Cybersecurity

NCI site hacked -- or was it?

lulzsec logo

LulzSecEurope, represented by this monocle-wearing mascot, posted code it claims it took from National Cancer Institute computers.

A group of hackers known as "LulzSecEurope” claimed they breached the National Cancer Institute’s website on Oct. 31, but the agency says the alleged hack didn’t happen.

Rumors of the hack circulated online Wednesday after the group claimed the hack on its Twitter page, posting a link to allegedly hacked data from the site.

However, a spokesperson for the National Cancer Institute, which coordinates the National Cancer Program for the U.S. Department of Health and Human Services, denied the claims that its site – www.cancer.gov – was hacked in any way.

“Someone retrieved open source code from a publically accessible website and posted it as evidence of a hack,” said the spokesperson, who did not want to be identified. “There are some places you can find code, and that’s all they did.”


Related story:

Cyber Insecurity: Managing to the risk


That explanation was not enough to convince some Internet security experts who caught wind of the alleged hack.

Aaron Titus, Chief Privacy Officer of New York-based Internet security company Identity Finder, said a third-party analysis of the data dump reveals numerous references to the National Institute of Health, the National Cancer Institute and user groups with government references.

“If they are asserting this is open source material completely unrelated to NIH, that doesn’t add up to me because there are references to NIH and the NCI peppered throughout the code,” Titus said. “You’d have to show me any open source application that contains references to NIH inside its core database when you download it from Internet. I’m willing to be convinced that nothing happened, but I’d have to see the evidence.”

Titus said the National Cancer Institute is not a customer of his business, but noted that he felt compelled to analyze the alleged hack because of its high-profile and the “deplorability” of hacking an entity that assists in cancer research.

“At the very least, it is deplorable that anyone would even claim to attack Cancer.gov, of all places,” Titus said.

The text prefacing the data dump contains the acronym “OMG,” the Twitter hash-tag #LULZ and the phrase, “CANCER.GOV BECAUSE WE LOVE YOU GOVERNMENT.”

OMG stands for the phrase “Oh My God,” and LULZ is Internet vernacular often used to describe finding humor at the expense of others.

About the Author

Frank Konkel is a former staff writer for FCW.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.