DSRT urges CTM to investigate incident with GIT website

The Bureau of Telecommunications Regulation (DSRT) has requested that CTM to launch a thorough investigation into an incident involving the website of the Transportation Infrastructure Bureau (GIT), which redirected users to obscene content on the night of February 12.
CTM confirmed on Tuesday that the GIT website had not been hacked as initially thought. “CTM is now in a position to confirm that the incident that affected GIT’s website was not caused by any type of cyber-attack or malicious activities against the webpage or the related systems, but rather by a third-party software fault in CTM’s cache system,” it stated.
CTM found that “the problem was caused by a logic design fault in the ‘content matching policy’” in its cache system. It then redirected user requests for access to certain content to the wrong URL (web address).
Users who tried to access a video on GIT’s website last Thursday night were redirected to an obscene video depicting a naked woman and two other people wearing horse costumes.
The company stressed that as soon as it had identified what had caused the incident, it “put the cache system offline, isolating it from the public.” “The cache system is used to temporarily store data relating to frequently accessed web content in order to enable users to get faster access to the related content, thus improving their web browsing experience,” CTM explained.
Upon receiving CTM’s report, DSRT called on the company to further investigate the case, and to also create a special task group to follow up on the incident.
“DSRT has received CTM’s preliminary report on the incident, and requested for the company to immediately verify the reliability of its third-party software to prevent similar incidents from occurring again,” the bureau said in a statement yesterday.
DSRT advised the local telecom services provider to continue monitoring the situation, and to solve any malfunctions affecting the normal use of the network as soon as possible.
CTM said that it expresses sincere apologies to the MSAR government, GIT and Internet users over the incident.  CP