NEW YORK, Dec. 6 - Cyberterrorists attacked a National Human Genome Research Institute computer last week, slapping up a lone web page that threatened greater computer insurgence.
The web page, which was posted on Thursday morning, read "We are not hacker, we are just cyberterrorist!" and "Peace? We think you american won't have." The page was emblazoned with the Saudi Arabian flag and beset with typos.
NIH computer security experts detected the breach and removed the page that afternoon. The break-in was not serious, they said. The self-proclaimed cyberterrorists did not gain access to NHGRI or NIH web servers, but instead commandeered a development computer normally used for research programming.
"This one's not a juicy one," said Jaren Doherty, who manages information security for the NIH. "This machine that had web capability on it but wasn't being used for web services. A hacker got in, exploited the vulnerability, and created a web page, which is what everybody saw. As soon as we saw it, we disconnected the machine, and are now going through it and investigating."
Doherty said the attack was via SSH vulnerability, a weakness well known to computer security experts. He said that the breach did not threaten NIH's public website or expose sensitive information, and had no serious implications for computer security at the institute. "As far as I know, it was limited to that machine," he added.
The incursion is under investigation and has been referred to the agency's inspector general, but Doherty said he thought it was probably a simple matter of patching the problem.
"It wasn't a huge deal," said Larry Thompson, communications chief for the institute. "Nothing serious was at risk. It was just kind of weird and inconvenient."
The same day also saw a similar attack against the website of the National Oceanic and Atmospheric Administration, according to the Alldas website defacement archive. The pages are stored at mirror sites at http://defaced.alldas.de.