State Web sites neglect the 'weakest link'

Hackers find state government Web sites an irresistible target.

Hack attacks shut down the Texas Lottery Commission's site, at, twice during the past two years.

In June of last year, a group called World of Hell defaced the site with a graffitilike message, 'Destroy your damn Windows boxes and get Unix,' a reference to the fact that the site runs under Microsoft Windows NT.

The site also ground to a halt for a weekend early this year because of an extortion attack from a hacker in Ukraine, said Leticia Vasquez, a commission spokeswoman. The hacker said he would deface the site unless the commission paid him a large sum of money. 'We installed a software patch, and that took care of it,' Vasquez said.

Most organizations put a lot of time, money and skill into network security, said Tal Gilat, chief executive officer of KaVaDo Inc. of New York. But they neglect the Web application level. 'That's the weakest link,' he said.

Statistics from Gartner Inc. of Stamford, Conn., show that more than 70 percent of all hacks occur at the application level, Gilat said.

Denial-of-service hacks, for example, take place there, he said. A hacker can send an SQL command to the Web server, confuse it, and gain access without knowing the password. Or a hacker can get tons of information from an error page, Gilat said. Error pages often show if the site uses Microsoft Access or NT.

Gilat said he shows prospective customers how easy it is to access a site by hacking into theirs as they watch. Using a Web browser, he has accessed employee salary information and bank records.

'Everybody has to understand that by putting an application online, they are opening a big loophole,' Gilat said. And the whole focus of e-government is putting information online. 'Frankly, sometimes I'm uncomfortable with all the information requested on the Web.'

KaVaDo offers two software products to help organizations protect their sites: ScanDo scans a site for vulnerabilities, and InterDo protects Web applications from intrusion attempts.

KaVaDo comes from a Hebrew word that means 'red line,' Gilat said. 'On an Army map, the red line is the last line of defense.'

About the Author

Trudy Walsh is a senior writer for GCN.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected