Cybersecurity

NCI site hacked -- or was it?

lulzsec logo

LulzSecEurope, represented by this monocle-wearing mascot, posted code it claims it took from National Cancer Institute computers.

A group of hackers known as "LulzSecEurope” claimed they breached the National Cancer Institute’s website on Oct. 31, but the agency says the alleged hack didn’t happen.

Rumors of the hack circulated online Wednesday after the group claimed the hack on its Twitter page, posting a link to allegedly hacked data from the site.

However, a spokesperson for the National Cancer Institute, which coordinates the National Cancer Program for the U.S. Department of Health and Human Services, denied the claims that its site – www.cancer.gov – was hacked in any way.

“Someone retrieved open source code from a publically accessible website and posted it as evidence of a hack,” said the spokesperson, who did not want to be identified. “There are some places you can find code, and that’s all they did.”


Related story:

Cyber Insecurity: Managing to the risk


That explanation was not enough to convince some Internet security experts who caught wind of the alleged hack.

Aaron Titus, Chief Privacy Officer of New York-based Internet security company Identity Finder, said a third-party analysis of the data dump reveals numerous references to the National Institute of Health, the National Cancer Institute and user groups with government references.

“If they are asserting this is open source material completely unrelated to NIH, that doesn’t add up to me because there are references to NIH and the NCI peppered throughout the code,” Titus said. “You’d have to show me any open source application that contains references to NIH inside its core database when you download it from Internet. I’m willing to be convinced that nothing happened, but I’d have to see the evidence.”

Titus said the National Cancer Institute is not a customer of his business, but noted that he felt compelled to analyze the alleged hack because of its high-profile and the “deplorability” of hacking an entity that assists in cancer research.

“At the very least, it is deplorable that anyone would even claim to attack Cancer.gov, of all places,” Titus said.

The text prefacing the data dump contains the acronym “OMG,” the Twitter hash-tag #LULZ and the phrase, “CANCER.GOV BECAUSE WE LOVE YOU GOVERNMENT.”

OMG stands for the phrase “Oh My God,” and LULZ is Internet vernacular often used to describe finding humor at the expense of others.

About the Author

Frank Konkel is a former staff writer for FCW.

The 2014 Federal 100

Get to know the 100 women and men honored this year for going above and beyond in federal IT.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above