Wednesday, 15 March 2000 Pima department beefs up security after hacker hits site By David Wichner The Arizona Daily Star

A Pima County department is bolstering security on its Web site after dodging a virtual bullet in a recent attack by an unknown computer hacker.

As a result of the attack on the Community Services Department site, visitors to the agency's site could have been directed to other Web pages - perhaps pornography sites - or data could have been temporarily lost.

But the hacker apparently only left a taunting message, and the department's chief said no confidential information was accessed and no data damaged.

Hank Atha, director of the Community Services Department, said the site contained only general information about the agency, which operates job-training programs and coordinates food, utility and housing assistance to needy families.

``We actually are appreciative of it in a way, because he hacked it in a funny kind of way and didn't do something worse, so we learned from it,'' Atha said, adding that the site won't be reactivated until all security concerns are addressed.

Other Pima County agency sites linked to the main county site - including the County Assessor's Office, the Elections Department and the County Attorney's Office - apparently were unaffected.

The hacker's work was discovered March 5 by a Tucson woman visiting the county's Web site.

Shirley Aleck, a former computer systems programmer, said she clicked on a link to the Community Services site while at the main county Web page (http://www.co.pima.az.us).

Aleck said a page popped up that read: ``You have been hacked. Here to say that world hasn't secured their computers and probably never will. P.S.: admin: e-mail me,'' and the message included an e-mail address.

``I thought, what have I done to my computer?'' said Aleck, who called the county's computer help line the next morning.

The Community Service Department's Webmaster confirmed that Aleck's call prompted an immediate investigation and removal of the site's content.

``To our knowledge, she's the only one who noticed - that's not exactly a high-traffic site,'' said Ron Meck, administrative services manager for the department.

Meck said he got a message about the hacking incident early March 6 and immediately deactivated the site and began a thorough security review.

``Until I can bring it back up securely, I won't put it back up,'' he said, adding he hoped he could confidently reactivate the site by today.

In the meantime, only the Community Services site's front page is online, without any active links to its internal pages.

Meck said the site apparently was hit by a hacker's ``toolkit'' - basically a set of easy-to-use software codes circulated on the Internet - that targeted the software the department used in creating its Web pages. He declined to name the hacker's program or the Web design software the agency uses, citing ongoing security concerns.

Meck acknowledged the problem could have been much worse, given that the hacker's program allowed the perpetrator to gain ``limited control'' of the agency's computer server.

Meck said he was surprised that the site wasn't protected by a ``firewall'' - software that shields sites from unauthorized access - maintained over the main county site. He said he will continue to research ways to make the site secure, possibly reconfiguring or replacing the agency's Web-site design software.

http://www.azstarnet.com/public/dnews/0315R4.html

-- Martin Thompson (mthom1927@aol.com), March 15, 2000