Hackers Target Cal - ISO System
Event Year: | 2001 | Reliability: | Confirmed |
---|---|---|---|
Country: | United States | ||
Industry Type: | Power and Utilities | ||
Description: | Like the Salt River Project incident, this incident appears to be rampant with conflicting information. The best data we have is that a relatively inexperienced hacker was able to exploit two Solaris servers that were were part of a development network at Cal-ISO. These servers were supposed to be protected by a firewall, but in reality the servers were connected directly to the Internet. In addition, the Cal-ISO system administrators left the servers with all the software installed by the default setup, leaving numerous vulnerabilities open to exploitation. (#1) The orginal LA-Times article of states: The system also lacked the ability to collect a record of events in a secure place, instead leaving them on the computers that the intruder could access. The investigators could not easily detect which files had been changed. A rudimentary root kit—a tool set used by Internet attackers to take total control of a system—had been installed, but other details could not be discovered. |
||
Impact: | “There was an obvious attempt made to penetrate our systems,” said Greg Fishman, spokesman for Cal-ISO, who would not give any more details. “They were able to achieve minimal penetration into a system that we use to demonstrate software. This was never a threat to our core operations.” (#1) |