AUGUSTA — The central Internet portal to Maine state government offices was disabled for about three hours Monday morning after it was attacked by someone claiming to be a Russian hacker.

The hacker, who uses the Twitter account Vikingdom2015, boasted of the attack with a tweet: “http://maine.gov will be down for a while. ENJOY.”

The takedown disabled state agency websites and prevented users from accessing online services, such as registering motor vehicles, downloading tax forms or purchasing hunting and fishing licenses. In addition to disabling the Maine state website, the attacker also claimed responsibility Monday for bringing down the New Hampshire state website, and previously claimed to have taken down government websites in New Jersey, Oregon and Nebraska.

Maine.gov went down just before 9 a.m. and was back in service shortly after noon.

Alex Willette, spokesman for the Department of Administrative and Financial Services, which oversees the Office of Information Technology, said the site had been hit by an external attack known as denial-of-service. Such attacks disable websites by overloading servers with thousands of requests.

“Attacks to high-profile government websites are very common, and a thorough investigation is underway,” Willette said. “The important thing to note is that this was in no way a security breach, and we currently have no evidence to suggest that any personal information has been compromised.”

Advertisement

Willette described the attack as an “unfortunate inconvenience,” but stressed that sensitive data on state agencies had not been compromised.

The attack came roughly six weeks after the head of the state Office of Information Technology, Jim Smith, warned of an “unprecedented increase” in cyberattacks against the state’s network in testimony before the Legislature’s budget-writing committee. Cyberattacks against government agencies and businesses have increased in sophistication and frequency nationwide, according to reports by the U.S. Government Accountability Office. The incidents vary in severity, from disruption in service or website availability, to breaches that can extract sensitive data.

Vikingdom2015 previously tweeted a “hit list” of 50 state government sites that would be subject to attack. Maine and New Hampshire were at the top of the list. Vikingdom2015’s Twitter profile contains a link to the Russian Federation embassy in Washington, D.C., but it’s unclear if the attacker is affiliated with the Russian government or a Russian national.

The Twitter feed includes posts in which the attacker boasts of taking down other government and business websites.

Paul VandenBussche, general manager of Information Resource of Maine, a private vendor that works with the state to oversee and manage parts of the state’s website, did not respond to a request for comment.

According to the U.S. Computer Emergency Readiness Team, part of the Department of Homeland Security, denial-of-service attacks are designed to disable websites rather than hack them to extract data. According to the team, there is no effective way to prevent a denial-of-service attack, or a distributed denial-of-service attack, in which multiple computers and servers are used to strike a website.

Advertisement

Both types of attack have increased over the past several years, according to Internet security companies. A 2015 threat assessment report by the Internet security company McAfee Labs noted that denial-of-service interruptions made up 39 percent of all cyberattacks in the third quarter of 2014.

Such attacks have been used by small nation-states or terror organizations to cripple business and government websites. Financial institutions, whose customers depend on 24-hour, 365-day online service, are among the top targets. In some cases, attackers have tried to obtain ransom money in exchange for halting an attack.

Cybersecurity is also a concern for government agencies. Attacks involving federal government agencies jumped 35 percent between 2010 and 2013, from roughly 34,000 to about 46,000, according to a 2014 report by the Government Accountability Office.

Smith, the head of the state Office of Information Technology, told the Appropriations and Financial Affairs Committee on Feb. 10 that attacks against Maine’s network are on the rise. He said that in one day in July 2014, there were 36,000 hostile attempts to infiltrate the state’s file transfer infrastructure, which contains sensitive data.

In his report to the Legislature, Smith said that protecting the network “not only requires new security apparatus,” but also new technicians.

The technology office now runs on a two-year budget of $303 million. It has requested $285 million for the next two fiscal years in the budget it presented to lawmakers in February.

Advertisement

The office serves as a vendor to other state departments, billing them for the technical support and website development it provides. Financial data shows that the technology budget requests are on the rise for some state agencies.

Willette said some agency technology budgets could be increasing because of the timing of upgrades, such as an overhaul of an agency’s website. For example, the two-year budget request for the Department of Education shows a $2 million increase over its current technology expenditure.

Steve Mistler can be contacted at 620-7016 or at:

smistler@pressherald.com

Twitter: @stevemistler


Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.

Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.