Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] State data systems upgraded after hack

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] State data systems upgraded after hack
Date: Mon, 10 Oct 2005 23:00:37 -0500 (CDT) 
http://www.adn.com/news/alaska/story/7069608p-6974390c.html

By SEAN COCKERHAM
Anchorage Daily News 
October 10, 2005 

JUNEAU -- The state is in the midst of a $7 million computer security
upgrade as a result of a cyber-assault that sliced through the
defenses of the state network.

The Jan. 18 attack affected about 110 state computer servers and
prompted an investigation by the FBI and a specialist unit of the U.S.  
Department of Homeland Security. The attack appeared to come from
Brazil, state officials said.

The hackers were "data mining" -- looking for information to steal --
according to Kevin Brooks, the deputy commissioner of the state
Department of Administration. Brooks said no information was stolen.  
But, if it had been, the attack could have led to identity theft using
personal information on the state network.

"It was kind of a wake-up call," Brooks said.

The state and federal governments will say little about the attack.  
What is known is that a Department of Health and Social Services
server was found to be "defaced," meaning its security was breached.  
The state investigation then discovered about 110 other servers with
similar signs of hacking.

That's when the FBI and the Homeland Security Department's United
States Computer Emergency Readiness Team got involved. State officials
on Wednesday refused to release the report that resulted from the
investigation, citing the federal Department of Homeland Security's
demand that it remain confidential.

State officials said they planned before the attack to ask the
Legislature for money to upgrade the computer network. But the attack
prompted them to speed it up. They drew up a proposal that would spend
$41 million on upgrades over five years.

Brooks said the state has $7 million to spend on immediate security
work before the end of the fiscal year next June. Measures are now in
place that should prevent the kind of attack that hit in January, he
said.

Brooks said part of the work is to replace technology. An analysis
after the attack revealed some of the servers and switches on the
network were outdated, he said.

Thousands of state computers are getting Cisco security software
installed, he said. The Department of Administration provided a
statement about the ongoing work from Darrell Davis, the state's chief
security officer.

"It would be counterproductive to tell those involved in fraud and
terrorism exactly what we are doing to make their criminal acts far
more difficult," he said. "(It) includes replacing significant amounts
of aging infrastructure, hardening of routers and servers, deploying
firewalls, establishing security policies and other extra intrusion
prevention measures."

© Copyright 2005, The Anchorage Daily News



_________________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] State data systems upgraded after hack, InfoSec News <=
Previous by Date:  [ISN] Linux Advisory Watch - October 7th 2005, InfoSec News
Next by Date:  [ISN] Microsoft Details Antivirus And Anti-Spyware Timetable, InfoSec News
Previous by Thread:  [ISN] Linux Advisory Watch - October 7th 2005, InfoSec News
Next by Thread:  [ISN] Microsoft Details Antivirus And Anti-Spyware Timetable, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]