Hackers given 'back door key' to government sites

14 Jan 2002

Lax security policies jeopardising sensitive data

Hundreds of government websites could be wide open to hack attacks, having failed to take action in the wake of last year's Badtrans virus.

The Foreign and Commonwealth Office (FCO) and even the government-run Society of IT Managers (SOCITM) could both be vulnerable.

Badtrans works by emailing passwords and key-logging information to a private email addresses set up by the virus writer. It also sends the sensitive data to a San Francisco ISP called Monkeybrains.net.

Before Christmas, the ISP rose to prominence for denying the FBI access to the information.

But following an investigation by the monthly e-government bulletin, it has now emerged that data from 176 different UK government domains, as well as many more US government and US military domains, have been sent to Monkeybrains.net - and therefore to the virus writers.

The ISP's list shows that some restricted sites and confidential intranets fell foul of Badtrans - meaning that hackers may have been mailed the passwords needed to enter those sites.

SOCITM was unable to provide a comment on whether it was aware of the problems or whether it had taken any action in the light of the breaches. The Met Office said it was looking into the matter.

A spokesman for the Foreign and Commonwealth Office said: "We don't believe our confidential intranet system has been breached, we have methods in place to prevent confidential emails from leaving the system."

Neil Barrett, technical director at security consultancy IRM, said the problem was twofold: "The first problem is that there might be some really serious security compromises which haven't been dealt with. The second - and probably bigger - problem is one of perception.

"As soon as people have a perception that a site is insecure it becomes interesting to hackers, then you have difficulties."

Barrett added that at the very least the affected agencies should be made aware of the problem and check whether serious breaches have occurred.

But Monkeybrains.net does not allow those searching the database to see the password information it holds. It only allows them to see if their sites have been compromised, making it impossible to tell how sensitive the data being held is.

During the month of December 2001 Badtrans was the most widespread virus and despite only being released in November was one of the commonest viruses of the year.