Hacker Attacks Indiana Government Website and Other State Sites

A hacker who's under investigation for allegedly stealing personal and financial details from a Web site of Indiana government is also a suspect of intruding into websites of other state governments.

A hacker invaded a server executing share applications, January 3, 2007 on the Indiana government site to steal plenty of information. These included names, addresses and Social Security numbers of those availing health-care benefits under the State certification, said Chris Cotterill, director of the IN.gov website. Officials think the hacker also stole credit card numbers of about 5,600 people who had transacted over the site.

The credit card details had been inadvertently stored under the state IT policy head, Cotterill said in an interview. He added that normally they didn't record credit card information while they had been storing financial data since April 2006. Actually when someone transacted over their website, their information came as part of processing. There was no particular reason to retain them. So, it was just an internal mistake, Cotterill said.

The Indiana Office of Technology released an advisory, which law enforcement agents forwarded to executives notifying that charges in the case were pending. It also said that the U.S. Department of Justice was convinced that the individual who broke into the Indianan government Web site had also hacked other state governments' sites.

Indiana's CIO, Gerry Weaver said in a written statement that they were happy to know about the identification of a suspect and that legal procedure would follow. InformationWeek published Weaver's statement on March 23, 2007. Also the news would not divert them from the primary goal of keeping up the security of IN.gov, believed Weaver.

Although there were no reports of abuse of anyone's information, the state Office of Technology had sent out notification letters to 71,000 nurse aides, medication aides and home health aides all certified with the state. The office dispatched the letters on second week of March 2007 warning the concerned people to check their credit records.

Cotterill described the breach an attack with remarkable sophistication, one they had never experienced before of all the frequent website attacks they suffer.

Related article: Hacker & Virus in MySpace

» SPAMfighter News - 4/3/2007