McLear, spokesman for Gov. Arnold Schwarzenegger, told SCMagazineUS.com today that the problem began when the website of the Marin County Transportation Authority was compromised by a hacker who redirected some traffic to an erotic website. A county IT representative did not return a call for comment.

The hacker apparently made an adjustment in the domain name system (DNS) server that rerouted certain traffic, Hanacek said.

"That apparently sent a red flag to the federal government," said McLear.

The shutdown process did not get far, and there were no reports of state services being interrupted, he said. Hanacek's department checked with critical departments such as the state Highway Patrol, which reported its web and email systems were operating, albeit slowly. The state declared all operations normal by 10:30 p.m. EST on Tuesday.

Hanacek said he was upset the state was not notified that the federal government was planning to take all state sites offline.

"They just made the change unbeknownst to us," he said. "I think there should have been a notification of a change of that magnitude."

A GSA spokesperson did not return a call for comment.

David Perry, global director of security education at Trend Micro, told SCMagazineUS.com today that the hacker may have embedded a malicious IFRAME or exploited a vulnerable ActiveX control to redirect traffic.

But it does not appear he was looking to profit off the attack, Perry said.

"This seems more like a vandal to me," he said. "It's kind of old school. What we're seeing these days is mostly crimeware. This looks like something from 1998, not something from 2007."

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

ShellShock vulnerability exploited in SMTP servers

Researchers at Trend Micro found that attackers were targeting Simple Mail Transfer Protocol (SMTP) servers to execute malicious code and an IRC bot.

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.

Operators disable firewall features to increase network performance, survey finds

Operators disable firewall features to increase network performance, ...

McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.