Skip Links

Feds pull the domain name plug on State of California

By , IDG News Service
October 04, 2007 08:52 AM ET

IDG News Service - The Federal government pulled the plug on the Web domain used by the State of California on Tuesday, setting into motion a chain of events that threatened to grind government business to a standstill within the state.

Buzzblog: Federal "fix" knocks for a loop

State IT staffers were able to fix the problem within a few hours, narrowly averting disaster, but the situation shed light on what observers are calling a shocking weakness in the state's IT infrastructure.

The story behind the shutdown, and how the U.S. General Services Administration (GSA) came within hours of shutting down the State of California's Internet presence, is a complex one, but as with so many stories on the Internet, it begins with pornography.

In early September the Transportation Authority of Marin, a ten-person agency charged with managing transportation funding in Marin County, California, discovered that the servers that handled the agency's Web and domain name service had been hacked and were being used to create links to pornographic Web sites.

Domain name servers are used to translate the domain names we type into our browsers into numerical IP addresses, used by computers. Together these DNS servers form a Web-like database telling all of the computers on the Internet how to find each other. In the case of the Transportation Authority, there was one authoritative server responsible for telling all other DNS servers where to find computers operating within the domain.

The agency spent a frustrating two weeks trying to get its Internet service provider, StartLogic, to resolve the problem, said Dianne Steinhauser, executive director of the Transportation Authority of Marin. Then in mid-September it delegated domain name server authority for the Transportation Authority's domain to the name server, run by the state's Department of Technology Services, she said. That meant that the state's servers and not StartLogic's were now responsible for keeping the authoritative domain record for

Unfortunately, it also meant that if an outside observer believed that the DNS server responsible for had been hacked, he might have assumed that the name server was compromised as well. And that, apparently, is where the trouble really began for the State of California.

On Tuesday, at around 2 p.m., the federal organization responsible for managing the .gov top level domain pulled the plug on the domain, according to Jim Hanacek, a public information officer with California's Department of Technology Services. The " domain was removed as a valid address by the federal GSA, who has an office that oversees the use of the .gov domain," he said.

Only the GSA knows for sure why this was done, but Hanacek said that the problems that had been experienced by the Transportation Authority of Marin were behind the move. "Our understanding... is they were seeing signs of some redirects over to pornographic sites and that is what caused them to shut down that domain."

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News