Steamboat Springs Routt County’s information systems director said no personal or sensitive information was accessed when hackers posted messages and logos on Routt County’s main public Web site during the weekend.
Terry Barber, the county’s director of information systems and GIS, said the hack occurred Friday evening. The hackers breached the county’s Web site, www.co.routt.co.us, and placed items on the index page including a logo shaped like a two-headed eagle; an apparent moniker of “Road_Killer;” statements including “(expletive) Russia” and “(expletive) Serbia,” and a message apparently directed to the county that read: “Admin Please Change Your Password, And Patch Your Bugs Don’t Be Stupid.”
One of the groups appearing to take credit for the hack is the Kosova Hackers Group, which in the past has claimed responsibility for hacks into prominent Web sites of some Eastern European countries. The two-headed eagle is the national symbol of Albania, and the hack includes reference to “United States of Albania.”
Shortly after 10:30 p.m. Friday, Routt County systems administrator Jason Deckler sent an e-mail to county employees notifying them of the incident.
“They just basically overwrote our code with some other code of their own that they wanted to put in,” Barber said. “We replaced the entire thing with a Web site under construction.”
Although the Web site was not accessible through the county’s homepage, department-level pages still could be accessed during the weekend through Google searches and direct URL addresses.
Barber said he and his staff would continue to look into the source and nature of the hack today. He stressed that to his knowledge, no personal or sensitive information — such as county employee files or voter registration records — was accessed.
“There’s no information on there that’s not public information,” he said of the county site. Sensitive information, he added, requires a log-in process to access an entirely different server.
“All that (information) is through a different server and a different database,” he said. “Those servers weren’t touched.”
Barber said he had not filed a report with the Steamboat Springs Police Department or the Routt County Sheriff’s Office.
“It’s not a critical thing yet to us,” Barber said of the hack. “It looks like it came from outside the country, but we don’t know that for sure. We’ve got to do more research on it.”
Dave Joly, media coordinator for the Federal Bureau of Investigation in Denver, said the Denver office would not investigate the hack until a police report was filed.
“The request would have to come from the local jurisdiction before we would even look into the case,” Joly said.
Barber said “pair Networks,” a Pittsburgh-based Web hosting service, is the county’s Web service provider for some of its Web pages. Other county pages are managed internally, Barber said.
He said the county’s content management system dates to “1999 or 2000” — Barber began his job in 2002 — and was designed for Routt County by a company that no longer exists.
“It’s just old technology,” he said, adding that he couldn’t name the content system. “I couldn’t tell you what it is anymore — the best thing to call it is just a proprietary content management system.”
Barber said budget requests for Web improvements in recent years have not been successful.
Plummeting revenues last year caused county Finance Director Dan Strnad to project a $5 million shortfall in the county budget for 2009. After a 10 percent pay cut, employee furloughs and other measures, Routt County staff and commissioners trimmed that shortfall to about $1 million at the end of 2009. The furloughs ended Jan. 1, but the county lost the equivalent of 21 full-time employees last year, either through layoffs or not filling vacant positions.
Commissioners Diane Mitsch Bush and Nancy Stahoviak said Sunday that the budget environment made any spending request challenging.
“In general, for our 2010 budget, it was not what can we add, it was what can we subtract,” Mitsch Bush said. “We were so concerned about cutting, and trying to make cuts that would help us prevent layoffs.”
Mitsch Bush said the hack is an unfortunate sign of the times.
“It’s just a shame that people who are so smart and so creative turn their intelligence to screwing things up for other people,” she said. “Our world just doesn’t need that, in general.”