OT Vandal Alters Gallup Internet Site just before primaries

greenspun.com : LUSENET : TB2K spinoff uncensored : One Thread

http://www.star-telegram.com/news/doc/1047/1:COMP21/1:COMP210306100.html

Updated: Monday, Mar. 6, 2000 at 17:58 CST

Vandal alters Gallup Internet site just before primaries

By Ted Bridis AP Technology Writer

WASHINGTON -- An electronic vandal altered the Internet site for the Gallup Organization, one of the nation's oldest and most respected polling companies, just before Tuesday's presidential primary elections.

Gallup said none of its poll data was compromised because its vandalized Web site, at www.gallup.com, won't be connected to internal computers that store polling results until Sept. 1. That's when Gallup plans to make available through its Web site 65 years of data.

"We have until September 1 to guarantee that we have addressed all issues of security," said Phil Ruhlmon, Gallup's chief information officer.

Gallup results are relied upon heavily by campaigns and political journalists. The group's Web site was vandalized in an obvious way early Sunday for about six hours before it was noticed and repaired. The more serious risk was that subtle changes could have been introduced -- the report of a surge by a political underdog, for example -- and reported by mainstream media outlets as genuine.

"That is a risk," Ruhlmon acknowledged. "It may have existed for a longer period of time if they had changed something minor."

Instead, the unknown vandal altered part of Gallup's Web site with a claim that a prominent Internet site devoted to computer security, AntiOnline, was itself responsible. Along with some text, a headline was changed to read "demonstration of Internet insecurity by AntiOnline."

Gallup indicated it now believes AntiOnline wasn't involved, but it acknowledged that it originally called to complain to John "JP" Vranesevich, who runs AntiOnline in Beaver, Pa.

"We're pretty much used to that," said Vranesevich, who was demonized by hackers last summer after he offered to help authorities trace and prosecute hackers. "When someone's hacked, there's obviously a lot of frustration there. When some of these malicious hackers put our name down as a joke or to degrade us, we'll get a call sometimes."

Vranesevich agreed that the greater threat in the attack against Gallup was the potential risk to the organization's credibility if false data published on its Web site had been reported publicly.

"To this point, we really haven't seen hackers do that," he said. "(But) to be able to put false information out, it could have serious consequences, all sorts of problems. To be able to put out a fake story about Microsoft merging with Apple, for example; just rumors about those kinds of stories can send stocks skyrocketing."

Ruhlmon said Gallup believes the hacker broke into one of its computers where an important software patch hadn't been applied, then used it to help break into the computer that runs Gallup's Web site.

Gallup took the Web site offline for more than an hour Monday afternoon to make additional security changes. All information on the compromised computers was being wiped -- a time-consuming process -- in case the hacker secretly implanted software to allow future control of the machines.

"We want to completely clean it off," Ruhlmon said. "We do not want to leave any open doors."

On the Net: Gallup's Web site:

http://www.gallup.com

AntiOnline's Web site:

http://www.antionline.com

Image of Gallup's hacked site: http://www.attrition.org/mirror/attrition/2000/03/05/www.gallup.com/

-- viewer (justp@ssing.by), March 09, 2000


Moderation questions? read the FAQ