|
Thursday, 16 February 2006 |
An unidentified hacker breached a state computer server and installed a program capable of observing credit card numbers used in transactions with the state, New Hampshire officials discovered yesterday.
Anyone who used a credit card in a transaction with the Division of Motor Vehicles, the Veterans Home, the Liquor Commission or to make a purchase at a state liquor store in the past six months should check their credit card statements for suspicious activity, officials said.
The security problem was discovered and addressed yesterday morning, though the hacker remained unidentified, said Gov. John Lynch, who called a news conference to announce the breach. As of yesterday evening, state officials had not learned of any actual cases of credit card fraud from the hacking. But they wanted people to be on the lookout for the possibility.
"We take very seriously the potential," Lynch said, appearing alongside state Attorney General Kelly Ayotte and Chief Information Officer Rick Bailey. "Our citizens need to have confidence that their transactions with the state are safe and secure."
Anyone who notices suspicious activity on their credit card statements is urged to call the state consumer protection hotline at (888) 468-4454, Lynch said.
The state Office of Information Technology discovered the presence of a "Trojan horse" application on one of its servers yesterday while installing a new program designed to monitor the state computing system, Bailey said. The intruding application had the capability to watch transactions as they moved through the hacked server but not to access stored information
The new program installed by the state yesterday will automatically search for, identify and counter security threats. But up until the installation yesterday, the state IT office had to check the servers manually, Bailey said.
The breached server is used primarily for DMV and Veterans Home transactions, but it also acts as a backup to the main server for the Liquor Commission and the state liquor stores, Bailey said. Until the installation of the MARS program yesterday, that server had last been checked for security violations six months ago. At that point, the server was clean, Bailey said.
The hacker installed the application externally through the internet, not from a state computer, Bailey said. The hacker had the ability to turn the credit-card "sniffing" program on and off, and it appeared to be off when the state discovered it, he said.
The state Department of Justice is investigating the matter, with assistance from the FBI and the United States Attorneys office. "We take the intrusion of the state system very, very seriously," Ayotte said.
The investigation is in the early stages, and state officials could not immediately determine how long the program had been in place or whether it had ever been activated. They also did not know last night how many transactions the server had processed in the past six months. The state uses hundreds of computer servers, and all of the others were also being checked yesterday for breaches, said Pam Walsh, a spokeswoman for the governor.
This is the first known case of a hacker trying to access state financial information in New Hampshire, though someone last year succeeded in changing the appearance of a state website, Bailey said. |
