Hacker drops a bomb on nuclear watchdog's website
Someone hacked into the Canadian Nuclear Safety Commission's website and inserted a photograph of a nuclear explosion — spurring the agency to call in the RCMP.
The commission said themedia releases section of its website was vandalized bythe hacker. However, a spokesman emphasized thata person without a secure governmentloginwould not be able to access potentially dangerous information —such aspart of the agency's internal sitethat tracks the movement of high-risk radioactive sealed sources.
According to a report in Thursday's Ottawa Citizen, the commission's current and archived news releases were renamed "security breaches" and contained a photo of a mushroom cloud.
The photo was under the heading "for Immediate Release" and was accompanied by a caption reading: "Please dont [sic] put me in jail… oops, I divided by zero."
Commission spokesman Aurèle Gervais confirmed the defacement of the site and said the pages were disabled minutes after the newspaper contacted the agency.
Gervais said the vandalism occurred on a part of the agency's site run by an external provider with no link to the internal site.
A secure government login is needed to access the internal site with sensitive information, he said.
Still, the commission considers the incident "very serious" and has called the RCMP to investigate, Gervais said. He said it is the first time such a breach has occurred at the commission.
Government sites 'surprisingly easy' to hack: expert
But the sensitivity of the commission's mandate raises legitimate concerns about the safety of government-run websites, said Brian O'Higgins, the chief technology officer with Third Brigade, an Ottawa internet security firm.
"It's surprisingly easy to get onto the big servers and do this kind of defacement. The threat isn't getting better, it's getting worse," O'Higgins told CBC News Online.
O'Higgins said the increased variety of software and software upgrades for publishing to the internet opens up more and more vulnerabilities for hackers to exploit.
O'Higgins said it was clear from the way the commission's site was defaced that the hacker was more interested in drawing attention to the vandalism than finding secrets.
Buthe warned that defacement of sites is a declining trend as more hackers adopt a stealthy approach in hopes of finding a way to profit from their intrusions.