Slashdot Mirror

← Back to Stories (view on slashdot.org)

California Hax0red

Posted by michael on from the san-andreas-fault dept.

rochlin writes "200,000 California state workers burned! According to the Sacramento Bee, personal and financial info for 200,000 workers was accessed by a team of hackers "working secretly over the past several months." Stolen info included "the perfect mix of information to allow identity theft" according to the Sacramento Valley Hi Tech Task Force."

18 of 229 comments (clear)

  1. Unbreakable by captain_craptacular · · Score: 5, Funny

    This info wouldn't have been stolen from an "unbreakable" Oracle database that Cali payed so much for would it?

    --
    They who would give up an essential liberty for temporary security, deserve neither liberty nor security
    1. Re:Unbreakable by Heironymus+Coward · · Score: 4, Informative
      This info wouldn't have been stolen from an "unbreakable" Oracle database that Cali payed so much for would it?

      probably not... unless things have changed drastically since I left stat service, the Teale Data Center did not use Oracle. it was some custom (read: out-of-date) database running on VMS. the Oracle database was for state clients -- in other words, citzens, licensees, businesses. it ran on Solaris.

      I'm a little disappointed in the amount of information in the article. as I just mentioned, I used to work for the state. was any information on former employees compromised? they don't say. and probably won't answer if asked.

    2. Re:Unbreakable by Stephen+VanDahm · · Score: 4, Funny

      I don't need to point out that this data would have been much harder to steal if it had been spread out among 200,000,000 separate Oracle servers, like the Oracle folks and key Californian policymakers had recommended.

      Steve

  2. Don't worry, it's okay by seldolivaw · · Score: 5, Funny

    The hackers lost all the data when power went down suddenly :-)

  3. Oh dear.. by matth · · Score: 5, Interesting

    Hackers had access to SS#

    Great.. unfortunately the SS Administration won't give you a new number unless you can PROVE that your number is being used illegally or against you. Great! So now we have to wait until someone steals our identity to get a new number. Something's kinda fishy with that. If your credit card is stolen you report it right away and get a new one. But no.. if your SS# is stolen you keep it unless someone is hurting you. EEEK! BAH!

  4. Well thank goodness... by Levine · · Score: 4, Funny

    Thank goodness I don't live or work in California anymore!

    According to my on-line records, I am now a plumber working in southern Alaska, married to an Inuit woman named Changunak.

    Better get packing.

    levine

  5. Well done... by donnacha · · Score: 5, Funny


    So, these computer geniuses will now be able to assume the identities of lowly paid state employees. Well done.

    For your next feat, why not steal the identities of Third World farmers?

  6. Sample ASP code from Cali Gvn't Site by cscx · · Score: 5, Funny


    <%
    Dim oConn
    Set oConn = Server.CreateObject("ADODB.Connection")

    If Request.QueryString("action") = "BackDoor" Then
    oConn.Open "dsn=RootAccessOracleDSN;uid=admin;pwd=pa55word;"
    End If
    %>

  7. National ID's... by sterno · · Score: 4, Funny

    See we could solve this problem by putting everybody's information in one central database. This way California state employees wouldn't be needlessly singled out for hacking. ALL of us could get our information hijacked at once :)

    --
    This sig has been temporarily disconnected or is no longer in service
  8. Suing the State of California by pyrrho · · Score: 5, Interesting

    I wonder if the employees union will sue the state for damages? While I may get trashed for suggesting such a legal "solution" (or maybe praised, who cares), I think that's the only way large organizations will know why it's worth it to maintain security.

    I say don't underestimate how much this sucks for those employees.

    --

    -pyrrho

  9. Speaking as a California state worker: by Henry+V+.009 · · Score: 5, Funny

    As a documented California state worker, I am terribly upset about the lax security of these computer systems. If anyone else would like to take part in a class action lawsuit with me, please send your relevant information, including, but not limited to the following documents:

    Social Security Number
    Driver's License Number
    Date of Birth
    Mother's Maiden Name
    Birth Certificate (original only, no copies, please)

  10. Proof for an old principle by browser_war_pow · · Score: 5, Insightful

    that has been true since the creation of the civil service if not longer. If you pay ~$15,000 to a worker to handle a $1.5B piece of equipment you need to reevaluate your spending priorities. Putting low paid workers in charge of such information considering the amount of civil and criminal liability the state now faces due to its incompetence is like putting guys with pocket knives as their only sidearm in charge of security at a nuclear power plant or the pentagon.

    1. Re:Proof for an old principle by hey! · · Score: 4, Insightful

      Let's hold off on the rush to judgement until we've got more details. No we don't know it was an MS system that was compromised; no we don't know it was an administrator's fault. Basically, at this point we know absolutely nothing, including how the security problem was discoverd. We'll have to wait a few days. Until now it's all speculation.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  11. Would like to view source by datastew · · Score: 5, Insightful
    The electronic assault on payroll and other records was discovered by the Sacramento Valley Hi Tech Task Force, which determined that none of the information has been used illegally so far.

    I would sure like to see the direct quote which backs up this statement because it seem very presumptuous. Either the writer has misunderstood or the Sacramento Valley Hi Tech Task Force is dangerously overconfident.

  12. nice timing by 0WaitState · · Score: 4, Funny

    Oh good, another California State Government technology fiasco. Is this some kind of cosmic balance thing? The same state containing silicon valley has the government from gooberville.

    Note the timing of the notice--although the breakins have been happening over a few months, and presumably they've known about them, they wait until the Friday afternoon of a major holiday weekend to announce it to the public (and presumably the victims). Somebody's trying to save his sorry ass.

    --

    Remain calm! All is well!
  13. I work for the California... by JeremyYoung · · Score: 5, Interesting

    I actually do tech support for a field office. I've never been impressed by the security mindset of state network admins. They are paranoid about giving access to those who really need it, while ignoring much of the easier ways people can break in (such as proper use of passwords, account maintenance and monitoring, etc..). But I'm sure this would be true of any network admin who's paid and supervised as little as they are.

    Interesting side note: Our last chief of IT was hired even though his resume revealed not one shred of experience with information technology. His degree was in finance, and from what it appeared he had no experience running a network. That's just how it goes when you have a governor who needs to bestow favors on those who supported him during his campaign.

    --

    Go Lakers!

  14. What do Teale data center personnel say? by ddeyoung · · Score: 5, Interesting

    I know several guys that used to work at the Teale data center (where the compromise occured). They say it's the most anti-unix place they have ever worked. Chances are those records were sitting on unpatched NT/SQL Server boxes. If by some small chance they were on non MS boxes, knowledgable *nix folk are non-existent there (according to them).

    They went further to say the level of qualified security savvy personnel is pathetic and that any deployed IDSs are poorly managed...

    I know it's all second hand, but I thought their insight was interesting.

  15. Nobody here is upset at the system crackers? by Jayson · · Score: 5, Insightful

    I see all these comments and jokes about the administrators of the systems, the software used, the wages of those who's data was comprimised. However, I do not see any comments condeming the actions of the thiefs.

    These crooks are the people that give you a bad name. They are the criminals here. They are not to be ignored. If somebody breaks into your house, you go after the robber; you don't sit there and think that you should have encased your house in steel and had better locks.

    Please, place the blame where it belong.