If it were not bad enough that the Iowa Division of Homeland Security official website was hacked, defaced and forced to close down temporarily it appears that another Iowa state government resource was also compromised a few weeks before. At the end of January the Iowa Racing and Gaming Commission suffered a database breach which had the potential to impact upon the data of some 80,000 folk.
While the Homeland Security hack is said, following forensic examination, not to have exposed any sensitive information it does surely expose something of a disregard for security within state government. According to data security specialists Imperva the fact this was such a high profile site, affiliated to the Department of Homeland Security, means it simply should not have been vulnerable to hacker defacement or any other kind of hacker threat.
"Although it's fair to say that no IT resource can ever be 100 per cent protected against all types of attacks, the fact that this hack - and the other two state sites that were also defaced - apparently stems from a misconfigured script or server settings sending out all the wrong messages to businesses and hackers alike" said Amichai Shulman, Imperva's chief technology officer.
"As if this wasn't bad enough, the statements by officials also seem to be at odds with each other. On the one hand we have a state spokesperson saying no real damage was done, and on the other we have another set of people trying to justify the need for another layer of government employees when the existing staff resources could do the IT defence job just as well - or not, as in this case" he added.
