By Jules Lindgren
A hacker, likely a subscriber to a high-speed cable provider in Canada, got into Provo city?s Web site Saturday and replaced the city?s Web pages with their own mocking messages.
The messages included such clever slams as ?So sorry, you got hacked,? and ?You?re stupid ?cause we can hack you.?
Robert Ridge, Provo city?s director of information systems, said although the Internet service provider was a Canadian cable provider, it?s possible the hackers took over someone else?s computer and used it to get into Provo City?s server.
?Basically, this could have theoretically come from any where in the world,? Ridge said.
The hackers got onto the city?s server through an outdated piece of software with a vulnerability. Ridge said staffers at the information systems office had forgotten the software was even on the computers and that?s why they didn?t patch it.
None of the city?s sensitive information is available through the Web server, so it was merely a nuisance, Ridge said.
?They vandalized it, it?s like if we had a billboard up there and they just painted over it with spray paint,? he said.
The computer recorded the hacker?s time of entry as 11:13 a.m., and employees shut down the server around 4 p.m. to restore the city?s information. The server was up and running again by 4 p.m. the next day.
Ridge said the information systems office will conduct an audit on all the city?s Web servers, checking how servers and be accessed and making sure servers with public access through the Internet are adequately protected.
?We?re already more vigilant on the servers we think actually people would hack,? Ridge said, ?Servers that have actually got some sensitive information we try to be more careful about.?
The audit shouldn?t cost anything other than time and people taken away from other projects, Ridge said, and should only take a few weeks.
Ridge said he doesn?t understand why someone would have bothered hacking into the server.
?There?s no money to be had, there?s no private or sensitive information to be had, why would they bother there?s no gain for them,? he said. ?They can?t leave their name or we?d prosecute them, so they don?t even get notoriety.?