State and local governments are the target of hackers around the world, according to Michael Calce, a converted hacker who once successfully attacked Yahoo, CNN, Amazon, eBay and Dell.
In an interview with Government Technology, Calce was asked how difficult it is to hack into a government website. His answer: “To be quite honest, it’s so easy it’s scary.”
Calce also says that some hackers target government sites because “there is no telling what kind of information you can obtain from government networks.” These hacks, while sometimes harmless, can sometimes result in enormous losses in budget and resources, as Government Technology reports:
Last July, a hacker broke into Yellowstone County, Mont.’s website, prompting the county to disable the site. In September 2011, two men with alleged ties to the online activist group Anonymous were indicted for hacking into Santa Cruz County, Calif., computers in December 2010, causing the county website to go offline. And last November, the Gregg County, Texas, Tax Office was hacked by the Zeus Trojan, which uses a keystroke logging scheme to steal information. In that incident, bank routing numbers were hijacked to redirect $200,000 into a foreign bank account.
Even law enforcement sites are being targeted. Sheriff John Montgomery of Baxter County, Ark., said in August 2011 his office’s website was attacked by hackers and is among more than 70 law enforcement websites in several states that have been hacked.
Remote access is one reason that government data is increasingly vulnerable to hackers. Many governments are embracing telework and mobility. These trends are cutting down on government-owned devices, real estate and utilities. The benefits, however, are being challenged by the inherent risks in giving remote employees server access.
Security firm Webroot recently surveyed (PDF download) of 500 web-security decision-makers about their experience with remote access and hacking. The results are not only alarming but also a wakeup call to governments to ensure their hardware, software and policies are protecting end users and data. Here’s a look at some of the key findings.
Among the businesses surveyed: