Tuesday, January 25, 2011
Administrative Control of Utah.gov
Recently, a hacker posted to his website that he will sell administrative control to a number of government websites, including Utah.gov and Michigan.gov. I tried to get my arms around that, and how it might be done. Problem is, Utah.gov is not a simple construct with an administrative console that controls it all so what exactly is this hacker selling for $99. Well, the Utah.gov domain consists of about 6 million pages, over 950 services, dynamic feeds, all somewhat linked together with a central portal which itself is an entire suite of applications built to support the complex array of interactions between citizens and government. It appears that the hacker gained access to a lightly used subdomain that is not even managed by the state's central IT so this was reviewed, patched, etc. With state and federal government websites proliferating as they have, this is almost an unfortunate inevitability as many government employees seek to deploy their content to the web outside the structured professional support channels. I regularly see sites across the country that have injected pages advertising products like cialis and viagra as rogue businesses try to bump up the search engine ratings of their websites through leveraging legitimate government sites. Even organizations with well-structure standards and deployment policies and procedures fall prey to this. With government being as diverse as it is, someone in each organization needs to remain vigilant and aware of these kinds of activities.