One or more hackers has plundered the US Department of Justice's World Wide Web site, defacing it with antigovernment graffiti.
The intruder was apparently protesting at the Communications Decency Act of 1996, which would criminalise the distribution or display or indecent material accessible by children on the Internet. In June, a three-judge panel in Philadelphia issued an injunction against enforcement of the act, calling it an unconstitutional violation of free speech. The Justice Department has appealed the decision.
A spokesman for the agency says it is not known who invaded the Web site in the attack on Friday, nor how the hack was accomplished. The site was taken down early on Saturday morning but was up again by Monday.
The Web site, which contains speeches, news releases, biographies and other information about the department, gets some 160,000 accesses, or hits, a week, the spokesman says.
Security expert Robert Campbell, managing director of Peak Consulting in Woodbridge, Virginia, says the Justice Department's Web developers may have left bugs in the source code that allowed a hacker to gain access to executable code. That may have been done by guessing the password of a privileged user or intercepting passwords on a communication line not properly protected, he says.
Campbell says Web software should be developed and carefully debugged on a separate machine, then only the object code ported to the publicly accessed Web server.
Campbell says another risk comes when users outsource Web development or maintenance to third parties who do not take the proper precautions.