Hacked Marin County website prompts shutdown of all California state sites

Share this article:

A hacked county website in California that redirected users to a pornographic site triggered the federal government late Tuesday to initiate a system-wide shutdown of all government sites in the Golden State.

The process was never completed, after state officials urged the feds to reverse their decision to take offline all state websites bearing the "ca.gov" suffix. The U.S. General Services Administration (GSA) is responsible for all ".gov" sites.

"It was kind of like a rolling blackout," Jim Hanacek, spokesman for the California Department of Technology Services, told SCMagazineUS.com today. "Fortunately we were able to get to it before it completely took down ‘ca.gov.'"

Aaron McLear, spokesman for Gov. Arnold Schwarzenegger, told SCMagazineUS.com today that the problem began when the website of the Marin County Transportation Authority was compromised by a hacker who redirected some traffic to an erotic website. A county IT representative did not return a call for comment.

The hacker apparently made an adjustment in the domain name system (DNS) server that rerouted certain traffic, Hanacek said.

"That apparently sent a red flag to the federal government," said McLear.

The shutdown process did not get far, and there were no reports of state services being interrupted, he said. Hanacek's department checked with critical departments such as the state Highway Patrol, which reported its web and email systems were operating, albeit slowly. The state declared all operations normal by 10:30 p.m. EST on Tuesday.

Hanacek said he was upset the state was not notified that the federal government was planning to take all state sites offline.

"They just made the change unbeknownst to us," he said. "I think there should have been a notification of a change of that magnitude."

A GSA spokesperson did not return a call for comment.

David Perry, global director of security education at Trend Micro, told SCMagazineUS.com today that the hacker may have embedded a malicious IFRAME or exploited a vulnerable ActiveX control to redirect traffic.

But it does not appear he was looking to profit off the attack, Perry said.

"This seems more like a vandal to me," he said. "It's kind of old school. What we're seeing these days is mostly crimeware. This looks like something from 1998, not something from 2007."

Share this article:

Sign up to our newsletters

More in News

Apple hit with privacy class-action over iPhone location service

Apple hit with privacy class-action over iPhone location ...

A woman claims she did not realize the company was using location services to track her and accuses the company of giving the data to third parties.

Attackers compromise Gizmodo Brazil

Trend Micro is investigating whether a vulnerability was used to compromise Gizmodo Brazil and a logistics firm hosted by the same ISP.

Paddy Power breach impacting 650K customers dates back to 2010

Nearly 650,000 Paddy Power customers who made an account prior to 2010 had data compromised in a breach.