DEW: Vulnerability Exposed; No Personal Information Stolen

7:38 PM, Dec 23, 2012   |    comments
  • Share
  • Print
  • - A A A +

Columbia, SC (WLTX)- 24 hours after the SC Department of Employment and Workforce discovered that their website was 'defaced,' their spokesperson says that no personal information was taken.

"Defacement is a form of hacking; it is just not as serious as the Department of Revenue hacking," said Andy Peeler, Director of Technology at WLTX.

If you went to the state Department of Employment and Workforce website Saturday you may have seen a message saying the site was hacked. The Department spokesperson Adrienne Fairwell says it was website defacement by a malicious user.

Peeler says it was a sign that the site was vulnerable.

"They basically defaced the main page, put up a description of what they have done to basically say hey we have taken over your page we have found some type of vulnerability. It is pretty common in the hacker community to say hey you have vulnerability and we exploited it," said Peeler.

The department says that no personal or confidential information was accessed because of the multiple layers of security controls that the agency has in place.

Peeler believes because of the recent hacking at the department of Revenue, increased attention has been brought to other agencies in our state and trying to find out who accessed the page will be very difficult.

"There are a lot of ways through the internet that you can mask where the attack came from. If you have taken control of someone work station and you are using that information, the attack is going to look like it is coming from here when it is really coming from there. So tracking this stuff back can be very difficult. "

He says vulnerabilities come when a server has patches that aren't installed yet or discovered.

"Every web server out there has known vulnerabilities, as well as unknown ones that are found on a regular basis, the key is as these vulnerabilities become known, and the manufactures release patches, you have to install these patches as soon as they come out, any delay or time that is wasted in getting these patches deployed to the web servers means that those servers are venerable to this type of attack."

The department is having IT Managers monitor the site to make sure no other defacements occur.


Most Watched Videos