Leg's security breached
Hacker takes over Web site for a day

Daniel MacIsaac
Northern News Services

NNSL (Jun 14/99) - Internet surfers plugging into the legislative assembly's Web site Thursday found an unusual invitation to an unusual party.

A link labelled "Special Event" brought up the announcement of a party celebrating the opening of the assembly on July 26, but clearly the site had been hacked.

"Event" details included a special raffle, with prizes ranging from "a fabulous dinner with the assembly member of your choice" to "a direct, lifetime cable link to your television of the daily proceedings of the legislative assembly" and a "special box set of recordings featuring the pseudo-philosophical meanderings of former member Mike Ballantyne or any other form of extremely painful torture you can think of."

References throughout the page showed the hacker, or hackers, have knowledge of the NWT, but the links lead to the home page of "The Global Snooper" and the U.S. Central Intelligence Agency. The inserted page also mentions "Mitnick" -- a reference to infamous, imprisoned American hacker Kevin Mitnick -- and a link to his "Free Kevin" home page.

An assembly staffer reported the legislature had been unable to access the Internet Thursday.

Public relations officer Ronna Bremer said Friday the Department of Public Works and Services maintains the government's Web sites and that the problem had been corrected -- but the government offered no other details.

Profile of a hacker

Jeremy Childs, communications service manager for SSi Micro, helped shed light on the underground world of hacking.

He said the GNWT site that was hacked is on an important server -- though one that offers only information for the public and not one containing government records.

Childs said that with hackers breeching the security systems of even major organizations like the Pentagon, the assembly attack is not so unusual.

"It's just a rite of passage and shows you can't take security too seriously," he said. "There's always someone out to get you."

But Childs said there are a few unusual aspects of Thursday's breech, including the fact that political "graffiti" was left behind.

"This kind of hacking is the least common," he said. "Normally the hacker's goal is to own the machine -- to find a way of controlling the system and to use it to go on to launch further exploits on other servers and do so in a way that's untraceable."

Childs said the average hacker is between the ages of 15 and 20, but the nature of the assembly hack points to an older individual.

"Political satire like that is not in the profile of the usual hacker," he said.

Childs said SSi runs security checks on a regular basis and, as a form of defence, keeps up to date on the latest hacking breakthroughs.

"If there are exploits discovered and someone makes a server bend to their wishes, the results usually get published somewhere," he said.

He said banks' sites, for example, are normally very tight -- with limited offerings, like e-mail service, that can make the system more vulnerable to hackers.

"The more windows you have in your house, the more thieves get in," he said. "It's like living in a one-room hut as opposed to a mansion."

Childs said that most security tips, as well as hacking tips, can be found via the Internet. He added that while one wouldn't normally expect anyone to bother hacking the assembly's site, for this very reason the government might have been better prepared.

"In theory the NWT Web site should be more secure because they have the advantage of seeing what attacks are taking place on higher profile sites -- and what action those sites are taking," he said.