Yesterday, we reported on a federal shutdown of “ca.gov” sites to fix a hack.
Well, we have a little more information on this.
It was the Marin County government website that started all of this — something we reported back in September 12th.
They were warned. But they didn’t believe the warnings:
Marin officials first learned of the hacker’s use of the site when private online security companies warned that the Web page had been infiltrated.
Steinhauser said she and other staffers at first were suspicious of the online warnings from security firms because they were worried they could be a form of “phishing” used by hackers seeking to hijack Web sites.
Well, here’s some email that Suzi Turner (who works for Sunbelt as a security consultant) had sent them, on September 12th (she also left them a voice mail). 
I had also sent them an email on September 12th:
And I’m pretty darned sure we’re not the only ones who alerted them.
There’s also an SC Mag story this morning, with speculation that this was an iFrame hack. No, actually, it was a DNS hack.
So, was shutting down the entire system overkill? Of course. It was complete overkill. But on the other hand, it’s a wake up call: Keep your site clean. And for pete’s sake, please heed the warnings of security researchers when they send you email.
Alex Eckelberry
(thanks to Ferg for his help, and also the numerous unnamed security researchers who helped on this as well.)