Firestorm has a globally recognized group of contributors to this blog - Expert Speakers, Authors and Presenters, all highly credentialed and experienced in the field of crisis preparedness and crisis management.
HEADLINE: Major US law enforcement Website shut down after data breach
SUMMARY: A hacker penetrated the web site of CLEARUSA.ORG and downloaded a listing of members that contained names, addresses, organizations, titles, email addresses, phone numbers, and site password information. The hacker then posted this information on a blog and invited other people to attempt to try to break into various personal web sites (Facebook, email, Linkedin, etc.) to harass the organizations’ members. This tactic is in “retaliation” for the actions of law enforcement against “occupiers”. As a result of the security breach, the Clearusa web site has been temporarily shut down while its administrators are working to address security issues and repair the application.
STORY LINK: http://news.softpedia.com/news/Major-US-Law-Enforcement-Website-Shut-Down-After-Data-Breach-239859.shtml
Analysis by Bill Baker, VP Firestorm
There are no web sites that are totally invulnerable to hackers. The task of your site administrator is to make your site relatively difficult to attack so that potential hackers will go after an easier target. It’s rather like putting a “beware of dog” sign in your yard so that potential intruders will go next door. It would seem that the CLEARUSA.ORG (Coalition of Law Enforcement and Retail (C.L.E.A.R.)) site was the one without a growling dog.
In their mind, hackers perform a public service by exposing weaknesses in web applications or operating systems. They like to justify their actions as encouragement for vendors to plug leaks and fix security holes. While I disagree with this logic, there are a lot of hackers out there who will challenge any web site’s security. The current hacker has taken a step beyond into the realm of internet disruption.
“Exphin1ty”, the hacker involved in this latest foray, wanted to retaliate against “Law Enforcement’s inhumane treatment of occupiers”. He/she selected a somewhat obscure quasi-governmental organization site as the target. Fortunately, the database information that was stolen and then posted as a blog contains very little sensitive information.
Clearusa.org is a cooperative organization between local police and retailers designed to reduce organized shoplifting. Nearly all of the database information exposed may be publicly available elsewhere. Even so, we can learn valuable lessons from this event.
First, any web site may be attacked. Soft targets may be exploited by “kiddie hackers” as a game or training adventure.
Second, if your web site includes any type of database (membership roster, contact list, etc), hackers may want to test your security (and steal your data).
Third, should you have sensitive personal or corporate data on your site, you MUST be sure that you have appropriate heavy-duty security.
It’s not that difficult to enhance the security level of your web site. These basic steps can make your site less attractive to hackers.
Remember: Predict. Plan. Perform.
Download our Toolbar!
Firestorm believes that crisis preparedness is predicated on recognition of imminent threats. Our weekly newsletter is an invaluable tool that reports on current conditions and issues, and includes original commentary and analysis from our Expert Council, Senior Leadership, and Guest Contributors. Valuable, insightful commentary analysis each week - and it's FREE! Sign up to receive these critical alerts
Firestorm presents a variety of topical webinars each month for the business community presented by leading experts in their fields. Our Leadership Team and Expert Council present as Keynote Speakers, Program Presenters, and Panel Members at events across the country. Keep up to date and Join us!
View our Upcoming Events...
Firestorm founders Harry Rhulen and Jim Satterfield wrote Disaster Ready People for a Disaster Ready America specifically to address the need for crisis and disaster preparedness at home, and the book has become a cornerstone of many personal and corporate preparedness programs.