Homeland Security officials were among the first to discover that the Public Advocate's Office website was hacked over Christmas weekend.
The federal Multi-State Information Sharing and Analysis Center notified the city's tech department about the cyberattack in which data about thousands of users was stolen.
"They contacted us to confirm the breach," said Public Advocate spokesman Wiley Norvell. "We picked up on suspicious activities earlier in the weekend."
Members of the hacking collective Anonymous took credit for the attack. They posted the stolen information on the data- sharing site filebeam.com, Norvell said.
"We immediately contacted the website to remove it, which they did," he added.
The hackers stole the names and email addresses of 6,700 users who had filled out various online forms, including petitions and complaints related to the blizzard last December.
Anonymous stealthily gained access to the site through a “brute-force attack.”
Such an assault systematically checks all possible passwords until the right one is discovered, and methodically breaks down firewalls in place to protect data.
Following an initial email to anyone who had information on the site alerting them of the attack, Public Advocate staffers are combing through the recaptured files and plan to reach out to anyone who may have submitted private information in the complaint forms.
The NYPD's computer crime squad is investigating.
It remains unclear why the hackers targeted the relatively small advocate's office. They have broken into government websites across the world.
The city's other larger, higher profile sites, are working diligently to protect their data, a tech official said.
"The city of New York takes all necessary measures, every day, to protect its IT systems and infrastructure," said Nick Sbordone, a spokesman for the Department of Information and Technology (DoITT).
He noted that DoITT does not host the Public Advocate's system.
No comments:
Post a Comment