It isn’t often that organizations admit they’re the victim of malware. So it comes as no surprise that the province of Nova Scotia has now publicly acknowledged that a month ago its lobbyist registry was knocked out by a SQL injection virus and won’t be back online until next week.
Created in 2002, the registry is part of Access Nova Scotia, a collection of online services for the public and businesses. Persons who lobby the government on issues have to list their names in the registry database, which can be searched by the public.
Not only is the database closed, but also the links to Web pages that explain the registry.
In an email to ComputerWorld Canada, Susan Mader Zinck, communications advisor to Service Nova Scotia, said the registry has 84 names. The department notified everyone who has an account about technical difficulties, she said, and the Web site had information for the public on how to contact the office for information.
She wouldn’t give details of how the virus was able to attack the site. The province uses technical measures to prevent attacks, she wrote, “but occaisionally viruses can slip through between updates.”
To protect against future attacks the IT department has added code to format the Web site’s SQL statements in such a way they are not vulnerable, she added. The department is also reviewing other sites to ensure there hasn’t been a breach.