Hackers prompt Kentucky shakeup
- By Wilson P. Dizard III
- Aug 13, 2003
'We have put a whole new security architecture in place.'
Kentucky officials have reassigned some network management duties after discovering a 'monstrous' systems intrusion in which hackers, apparently from France, used Transportation Cabinet computers to store large quantities of pirated movies, music, games and books.
The state has shifted responsibility for the cabinet's routers to the Governor's Office for Technology. The state's auditor of public accounts, Ed Hatchett, referred information about the hacking incident, as well as his office's discovery of employees' use of state computers to ac-cess porn sites, to state and federal prosecutors.
State CIO Aldona Valicenti said her office is working with state auditors and Transportation Cabinet officials to preserve evidence that may be needed by prosecutors. According to the auditor's staff, the hackers may have committed the crimes of theft of services and illegal access to a state computer.
B.J. Bellamy, CIO of the public accounts office, said the hackers broke into a proxy server in the Transportation Cabinet on April 2, according to a log they left behind in the system.
The hacking incident continued until late last month, Bellamy said, when computer specialists in the auditor's office discovered that the server had been penetrated.
When the auditors realized the scale of the intrusion, he said, they discontinued their security audit work and informed the cabinet and the Governor's Office for Technology of their findings and recommendations on how to cope with the intrusion.
'Part of those recommendations was to cut off the communication flow to the exploited services,' Bellamy said. 'The hackers had set up a File Transfer Protocol server to upload and download large files and an Internet relay chat bot,' he said.
'It was monstrous,' Bellamy said, comprising many gigabytes of information. 'Most of it was computer games, movies and that type of thing.'No passwords
Bellamy said the auditor's team realized that the hackers did their work from France because they left behind a log of their own activity that recorded French addresses.
'Also, the configuration files and some of the software were actually in French,' he said. 'There was also a note from the original hacker saying 'I was the one who did this.' 'Valicenti said, 'I would say this is definitely the most visible hacking incident' Kentucky has ever experienced.
She said the lack of passwords to protect routers in the cabinet was one of the factors that allowed the intrusion. The audit revealed that 33 switches and routers on the network had no password or only a default password.
State computer specialists will take over some tasks formerly carried out by cabinet employees, such as running the cabinet's routers, Valicenti said.
'We have put a whole new security architecture in place,' she said. The Office of Technology 'is going to managing all the state firewalls. ... These firewalls will be run centrally where we can monitor intrusions.'
Mark Pfeiffer, director of public affairs for the cabinet, promised the state would take steps to remedy the hacking problem.
Pfeiffer said the auditor's staff also found that between 30 and 35 computers owned by the cabinet had been used to access porn sites, which is a violation of state policy. 'We already have an investigation to look into [those] possible abuses,' he said. The cabinet has about 6,000 employees, Pfeiffer said.