Financial information not exposed in breach

0

CONCORD, N.H. (AP) – Officials say fears that credit or debit card information was taken from state computers earlier this year appear unfounded, because an unauthorized program that can allow hackers to watch transactions never was activated.

Attorney General Kelly Ayotte said Friday that FBI computer experts found the so-called “Cain and Abel” program had not been launched. The program’s discovery on a state server in February had triggered alarm.

The server handled payments for the state’s liquor stores, the Department of Motor Vehicles and the state Veterans Home in Tilton.

At the time, people who’d paid any of those agencies by credit or debit card were advised to check their statements closely for unauthorized use. Those with debit cards were advised to talk to their banks about how to protect their accounts.

“I am pleased that consumer information does not appear to have been placed at risk by the installation of this potentially dangerous program on the state server,” Ayotte said Friday in a statement.

The state Office of Information Technology discovered the program on Feb. 15 but no reports of illegal activity surfaced.

The FBI’s computer forensic analysts concluded Cain and Abel was installed on or about May 26, 2005.

Ayotte said investigators continue to study how the program ended up on a state server.

Doug Oliver, a state computer specialist who was placed on leave because of the investigation, said last month he installed Cain and Abel on a state server last year because it also can be used for security tests. In February 2005, Oliver was part of a three-person team which was directed to act like hackers to test state computer security. He said the program was turned off but should have been removed.

Senior Assistant Attorney General Richard Head would not comment Friday on the suspension or whether Oliver would be allowed to return to work.

Advertisement
SHARE