Hate When That Happens…

Some knuckleheads calling themselves the “Tornado Digital Security Team” have hacked the KISD website.

Keller school district technology experts are restoring the district’s Web site after computer hackers destroyed hundreds of documents and photos late Tuesday.

The hackers replaced the home page with a page that shows a photo of a tornado and a lightning bolt and the message: “In The Name of God … This is Web site hacked by Tornado Digital Security Team.”

Keller officials are trying to trace the Web site address, www.TORNADO.ir.

It appears the hackers were searching for Web sites with holes in the security firewall, said district spokesman Jason Meyer.

“It looks like some sort of software program was working on our Web site and they’ve been doing it for several months,” he said.

I always hate news stories about computing and security issues, because most of the people who know what the heck really happened aren’t allowed to talk to the public.  I don’t doubt that script kiddies and perhaps even some serious hackers have been testing the firewall.  However, I expect that the techies just told the spokesman about the firewall logs so he’d have something to say to the media. 

The firewall does you no good if your application code has holes in it, since you have to allow traffic bound for the web server to pass through the firewall to access the application (unless you proxy it, but even that’s not totally secure).  I know I get a lot of idiots in China trying to run dictionary attacks against my SSHD (which has to have a port open on the firewall for me to use it).

I noticed that KISD is running a CMS called Joomla!.  Coincidentally enough, it appears that Joomla has a number of high priority security issues that were patched on Monday.

That’s not to say I know for sure that this is what happened, since there are so many ways that security can be compromised, and some quick research shows that these guys have hacked systems other than Joomla! (interestingly enough, they seem to like hacking Arabic sites).  I’d be really interested to see a writeup on what really happened here.

2 Comments

  1. queuno says:

    Given that KISD has one of the least useful websites I’ve ever used, I’m hard pressed to decide if this is an improvement or just the status quo.

  2. I hadn’t used it much until today.  I guess it’s OK if you just want the latest press release.

    I was hoping to get some details on the bond package, which weren’t in evidence anywhere on the site (although admittedly I didn’t spend a lot of time looking).