Wichita Attack Traced to Turkish Group

While city officials aren't speculating as to who brought down the Wichita procurement website, other sources credit a politically-motivated hacking group from Turkey.

by Bill Wilson and Rick Plumlee / October 11, 2013

The hacking of Wichita's electronic procurement website was reported on the Internet as early as Saturday, two days before city officials say they learned about the cyberattack.

Two Internet news sites say key information from the Wichita site such as bank files and Social Security numbers have already been leaked all over the Internet. The sites say a Turkish group, Turkish Ajan Hacker Group, is claiming responsibility for the cyberattack.

One of the sites, Cyber War News, says credit for the attack was claimed Saturday afternoon on Twitter by @AgentCorporatio. The site identifies Agent as a member or ex-member of the Turkish group. Cyber War News also criticizes the security of the city site, saying the attack "is a perfect example of a government website who stores personal data but does not do a great deal to prevent it being access(ed) and exposed."

The website Softpedia also referenced Turkish hacking into the city's sites.

The reason for the attack is the United States' support of Israel, the group claims in a message apparently left on the Wichita site.

"When you're trying to draw the map of 100-200 years later from now, you are trying to make Muslim people fight each other and finish-waste themselves and, we just can't spectate it. You are a country which bombs its own state, kills its own citizens, and blames the Muslims for it and tries to equate terrorism with them. This only suits insincere people which lack of human values, you," the message reads.

After the message, the Turkish group appears to take credit for other recent city cyberattacks and warns of more, "#akron #lansing #mobile #wichita ... to be continued," and signs off as Agent Hacker Group.

At an afternoon news conference Wednesday, Wichita police declined to talk about who was responsible for the attack.

"Who those people are I don't know," Capt. Gavin Seiler said, referring to those who are identifying the source of the attacks. "I don't know who you are talking to."

Federal and local law enforcement officers are trying to narrow the time frame when the city of Wichita's business computers were hacked, said Seiler, commander of WPD's Technical Services Bureau.

Local and federal law enforcement officials will only confirm that the cyberattack occurred between 1 a.m. Saturday and 8 a.m. Monday.

"We're still working on identifying the times that it specifically happened as well as who may have done it," Seiler said. "Some of the things we're seeing (from the hacker) are sophisticated, so it's taking time."

City council members said Wednesday afternoon they were unaware that a foreign cyberattack was possible.

"I haven't heard that," council member Janet Miller said. "But that's not surprising. We're not being briefed hourly on this thing. I'd hope senior staff knows this."

Seiler said the investigation is continuing into the attack that has left the city unable to do business with vendors, bidders and some employees.

City officials wouldn't comment on any possible methods used in the cyberattack. None of the vendors and employees potentially affected had reported security breaches on their accounts.

Based on current information, as many as 29,000 vendors and employees may be affected. The thieves may have obtained Social Security numbers, taxpayer identification numbers and banking information.

As a result, the city's ability to do business with builders, service providers, project bidders and some employees who received compensation for travel expenses has been halted. Project bidding set for Friday has been delayed until Oct. 18 while the system's software provider tries to beef up its security. Vendors were still unable to register at the site Wednesday afternoon.

The hacker didn't take any information was not taken from the city's bill payment databases, meaning that city utility customers are not affected.

This story originally appeared in The Wichita Eagle.