Hacker hits county website but no data appears compromised

The San Juan County Information Technology department is warning computer users to keep a close eye on their personal data, after a hacking incident involving the county’s web site last week, though it does not appear that any data was compromised.

January 19, 2009 11:14 pm

The San Juan County Information Technology department is warning computer users to keep a close eye on their personal data, after a hacking incident involving the county’s web site last week, though it does not appear that any data was compromised.

At about 8:35 a.m. on Thursday, Jan. 15 the county’s website server, www.sanjuanco.com, ceased to respond. When the system was rebooted, requests for pages generated an error message, which was quickly traced to a line of so-called “snoopware” that had been inserted on each page, apparently by an electronic intruder who worked around the electronic “firewall” on the web server.

“We are fortunate that our pages are set up slightly differently than most, so the hacked-in code would not execute on any of our most-viewed web pages,” said county website manager Stan Matthews. He said it is possible that someone could have directly accessed an archival “.html” page between 8:40 a.m. and 9 a.m., but that the county’s home page, department pages, directories and search pages – including the parcel and document search pages, and most others which might have linked to infected pages – were offline during that time.

He said that this is the same type of attack that, according to Internet security sites, had affected thousands of web pages in recent months, including a site belonging to a prominent web security firm.

The code inserted onto the pages was designed to peek at the so-called Internet ‘cookies’ stored on the computers of visitors to the website and it was linked to a Chinese Internet domain. The code itself contained messages including the notation “make (sic) in China.”

No trace of the program would be left on the web visitor’s computer.

Web cookies are text files that contain information (usually encrypted) about user preferences and logons used by web sites. For security reasons, the county’s web server is isolated from the county’s computer network, so this hack could not have gained access to any information, confidential or otherwise, maintained by the county.

“We have tightened down security on our website and will work with the State Division of Information Services to minimize the chances that something like this could happen again,” Matthews said. “But in securing any computer you have to recognize the truth of the engineer’s lament: ‘Every time I build a better mousetrap, someone builds a better mouse.’”

“As a general principal,” Matthews said, “People should be very careful about what type of information they leave on their computers, especially such things as selecting options to automatically log into web sites where personal data might be kept. Those automatic logons could be stolen by the software someone tried to run on the county website; however the malicious software does not appear capable of accessing any other type of file on the user’s computer.”

Anyone who thinks they might have accessed an infected page last week or has other questions can contact Web manager Stan Matthews at: stanm@sanjuanco.com or 370-7405.