Hacker Takes Down City Web Site
Administration staff looks into options for professional Web development
07/11/2008 - The city of Crestwood's Web site was corrupted by a hacker sometime during the week of June 30, and city staffers are working to get a functioning Web site back online.
The Web site was taken offline when it was discovered that a hacker had injected a "Trojan horse" into the database and added a different Web address, to which users were directed, city officials said.
"We all recognize that the Web site is important to the community," Mayor Roy Robinson said. "We've tried to save money to build our own Web site. We should be designating a certain amount of money to maintain and protect it in a professional manner."
While the city's information systems team worked on rebuilding the server and retrieving backed-up files, city administration staff looked into options for professional Web development and maintenance.
"Some cities pay a professional organization to maintain their Web sites," said Brian Gross, assistant city administrator. He estimated that the cost for such a company to maintain the site would be equal to the $3,000 per year the city pays a former employee to do the work. However, based on two informal estimates, it could cost up to $15,000 to have a professional company create a new, secure Web site, he said.
The former employee, Dan Halloran, was the one who discovered the injected worm, said Gordon Shaffar, director of the city's information systems. The attack did not affect any of the city's financial or court systems, which are not associated with the Web site, Shaffar said. E-mail service was interrupted when the site was first taken offline, but Shaffar worked with AT&T to restore the e-mail connection, which can function independent of the Web site.
It is possible that the virus could have spread to the computers of users who logged onto the city Web site during the attack, Gross said.
Shaffar expected to get some version of a working Web site online by Monday.
Regional Justice Information Service (REJIS), a regional data processing center that manages police and court information for government agencies, was investigating to discover the IP address of the culprit computer, Gross said. REJIS would be responsible for reporting the crime to the proper authorities, he said.
Officials at the St. Louis County Municipal League had not heard of any other attacks on local city Web sites, said Stephen Ables, assistant director of the league.
Attacks have been more prevalent on foreign government Web sites, including those of Pakistan and Taiwan, in which so-called "hacktivists" attacked the sites as a means of making a political statement.
The U.S. Department of Agriculture Web site was hacked in July 2006. In recent years, municipal victims of Internet hackers include Denver, Berkeley, Calif., and Lubbock, Texas.
The aldermen were divided over how to handle the long-term future of the Web site. Robinson requested a motion to authorize the city administrator to move forward on securing a new Web developer, but the motion failed to get a second.
As the board will take a vacation day on July 22, the next regular meeting is not until Aug. 5. Meanwhile, "we'll do what we can," said Gross.