[ISN] Hacker invades Anchorage airport Web site

InfoSec News isn at c4i.org
Thu Apr 14 08:54:41 EDT 2005



ANCHORAGE (AP) - A hacker broke into the Web site of the Ted Stevens
Anchorage International Airport and replaced arrival and departure
times with a waving Turkish flag.

Screens also displayed a steely eyed man's face in the lower right
corner. Beneath it was a message crediting a Turkish hacker who goes
by the handle "iSKORPiTX" for the cybervandalism.

The flight information page on the Web site of the state-owned was
defaced at about 1:40 p.m. Sunday, airport officials said.

It remained that way until about 9 p.m., when technicians disabled
that part of the site until about 6 a.m. Monday, they said.

The hacker gained access only to the airport's Web server, not its
internal network on which financial documents, e-mails and other data
are stored, airport director Mort Plumb said.

The break-in occurred as federal law-enforcement officials are
completing an investigation of a broader rash of cyberattacks on state
computers this winter.

Stan Herrera, the state's director of enterprise technology services,
said Tuesday that a defacement of another agency's Web site during
winter spurred the investigations. The breadth of the attacks is still
being analyzed, and federal officials have not released details of
their investigation, he said.

Lawmakers recently set aside $5 million to pay for equipment and
software to make the state's computer network more secure, Herrera

Two years ago, officials had expected to shift all of the state's
computer systems onto a new, more secure platform to be built by
Anchorage-based Alaska Communications Systems, which had been hired to
overhaul the state's telecommunications system, including computer

That deal fell apart in September 2003 and the state's networks
reverted back to equipment and software that were to have been phased
out, Herrera said.

Money earmarked this year for computer security upgrades will buy new
routers and switches and the software that makes them work. Some also
will be used to pay for new security software that will be installed
on network servers as well as employee workstations, Herrera said.

The airport Web site hacker is fairly well known in Internet circles
and does not try to hide his tracks.

Earlier this winter, an image and message similar to the ones that
appeared on the airport's site showed up on the Information Security
Association's Web site in the United Kingdom. The group is a nonprofit
international organization of information security professionals.

A hacker Web site that chronicles such exploits gives iSKORPiTX credit
for defacing hundreds of other Web sites, including state government
sites in Iowa, Georgia and Tennessee.

More information about the ISN mailing list