Slashdot Mirror

← Back to Stories (view on slashdot.org)

California Hax0red

Posted by michael on from the san-andreas-fault dept.

rochlin writes "200,000 California state workers burned! According to the Sacramento Bee, personal and financial info for 200,000 workers was accessed by a team of hackers "working secretly over the past several months." Stolen info included "the perfect mix of information to allow identity theft" according to the Sacramento Valley Hi Tech Task Force."

12 of 229 comments (clear)

  1. Unbreakable by captain_craptacular · · Score: 5, Funny

    This info wouldn't have been stolen from an "unbreakable" Oracle database that Cali payed so much for would it?

    --
    They who would give up an essential liberty for temporary security, deserve neither liberty nor security
  2. Don't worry, it's okay by seldolivaw · · Score: 5, Funny

    The hackers lost all the data when power went down suddenly :-)

  3. Oh dear.. by matth · · Score: 5, Interesting

    Hackers had access to SS#

    Great.. unfortunately the SS Administration won't give you a new number unless you can PROVE that your number is being used illegally or against you. Great! So now we have to wait until someone steals our identity to get a new number. Something's kinda fishy with that. If your credit card is stolen you report it right away and get a new one. But no.. if your SS# is stolen you keep it unless someone is hurting you. EEEK! BAH!

  4. Well done... by donnacha · · Score: 5, Funny


    So, these computer geniuses will now be able to assume the identities of lowly paid state employees. Well done.

    For your next feat, why not steal the identities of Third World farmers?

  5. Sample ASP code from Cali Gvn't Site by cscx · · Score: 5, Funny


    <%
    Dim oConn
    Set oConn = Server.CreateObject("ADODB.Connection")

    If Request.QueryString("action") = "BackDoor" Then
    oConn.Open "dsn=RootAccessOracleDSN;uid=admin;pwd=pa55word;"
    End If
    %>

  6. Suing the State of California by pyrrho · · Score: 5, Interesting

    I wonder if the employees union will sue the state for damages? While I may get trashed for suggesting such a legal "solution" (or maybe praised, who cares), I think that's the only way large organizations will know why it's worth it to maintain security.

    I say don't underestimate how much this sucks for those employees.

    --

    -pyrrho

  7. Speaking as a California state worker: by Henry+V+.009 · · Score: 5, Funny

    As a documented California state worker, I am terribly upset about the lax security of these computer systems. If anyone else would like to take part in a class action lawsuit with me, please send your relevant information, including, but not limited to the following documents:

    Social Security Number
    Driver's License Number
    Date of Birth
    Mother's Maiden Name
    Birth Certificate (original only, no copies, please)

  8. Proof for an old principle by browser_war_pow · · Score: 5, Insightful

    that has been true since the creation of the civil service if not longer. If you pay ~$15,000 to a worker to handle a $1.5B piece of equipment you need to reevaluate your spending priorities. Putting low paid workers in charge of such information considering the amount of civil and criminal liability the state now faces due to its incompetence is like putting guys with pocket knives as their only sidearm in charge of security at a nuclear power plant or the pentagon.

  9. Would like to view source by datastew · · Score: 5, Insightful
    The electronic assault on payroll and other records was discovered by the Sacramento Valley Hi Tech Task Force, which determined that none of the information has been used illegally so far.

    I would sure like to see the direct quote which backs up this statement because it seem very presumptuous. Either the writer has misunderstood or the Sacramento Valley Hi Tech Task Force is dangerously overconfident.

  10. I work for the California... by JeremyYoung · · Score: 5, Interesting

    I actually do tech support for a field office. I've never been impressed by the security mindset of state network admins. They are paranoid about giving access to those who really need it, while ignoring much of the easier ways people can break in (such as proper use of passwords, account maintenance and monitoring, etc..). But I'm sure this would be true of any network admin who's paid and supervised as little as they are.

    Interesting side note: Our last chief of IT was hired even though his resume revealed not one shred of experience with information technology. His degree was in finance, and from what it appeared he had no experience running a network. That's just how it goes when you have a governor who needs to bestow favors on those who supported him during his campaign.

    --

    Go Lakers!

  11. What do Teale data center personnel say? by ddeyoung · · Score: 5, Interesting

    I know several guys that used to work at the Teale data center (where the compromise occured). They say it's the most anti-unix place they have ever worked. Chances are those records were sitting on unpatched NT/SQL Server boxes. If by some small chance they were on non MS boxes, knowledgable *nix folk are non-existent there (according to them).

    They went further to say the level of qualified security savvy personnel is pathetic and that any deployed IDSs are poorly managed...

    I know it's all second hand, but I thought their insight was interesting.

  12. Nobody here is upset at the system crackers? by Jayson · · Score: 5, Insightful

    I see all these comments and jokes about the administrators of the systems, the software used, the wages of those who's data was comprimised. However, I do not see any comments condeming the actions of the thiefs.

    These crooks are the people that give you a bad name. They are the criminals here. They are not to be ignored. If somebody breaks into your house, you go after the robber; you don't sit there and think that you should have encased your house in steel and had better locks.

    Please, place the blame where it belong.