Hacked Marin County website prompts shutdown of all California state sites

Share this article:

A hacked county website in California that redirected users to a pornographic site triggered the federal government late Tuesday to initiate a system-wide shutdown of all government sites in the Golden State.

The process was never completed, after state officials urged the feds to reverse their decision to take offline all state websites bearing the "ca.gov" suffix. The U.S. General Services Administration (GSA) is responsible for all ".gov" sites.

"It was kind of like a rolling blackout," Jim Hanacek, spokesman for the California Department of Technology Services, told SCMagazineUS.com today. "Fortunately we were able to get to it before it completely took down ‘ca.gov.'"

Aaron McLear, spokesman for Gov. Arnold Schwarzenegger, told SCMagazineUS.com today that the problem began when the website of the Marin County Transportation Authority was compromised by a hacker who redirected some traffic to an erotic website. A county IT representative did not return a call for comment.

The hacker apparently made an adjustment in the domain name system (DNS) server that rerouted certain traffic, Hanacek said.

"That apparently sent a red flag to the federal government," said McLear.

The shutdown process did not get far, and there were no reports of state services being interrupted, he said. Hanacek's department checked with critical departments such as the state Highway Patrol, which reported its web and email systems were operating, albeit slowly. The state declared all operations normal by 10:30 p.m. EST on Tuesday.

Hanacek said he was upset the state was not notified that the federal government was planning to take all state sites offline.

"They just made the change unbeknownst to us," he said. "I think there should have been a notification of a change of that magnitude."

A GSA spokesperson did not return a call for comment.

David Perry, global director of security education at Trend Micro, told SCMagazineUS.com today that the hacker may have embedded a malicious IFRAME or exploited a vulnerable ActiveX control to redirect traffic.

But it does not appear he was looking to profit off the attack, Perry said.

"This seems more like a vandal to me," he said. "It's kind of old school. What we're seeing these days is mostly crimeware. This looks like something from 1998, not something from 2007."

Share this article:

Sign up to our newsletters

More in News

Research shows vulnerabilities go unfixed longer in ASP

Research shows vulnerabilities go unfixed longer in ASP

A new report finds little difference in the number of vulnerabilities among programming languages, but remediation times vary widely.

Bill would restrict Calif. retailers from storing certain payment data

The bill would ban businesses from storing sensitive payment data, for any long than required, even if it is encrypted.

Amplification, reflection DDoS attacks increase 35 percent in Q1 2014

Amplification, reflection DDoS attacks increase 35 percent in ...

The Q1 2014 Global DDoS Attack Report reveals that amplification and reflection distributed denial-of-service attacks are on the rise.