The Public Eye with Eric Chabrow

CISO Witnesses Hack Like No Other

CISO Witnesses Hack Like No Other

Bob Maley, as Pennsylvania's chief information security officer, has seen some strange attempts to hack the commonwealth's IT systems, but none like the one he witnessed last weekend.

Here's what Maley told attendees to an RSA Conference panel on state cybersecurity on Wednesday:

"We saw thousands of hits on our Department of Transportation driver license exam scheduling site coming out of Russia, the same thing over and over, scheduling driver license exams. It was encrypted traffic, and we were trying to figure out what the heck is going on. Were they trying to test our systems? What exactly were they up to? The answer was, we really didn't know."

Authorities eventually discovered that the hacker who used a proxy server in Russia to mask his identity owned a driving school in Philadelphia, and exploited a vulnerability in the driving test scheduling system to allow the scheduling of more tests than the allotted time slots. It could take upward of six weeks to schedule a driving test in Philadelphia. Said Maley:

"What he was doing was saying (to potential customers), "You go over across the street, to John's driver training, and it's going to take you six to eight weeks to get your test. We can get you in tomorrow."

Maley asked: Is this hack insidious? Does it rise to a crime of theft of services? These are questions Maley said he and other Pennsylvania officials continue to sort out.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.