FTC dropped security requirements from contract for sites hit by Anonymous
If you were looking for a recipe for creating government websites that attract defacement attacks, the acquisition process that led to the creation of a set of recently hacked Federal Trade Commission sites would be a good place to start. Despite a raft of federal security regulations and guidelines for using cloud services, smaller projects often fall through the cracks of security oversight—just as they often do with outsourced marketing projects for large corporations.
The initial language of the FTC's solicitation for the $1.49 million contract that created the sites that were hacked on January 24 and February 17 set out very specific language about the security requirements for the site. But by the time the contract for a set of consumer and business education websites and social media was awarded to public relations firm Fleishman-Hilliard in August of 2011, those requirements were dropped from the statement of work.