Town of Clifton Website Hacked
Town Council member: No town resident information at risk.
By Victoria Ross
Tuesday, August 02, 2011
http://www.connectionnewspapers.com/article.asp?article=353255&paper=88&cat=104
Clifton resident Becky Lips was Skyping with her fiance in Canada around 10:30 on Monday, Aug. 1, when both googled “Clifton” to settle a question.
Google led her to Town of Clifton website at
http://cliftonva.us/.
“But when I clicked it, this disturbing page came up with a message that the site has been hacked. There was a picture of the White House, the American flag and the Israeli flag, with a bull’s eye around it,” she said.
Lips said she was confused at first, thinking that she had clicked the wrong link. Both she and her fiance tried the website multiple times, and found the same images.
“I was actually quite spooked by it. It was pretty disturbing. … My fiance was googling it at the same time and was getting the same result, too. I was then worried that maybe something or someone had been able to hack into our computers,” she said.
Her fiance, a journalist who works in Niagara Falls, said she should alert the local newspaper, since she could not access any information on Town officials. Lips said her parents have been living in Clifton for 25 years, and they couldn’t remember anything like this happening in the past.
“It’s just weird,” she said, “Why would anyone do this?”
The site, which was still showing political images Tuesday, Aug. 2, at 4:30 p.m., claimed to have been hacked by “Iran Hack Security Team,” with the homepage depicting a montage of the White House with what appeared to be a spiral, or possibly a target, over the White House and the Israeli and U.S. flags. It also included a message with profanity at the bottom and a scrolling list of nonsensical names, such as “Mr. XP.”
Mary Ann Jennings, spokesperson for the Fairfax County Police Department, said Town of Clifton had not reported the incident to the department’s cyber-crimes bureau as of Tuesday afternoon. “But we typically deal with sex offenders and scams, not hacking. We’re part of the FBI’s online predator task force,” she said.
Michael Dent, chief information security officer for Fairfax County, said that hackers will deface a website for many reasons, from exposure to obtaining personal information.
“Normally, this thing can happen many ways. Most of the time it’s vulnerability with operating system, and it hasn’t been patched against,” Dent said. “Malicious people, hackers, will exploit these vulnerabilities. They have now defaced the website, to get their name out there, or to do something worse like get addresses or other information about residents.”
Dent said he wasn’t contacted by the Town of Clifton to do any computer forensics, but he would suggest that, because of the political content on the site, Clifton officials contact authorities soon.
“My initial thought would be that they need to contact the FBI or Homeland Security. They see this every day, and could tell if this (group) is not a big deal, or a real threat to any information that’s been stored on the site. At a minimum, I would report it to the authorities,” Dent said.
Dent said that if residents have been asked to register for Clifton events on the website, that information could be at risk until professional computer security experts review the site, and wipe it clean.
“You have to think of all the big security companies that have been hacked. It’s not unusual, “Dent said.
Prior to Tuesday night’s Clifton Town Council meeting at 7:30 p.m., Councilmember Wayne Nickum confirmed that the site was back up and that the council was monitoring the situation. He added that the Town Council was in contact with Fairfax County Police about the hack and that there was no risk of any personal information of town residents being accessed.
“We don’t ask for that information [on the website],” said Nickum, explaining that the site’s purpose is strictly informational. Residents are able to download town forms, but all official business is processed by hand.
“It was a relatively simple hack,” said Erich Russekrobbins, a town resident who acts as the website’s webmaster.
Once Russekrobbins learned that the site had been hacked, he was able to repair it in 15 minutes.
“They weren’t able to get into the database,” he said. “The hack was limited to the frontpage. It makes all the other pages disappear, but they’re unaffected.”
Russekrobbins confirmed Nickum’s assessment that the hack did not put any town resident’s personal information at risk. The town does not collect money via its website, so there is no financial information on the website. “Nothing’s in there that isn’t in any phonebook,” he said.
According to Russekrobbins, the town website was hacked once before. That time, the website's server was hacked. Following that hack, the town moved its website to a more secure server.
Officer Bud Walker, a spokesperson for the FCPD, said the potential criminal charge involved would be “computer trespass,” which is a misdemeanor. Walker said that a detective did a quick Google search and found several websites that had been hacked in a similar manner.
“So it would not appear that the Town of Clifton was targeted,” Walker said. “I honestly do not know, but the detective said it was probably a web provider that got hacked, which would affect any web sites hosted by that provider. So it could be hundreds of sites all around the world. But if they are all fixed by now then it is unknowable.”
Editor Michael O'Connell contributed to the reporting of this story.