Turkish group linked to Wichita website has attacked other cities’ sites

10/12/2013 5:33 PM

10/13/2013 8:59 AM

In May, a Turkish group hacked into a city of Akron, Ohio, website that contained thousands of files with taxpayer information and Social Security and credit card numbers.

But an investigation has found that the cyberattack was politically motivated and the information so far hasn’t been sold or caused a monetary loss for anyone, a city official said Friday.

“Typically, there are two reasons people hack,” said Rick Schmahl, Akron’s chief information officer for technology. “One is they’re going to sell the information and profit in some way. Those are the ones you have to be really concerned about.

“The other is just to further a political message. That’s what we had in our case.”

If that holds true, that may be good news for the city of Wichita.

Sometime last weekend, a cyberattack was launched on Wichita’s electronic procurement system, the computer database that handles the city’s business transactions and includes bank information, Social Security numbers and taxpayer identification of vendors and some city employees.

Turkish Ajan – the same hacking group identified in the Akron attack as well as in numerous cyberattacks on businesses and other city governments – claimed responsibility for hacking into Wichita’s site.

While Akron acknowledged on May 16 – the day its site was hacked – that Turkish Ajan was responsible, Wichita won’t confirm that’s the group that attacked its database.

Mike Mayta, Wichita’s chief information officer for technology, cited the ongoing investigation by law enforcement, including the FBI, and wouldn’t discuss the hacking source.

Schmahl said he’s been following Wichita’s situation and sees similarities.

“Same m.o.,” he said. “The group just wants to be able to brag they got in.”

Those similarities include Turkish Ajan placing its logo and a political message that is critical of the United States’ involvement in the Middle East on the hacked site.

Two Internet news sites – Cyber War News and Softpedia – reported that the logo and message were on Wichita’s site.

Wichita certainly isn’t being singled out.

Turkish Ajan has targeted such companies as Mercedes-Benz Austria, McDonald’s South Korea, Toshiba Turkey and Casio China, according to Softpedia. There also have been numerous confirmations of local governments being hacked by the group.

Long investigations

Officials with the city of Lansing, state capital of Michigan, said its website was hacked by Turkish Ajan in late May. The group left its calling card with its logo and political message.

“They exploited a security hole,” said Randy Hannan, a Lansing spokesman, “but they weren’t able to go any further than to alter the home page.”

The attack didn’t reach any databases and the city was able to restore its site within two hours, Hannan said.

Akron’s experience was more severe. The cyberthieves broke into the city income tax database, which was loaded with private information.

“There’s no indications of people having identity theft,” Schmahl said. “We thought a few people did, but the timeline didn’t fit after we analyzed the information.”

A little more than a week after Turkish Ajan attacked the city of Akron’s site, the group hacked into the Akron-Canton Airport’s main page and covered the page with its message. The site was restored within three hours and no flight operations or other sensitive information was accessed, according to airport officials.

Turkish Ajan also has claimed to have hacked sites for the city of Lexington, Ky., and the police department for the city of Mobile, Ala., although those claims haven’t been confirmed.

Since the Akron attack, Schmahl said, the compromised site has been reworked. The city also has hired a company to do penetration tests, checking to see whether it can hack into Akron sites.

Five months after the attack, the investigation is ongoing. The FBI continues to work the case, Schmahl said.

“It is a long, long process,” he added.

Problem increasing

That much Wichita officials already understand.

The city’s procurement site will be shut down until “we can ensure that we can maintain the security of any data that comes into our system,” City Manager Robert Layton said.

No time frame is attached to that commitment. The city has said that as many as 29,000 vendors and employees may be affected. Officials said last week that they weren’t aware of anyone reporting a financial loss as a result of the attack.

Layton said the city will start using a temporary manual approach for accepting bids, which previously was done through the e-procurement site.

Mayta and Layton wouldn’t discuss the specifics of what is being done to protect all 14 sites the city operates.

“Obviously, because of this, we’re taking extra steps to look at the security of other systems,” Layton said.

Shortly after Akron’s attack, Mayor Dan Plusquellic told members of that city’s council that the city thwarts 100 attempts daily to attack its computer system, the Akron Beacon Journal reported.

Not all of those attacks are as sophisticated as have been described in Wichita’s case and in others, but the problem is increasing.

Other hackers have broken past the highly secure firewalls of the Pentagon and New York City banks.

“That’s the nature of technology,” Mayta said. “As it becomes more pervasive, more types of these things are going to occur.”

Editor's Choice Videos

Join the Discussion

The Wichita Eagle is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere on the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

Terms of Service