Cybersecurity

NCI site hacked -- or was it?

lulzsec logo

LulzSecEurope, represented by this monocle-wearing mascot, posted code it claims it took from National Cancer Institute computers.

A group of hackers known as "LulzSecEurope” claimed they breached the National Cancer Institute’s website on Oct. 31, but the agency says the alleged hack didn’t happen.

Rumors of the hack circulated online Wednesday after the group claimed the hack on its Twitter page, posting a link to allegedly hacked data from the site.

However, a spokesperson for the National Cancer Institute, which coordinates the National Cancer Program for the U.S. Department of Health and Human Services, denied the claims that its site – www.cancer.gov – was hacked in any way.

“Someone retrieved open source code from a publically accessible website and posted it as evidence of a hack,” said the spokesperson, who did not want to be identified. “There are some places you can find code, and that’s all they did.”


Related story:

Cyber Insecurity: Managing to the risk


That explanation was not enough to convince some Internet security experts who caught wind of the alleged hack.

Aaron Titus, Chief Privacy Officer of New York-based Internet security company Identity Finder, said a third-party analysis of the data dump reveals numerous references to the National Institute of Health, the National Cancer Institute and user groups with government references.

“If they are asserting this is open source material completely unrelated to NIH, that doesn’t add up to me because there are references to NIH and the NCI peppered throughout the code,” Titus said. “You’d have to show me any open source application that contains references to NIH inside its core database when you download it from Internet. I’m willing to be convinced that nothing happened, but I’d have to see the evidence.”

Titus said the National Cancer Institute is not a customer of his business, but noted that he felt compelled to analyze the alleged hack because of its high-profile and the “deplorability” of hacking an entity that assists in cancer research.

“At the very least, it is deplorable that anyone would even claim to attack Cancer.gov, of all places,” Titus said.

The text prefacing the data dump contains the acronym “OMG,” the Twitter hash-tag #LULZ and the phrase, “CANCER.GOV BECAUSE WE LOVE YOU GOVERNMENT.”

OMG stands for the phrase “Oh My God,” and LULZ is Internet vernacular often used to describe finding humor at the expense of others.

About the Author

Frank Konkel is a former staff writer for FCW.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group