104°F
weather icon Mostly Clear
Las Vegas, NV
News

Hacker breaks into Henderson computer server

(Thinkstock)
More Stories
Karoline Leavitt, former President Donald Trump's campaign press secretary, speaks to the news ...
SAUNDERS: Two Big Media mistakes this week already
The 215 Beltway westbound is closed Thursday, June 20, 2024, due to a multiple-vehicle crash th ...
Wrong-way driver was going ‘over 100 mph,’ says son of man killed in crash
A copy of the Ten Commandments is posted along with other historical documents in a hallway of ...
Lawsuit challenges new Louisiana law requiring classrooms to display Ten Commandments
(AP Photo/Don Ryan, File)
Voter ID ballot has enough signatures to appear on November ballot, group says
By Eric Hartley Las Vegas Review-Journal
August 14, 2015 - 1:19 pm
 

A computer hacker broke into a city of Henderson Web server and had access to data for nine days before being detected, officials said this week.

The city said no personal or sensitive information was compromised, with the hacker only being able to see the raw versions of public data that are already searchable through Web forms.

But the highly unusual breach led the city to spend $40,000 on a consultant to make sure the intruder hadn't gained broader access to government systems. It also launched a law-enforcement investigation that's still pending.

"This is the first time since I've been here, and the first time I'm aware of, that we actually have somebody who got this far," said Laura Fucci, the city's chief information officer, who has been with Henderson since late 2012.

The city made no public announcement of the breach and discussed it in response to inquiries from the Review-Journal.

Fucci said the hack was detected June 29 when a system administrator noticed errors in a "tool" that monitors anonymous activity. Realizing there had been an intrusion, the administrator disabled the server, and the city started trying to determine how far the hacker had gotten.

The city also notified what a spokesman called the "appropriate federal authorities" — a likely reference to the FBI, which routinely investigates computer hacks since many originate from overseas.

FBI spokeswoman Bridget Pappas in Las Vegas declined to confirm or deny an investigation.

All Henderson employees were told to change their passwords, which Fucci called a standard response to any computer system breach.

Fucci declined to discuss how the attacker gained access beyond saying "hacking tools" were used. She said the city quickly decided to hire an outside company to investigate the breach and make sure it had been contained.

Within a few days, the city had signed a $40,000 contract with a company specializing in "incident response." Fucci declined to name the company, citing a nondisclosure agreement.

The hacker had gotten access to a server that held data on city detention center inmates and people who registered as volunteers. It also hosted Legitrack, an internal system used by employees to track bills at the Nevada Legislature.

"What we were concerned about is, did they get beyond that? Did they get into our internal network?" Fucci said. "And they did not get into our internal network."

The contractor analyzed city systems and saw no evidence the hacker had gained access to any other servers, Fucci said.

The intrusion has kept the tool that allows people to search for inmates in the city detention center offline for more than six weeks. Fucci said the city wants an outside security review to make sure it's safe before it goes back online.

The webpage does not tell viewers it is down because of a hack, but simply says: "Inmate Information is temporarily unavailable at this time. We apologize for any inconvenience and appreciate your patience. Please call 702-267-JAIL (5245) for more information."

While nine days sounds like a long time for an intrusion to go undetected, Fucci said it's short in computer security terms. She pointed to a report from security consultant Mandian that found the median time before a hack is detected is 205 days, or almost seven months.

Fucci said she expects the city to learn lessons from the hack that will make its systems safer.

Contact Eric Hartley at ehartley@reviewjournal.com or 702-550-9229. Find him on Twitter: @ethartley.

Don't miss the big stories. Like us on Facebook.
THE LATEST
WikiLeaks founder Julian Assange speaks on the balcony of the Ecuadorean Embassy in London, Feb ...
Julian Assange reaches plea deal with US Justice Department
By ALANNA DURKIN RICHER and ERIC TUCKER Associated Press

WikiLeaks founder Julian Assange will plead guilty to a felony charge in a deal with the U.S. Justice Department that will free him from prison and resolve a long-running legal saga that spanned multiple continents and centered on the publication of a trove of classified documents, according to court papers filed late Monday.

MORE STORIES
recommend 1
Federal jury convicts 5 men in massive illegal video streaming scheme
recommend 2
Henderson police officer involved in Thursday shooting ID’d
recommend 3
4 new Las Vegas Valley restaurants, plus a big-name closing
recommend 4
1 dead after shooting near Henderson Walmart
recommend 5
Man faces more than 100 charges in Henderson shooting spree
recommend 6
Two-state pursuit of motor home ends with arrests in Boulder City