I saw this article posted over at (Warning! High geek content link to follow) Slashdot yesterday and found it most interesting.

In a nutshell, here it is: the Department of the Interior keeps a database of Indian trust monies. Through gaping holes in security on both their Internet servers and internal servers (Administrator accounts with no passwords or simple passwords such as "passwd" easily discovered with basic cracking tools) officials of the court were able to Add bogus entries, delete legitimate entries, transfer funds from legitimate to bogus entries, etc. without the government detecting the breach of security.

The DOI has been notified of these security flaws previously but never took them seriously. The attorney who represented the DOI at one point said that he didn't understand such basic terms as "individual trust data" and "computer". This royally pissed off the judge and the result was the ruling to immediately shut down all computers with connections to the Internet, including the Internet servers. Unfortunately the DOI has the USGS, BLM, and Park Service websites in their jurisdiction.

Regardless of what you think about the whole Indian trust money issue, this security problem was HUGE and the DOI did nothing to resolve it. The server platforms that they were using are very secure when administered properly. Obviously they were not, and steps had to be taken to remedy this.

Sucks not to have that Parks, USGS, BLM, etc info available but it was necessary to fix the hole.