Western Pennsylvania county website hacked
A county website in western Pennsylvania was allegedly hacked early Monday by intruders who set up an auto-redirect on the county’s main page.
The homepage for Indiana County — a county of approximately 88,000 residents approximately 65 miles northeast of Pittsburgh — redirected to a page claiming that it had been hacked by “Fouzi Baws-DZ & Farouk General.” The message was displayed in English and Arabic alongside a photo of Iraq’s former leader Saddam Hussein.
The site was hacked between 6 and 7 a.m., according to a report in the Indiana Gazette. A member of the county’s information services staff told the newspaper that the hacker appeared to have redirected website visitors to the hack message, located at a remote site, while still displaying the countyofindiana.org URL in the browser.
Some subpages on the website, including links to information about countywide property reassessment projects, remained live and accessible throughout the incident. Those links remain visible as county officials try to relaunch the sites after the attack.
By 9 a.m., county staff reportedly took back control of the site and were actively working to restore security. The site is now back online.
Bill Balint, the chief information officer for the county’s own Indiana University of Pennsylvania, told the Indiana Gazette it looked like the site had been comprised by a vulnerability in the software used to manage the site. Balint manages the information technology systems for the university but not for the county. The breached website identifies Eric Leonard as the director of the county’s information technology and data services department.
“No site is free from such risk,” Balint said. “There are a series of best practices that can help limit risk, but any system that is accessible at all is, by definition, vulnerable to unwanted access at least to some extent.”
A county staffer told the Gazette the site was expected to resume being live later Monday.