Cybersecurity

NCI site hacked -- or was it?

lulzsec logo

LulzSecEurope, represented by this monocle-wearing mascot, posted code it claims it took from National Cancer Institute computers.

A group of hackers known as "LulzSecEurope” claimed they breached the National Cancer Institute’s website on Oct. 31, but the agency says the alleged hack didn’t happen.

Rumors of the hack circulated online Wednesday after the group claimed the hack on its Twitter page, posting a link to allegedly hacked data from the site.

However, a spokesperson for the National Cancer Institute, which coordinates the National Cancer Program for the U.S. Department of Health and Human Services, denied the claims that its site – www.cancer.gov – was hacked in any way.

“Someone retrieved open source code from a publically accessible website and posted it as evidence of a hack,” said the spokesperson, who did not want to be identified. “There are some places you can find code, and that’s all they did.”


Related story:

Cyber Insecurity: Managing to the risk


That explanation was not enough to convince some Internet security experts who caught wind of the alleged hack.

Aaron Titus, Chief Privacy Officer of New York-based Internet security company Identity Finder, said a third-party analysis of the data dump reveals numerous references to the National Institute of Health, the National Cancer Institute and user groups with government references.

“If they are asserting this is open source material completely unrelated to NIH, that doesn’t add up to me because there are references to NIH and the NCI peppered throughout the code,” Titus said. “You’d have to show me any open source application that contains references to NIH inside its core database when you download it from Internet. I’m willing to be convinced that nothing happened, but I’d have to see the evidence.”

Titus said the National Cancer Institute is not a customer of his business, but noted that he felt compelled to analyze the alleged hack because of its high-profile and the “deplorability” of hacking an entity that assists in cancer research.

“At the very least, it is deplorable that anyone would even claim to attack Cancer.gov, of all places,” Titus said.

The text prefacing the data dump contains the acronym “OMG,” the Twitter hash-tag #LULZ and the phrase, “CANCER.GOV BECAUSE WE LOVE YOU GOVERNMENT.”

OMG stands for the phrase “Oh My God,” and LULZ is Internet vernacular often used to describe finding humor at the expense of others.

About the Author

Frank Konkel is a former staff writer for FCW.

Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.

Featured

  • SEC Chairman Jay Clayton

    SEC owns up to 2016 breach

    A key database of financial information was breached in 2016, possibly in support of insider trading, said the Securities and Exchange Commission.

  • Image from Shutterstock.com

    DOD looks to get aggressive about cloud adoption

    Defense leaders and Congress are looking to encourage more aggressive cloud policies and prod reluctant agencies to embrace experimentation and risk-taking.

  • Shutterstock / Pictofigo

    The next big thing in IT procurement

    Steve Kelman talks to the agencies that have embraced tech demos in their acquisition efforts -- and urges others in government to give it a try.

  • broken lock

    DHS bans Kaspersky from federal systems

    The Department of Homeland Security banned the Russian cybersecurity company Kaspersky Lab’s products from federal agencies in a new binding operational directive.

  • man planning layoffs

    USDA looks to cut CIOs as part of reorg

    The Department of Agriculture is looking to cut down on the number of agency CIOs in the name of efficiency and better communication across mission areas.

  • What's next for agency cyber efforts?

    Ninety days after the Trump administration's executive order, FCW sat down with agency cyber leaders to discuss what’s changing.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group