A week-old backup has saved the University of Ottawa’s online student news site The Fulcrum from being wiped off the internet after an attacker deleted years of content over the weekend.
On Saturday a staffer discovered the site was void of news stories except for a stock photo of a person lifting his middle finger with the headline: “Anti-union rag gets its entire website DELETED.”
This may have been a reference to the controversial allegations of financial mismanagement against the former student association called the Student Federation, which was replaced after a student vote in February by the new University of Ottawa Students’ Union.
According to the Ottawa Citizen, a forensic audit by PwC found no evidence of fraud. However, the report pointed out family members of the Federation’s president and executive director were awarded catering contracts without tender. The Federation did not have policies on conflict-of-interest or procurement of goods and services.
In an interview with CBC Radio’s show As It Happens, Fulcrum editor-in-chief Matt Gergyek was careful about concluding the attack was directly related to the news site’s coverage of the controversy. At the very least, he said, it was an attack on student journalism.
As for the incident, he was initially stunned. A writer who had gone on the site discovered the attack and phoned Gergyek, who was at a restaurant at the time. He told Global News that he dashed home and “began locking down everything.” About a decade of news stories and reader comments were gone. “We looked in the trash and it was empty,” he told the CBC. “It was a horrible feeling.”
Fortunately, the site’s web host had an emergency backup from April available, Gergyek told Global News. Stories currently on the site date back to April. Then on Tuesday he told CBC that a backup had been found that was only a week old. Gergyek hopes the site will be fully back online by the end of the week.
The incident is a reminder to content producers of all sizes of the need to regularly back up data, as well as have a tested disaster recovery plan. Content producers can be targets of anyone with a grudge, or just someone mischievous.
Two other pieces of advice: Content management applications like WordPress, Drupal and others must be regularly patched to avoid being hacked; and site administrators must ensure writers and editors with access use multi-factor authentication on top of usernames and passwords.