Kentucky state auditor says hackers infiltrated agency network

Hackers, apparently from outside the U.S., have made one Kentucky state agency's computer network their old Kentucky home, according to Kentucky's state auditor.

In a press conference held in the city of Frankfort Tuesday, State Auditor Ed Hatchett told reporters that hackers who appeared to be from France broke into servers on the internal network of the Kentucky Transportation Cabinet, the state agency for transportation and vehicle-registration functions.

Since at least April, the hackers have been using it as a warehouse for pirated music, electronic games and movies - even new films like “Lara Croft Tomb Raider: The Cradle of Life” and “Spy Kids 3D: Game Over.”

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Hackers, apparently from outside the U.S., have made one Kentucky state agency's computer network their old Kentucky home, according to Kentucky's state auditor.

In a press conference held in the city of Frankfort Tuesday, State Auditor Ed Hatchett told reporters that hackers who appeared to be from France broke into servers on the internal network of the Kentucky Transportation Cabinet, the state agency for transportation and vehicle-registration functions.

Since at least April, the hackers have been using it as a warehouse for pirated music, electronic games and movies - even new films like “Lara Croft Tomb Raider: The Cradle of Life” and “Spy Kids 3D: Game Over.”

The hackers also probably had access to bill-paying systems and state-held information such as driver's licenses, the state auditor said.

Harold McKinney, attorney in the state auditor's office, said the problems were uncovered during a recent vulnerability assessment of the state agency's computer network done as part of a routine financial audit of records.

There were signs that some activity originated from Canada and Croatia, in addition to France. The state auditor, who has no more specific information about the hackers, immediately notified the Transportation Cabinet staff about the matter and decided to call a press conference to inform the public.

The Kentucky Transportation Cabinet wasn't aware of the problem until informed Tuesday. Since then, agency staff have been busy assessing the damage and trying to answer press questions.

Transportation Cabinet spokesman Mark Pfeiffer, who acknowledged at least one server at the agency had been hacked, said the agency does not believe internal records and billing systems were compromised.

"The auditor claimed our public records and driver's license records were in jeopardy, but that's not true," said Pfeiffer, because those systems reside on separate networks that are securely separated from the hacked server.

Jim Ramsey, CIO for the Transportation Cabinet, said the hacked server is a Microsoft Proxy Server that was sitting on the edge of the agency's Internet access point. "It looks like the hackers gained access by breaking the password and setting up a subdirectory on some obscure area of it, loaded an FTP application onto it, and used it to send files," he said. "They essentially turned it into file storage for them."

Acknowledging his job is probably on the line, Ramsey didn't shirk from accepting responsibility for some of the agency's shortcomings in network security. The agency lacks a firewall-based "demilitarized zone," as it's often called, as one defense to ward off penetration by hackers.

"We were just in the process of implementing a DMZ, and it was one of things we should have been doing but didn't," Ramsey acknowledged. In addition, the agency hadn't done vulnerability testing and has no one on staff with a high level of security expertise. Nor had the agency gotten assistance through hiring outside contractors.

"We were in the process of developing a security audit through state contracts, but we suspended the outside contract because it cost $60,000 and because the state auditor was going to go in there and do this," Ramsey noted. Ramsey has held the CIO position for three years, and has 27 years in the state government. He added that a bigger budget for IT and security would help remedy problems.