IE 6 and out of date software, devices frequently give hackers easy access
On Friday, October 26, all of South Carolina was aghast at the news that our State Department of Revenue was hacked and 3 out of 4 taxpayer’s valuable personal data was stolen.
Haley said the attack was indicative of “the world we live in today” and that the lack of much national media interest into the episode shows how commonplace such attacks have become. At the same time, she called the attack “absolutely bizarre” and not something that happens every day.
Open letter to Governor Haley
Dear Governor Haley, Yes, hacking attempts happen every day. How do I know this? Because our firm provides website hosting to our clients. Almost every day our security systems notify us of the attempt of, as you have called them, “foreign nationals” to hack our customers’ websites.
Strong defenses work
We battle them with limited log-ins, locking out login attempts after a specified number of tries, educating our clients on the importance of highly secure passwords, and hardening all systems. We keep all software running our systems and our client’s sites up to date, and patch vulnerabilities immediately if a platform notifies us of the detection of a vulnerability in third-party software. We neither store sensitive credit card information or use systems for e-commerce which do. When we set up e-commerce systems for our clients, we refuse to allow their websites to store customer’s sensitive data. And finally, we back up each of the sites we host in triplicate, every night.
Out of date browsers, software allow hacks
Can you tell me with confidence that the SCDOR used similar attempts to secure my data? I don’t think you can and for this I’m outraged.
Yes, there are “foreign nationals” trying to hack systems right now. And given that you know this, did the IT professionals working for the State ensure that every device connected to the Internet had strong firewalls, and up-to-date virus protection on each and every device? Compromised sites on the Internet exploit vulnerabilities. Good systems detect exploits when users attempt to visit sites that may contain malware. Of course, if South Carolina is like many corporate entities, its computer systems still run Internet Explorer 6, a highly compromised browser that is now out of date and not supported, permitting incursions. Additionally, legacy software systems hard-coded to work with ancient programs permit flawed and weak old software to be compromised.
I’m mad as hell and think you should do more than tell us this is “the world we live in today.” I think you should document all the ways that SCDOR is deficient, and be transparent about how you are going to fix these issues. Then and only then, will I as a taxpayer have any opportunity to trust those who are supposedly working for me, the taxpayer.
Photo credit: flickr creative commons user Y4nuar