There is no doubt that the eNaTIS website was hacked (in the common usage of the word) yesterday, twice. The attackers, possibly making use of a simple exploit in an outdated, unpatched version of Joomla, a commonly-used open source content management system, first struck with a polite warning in the ‘How do I’ section.
When this was ignored, the same or other attackers then overwrote the entire front page of the site.
So when the Department of Transport released a hastily-worded press release condemning ‘in the strongest terms the recent news reports purporting that the eNaTIS website has been hacked’, they only drew more unflattering attention to themselves with their attempt to deny the undeniable.
While some readers may have confused the website with the the actual eNaTIS system, most of the press coverage was quite clear in the distinction, and it seems that the primary confusion was inside the Department of Transport.
While it’s sensible for the department to clarify that the main system was unaffected, the defensive tone and inaccuracies in the press release, as well as the statement on their now-restored site, only reflect badly on an organisation that has hardly covered itself in glory.
Dear department of transport,
Joomla is crap.
Brad.