Cybersecurity

NCI site hacked -- or was it?

lulzsec logo

LulzSecEurope, represented by this monocle-wearing mascot, posted code it claims it took from National Cancer Institute computers.

A group of hackers known as "LulzSecEurope” claimed they breached the National Cancer Institute’s website on Oct. 31, but the agency says the alleged hack didn’t happen.

Rumors of the hack circulated online Wednesday after the group claimed the hack on its Twitter page, posting a link to allegedly hacked data from the site.

However, a spokesperson for the National Cancer Institute, which coordinates the National Cancer Program for the U.S. Department of Health and Human Services, denied the claims that its site – www.cancer.gov – was hacked in any way.

“Someone retrieved open source code from a publically accessible website and posted it as evidence of a hack,” said the spokesperson, who did not want to be identified. “There are some places you can find code, and that’s all they did.”


Related story:

Cyber Insecurity: Managing to the risk


That explanation was not enough to convince some Internet security experts who caught wind of the alleged hack.

Aaron Titus, Chief Privacy Officer of New York-based Internet security company Identity Finder, said a third-party analysis of the data dump reveals numerous references to the National Institute of Health, the National Cancer Institute and user groups with government references.

“If they are asserting this is open source material completely unrelated to NIH, that doesn’t add up to me because there are references to NIH and the NCI peppered throughout the code,” Titus said. “You’d have to show me any open source application that contains references to NIH inside its core database when you download it from Internet. I’m willing to be convinced that nothing happened, but I’d have to see the evidence.”

Titus said the National Cancer Institute is not a customer of his business, but noted that he felt compelled to analyze the alleged hack because of its high-profile and the “deplorability” of hacking an entity that assists in cancer research.

“At the very least, it is deplorable that anyone would even claim to attack Cancer.gov, of all places,” Titus said.

The text prefacing the data dump contains the acronym “OMG,” the Twitter hash-tag #LULZ and the phrase, “CANCER.GOV BECAUSE WE LOVE YOU GOVERNMENT.”

OMG stands for the phrase “Oh My God,” and LULZ is Internet vernacular often used to describe finding humor at the expense of others.

About the Author

Frank Konkel is a former staff writer for FCW.

The Fed 100

Read the profiles of all this year's winners.

Featured

  • Shutterstock image (by wk1003mike): cloud system fracture.

    Does the IRS have a cloud strategy?

    Congress and watchdog agencies have dinged the IRS for lacking an enterprise cloud strategy seven years after it became the official policy of the U.S. government.

  • Shutterstock image: illuminated connections between devices.

    Who won what in EIS

    The General Services Administration posted detailed data on how the $50 billion Enterprise Infrastructure Solutions contract might be divvied up.

  • Wikimedia Image: U.S. Cyber Command logo.

    Trump elevates CyberCom to combatant command status

    The White House announced a long-planned move to elevate Cyber Command to the status of a full combatant command.

  • Photo credit: John Roman Images / Shutterstock.com

    Verizon plans FirstNet rival

    Verizon says it will carve a dedicated network out of its extensive national 4G LTE network for first responders, in competition with FirstNet.

  • AI concept art

    Can AI tools replace feds?

    The Heritage Foundation is recommending that hundreds of thousands of federal jobs be replaced by automation as part of a larger government reorganization strategy.

  • DOD Common Access Cards

    DOD pushes toward CAC replacement

    Defense officials hope the Common Access Card's days are numbered as they continue to test new identity management solutions.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group