By: Joel Davis
Orange County Register Site Beefs Up Security
In the aftermath of the most ominous “hacking” incident yet involving a newspaper Web site, The Orange County (Calif.) Register has “moved the whole server behind a firewall,” spokeswoman Nancy Souza said. “It’s not going to happen again.”
The Register’s parent company, Freedom Communications Inc., has information-systems personnel monitoring company sites on a 24-hour basis, both through electronic alarms and staff vigilance, she added. Whether other newspaper sites are adequately on guard is another question.
Cyber vandals registered a direct hit Sept. 29 on the Register’s Web site in what is believed to be the first true alteration of content at a U.S. media Web site. “It’s supposedly the first time hackers edited copy as opposed to replacing a whole home page with their own gobbledygook,” said Souza.
The Santa Ana-based daily’s Web site, ocregister.com, was altered for about 45 minutes on a Friday night. As many as 10 Freedom Communications sister papers were targeted in separate invasions Sept. 25.
While the motive behind the attacks isn’t known for certain, speculation at the Register is that they somehow are linked to anger at stories about the arrest of Jason Diekman, 20, of Mission Viejo, who allegedly hacked into computers operated by the National Aeronautics and Space Administration and several large universities. The invaders fiddled with a story about Diekman, mocking neighbors who were interviewed while adding insults and sexual remarks, and inserting a fake photo of the suspect.
One revised article identified Microsoft Corp.’s Bill Gates as admitting in court papers that he had hacked into “hundreds, maybe thousands” of computers, and falsely claimed he had been sentenced to jail for grand larceny in an “unrelated” case. “We don’t know why the hacker did it, but this was a local story for us, as opposed to most media that covered it,” Souza noted.
The invaders broke through via a Freedom file transfer protocol (FTP) port made by SGI. “They hacked into the system through an open port, so to speak,” Souza explained, adding that this particular server is seldom attacked because it is too expensive for most hackers to acquire and deconstruct. While editorial content was manipulated, there were no reader complaints or financial damage, Souza said.
Other Freedom papers hit by hackers included the Marysville Appeal-Democrat, a small Northern California daily. Publisher Olaf Frandsen said the site’s regular content was dumped in favor of lyrics of heavy-metal music and “teen-speak.”
“Somebody in the newsroom saw it and went and told an editor,” Frandsen said, adding that the problem took about two to three hours to fix. “The only thing that came out of it all was a note of caution. We were lucky. Next time, it could be more dramatic or costly.”
While the intruders’ work in these instances was fairly blatant, the fact that they were able to manipulate editorial content on the Register site is worrisome. “With The Orange County Register attack, the idea that you can never trust what you read in the paper takes on an entirely new meaning,” B.K. DeLong of Attrition.org, which monitors computer crime, told Inside.com. Statistics, quotes, or other facts could easily be altered.
“This hacker didn’t do a very good job of editing – it’s very juvenile,” Souza said. “The ethical issue is: what if someone more subtle gets in and changes the perception of the public?”
Joel Davis ([email protected]) is West Coast editor for E&P.
Copright 2000, Editor & Publisher.