How did the attacker accomplish this hack?

Joseph is the Web site administrator for the Mason Insurance in New York, whose primary website is located at http://www.masonins.com/. Joseph uses his laptop computer regularly for website administration. One night, an associate notifies Joseph that the main Mason Insurance web site had been vandalized! In place of the legitimate content, the hacker had left a message ”H@cker Mess@ge: Y0u @re De@d! Fre@ks! ”
Joseph surfed to the Web site from his office, which was directly connected to Mason Insurance’s internal network using his laptop. However, no changes were apparent to him and he could see the legitimate content. Joseph was puzzled when another employee called in to report the defaced website.
Joseph logged off the company’s internal LAN and accessed the company Web site using his dial- up ISP connection. He browsed to http://www.masonins.com/ and saw the following on the web page:
H@ckermailto:H@cker Mess@gemailto:Mess@ge: Y0u @re De@dmailto:De@d! Fre@ksmailto:Fre@ks!
After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site, and found that every system file and all the Web content on the server were intact.
How did the attacker accomplish this hack?

Joseph is the Web site administrator for the Mason Insurance in New York, whose primary website is located at http://www.masonins.com/. Joseph uses his laptop computer regularly for website administration. One night, an associate notifies Joseph that the main Mason Insurance web site had been vandalized! In place of the legitimate content, the hacker had left a message ”H@cker Mess@ge: Y0u @re De@d! Fre@ks! ”
Joseph surfed to the Web site from his office, which was directly connected to Mason Insurance’s internal network using his laptop. However, no changes were apparent to him and he could see the legitimate content. Joseph was puzzled when another employee called in to report the defaced website.

Joseph logged off the company’s internal LAN and accessed the company Web site using his dial- up ISP connection. He browsed to http://www.masonins.com/ and saw the following on the web page:

H@ckermailto:H@cker Mess@gemailto:Mess@ge: Y0u @re De@dmailto:De@d! Fre@ksmailto:Fre@ks!

After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site, and found that every system file and all the Web content on the server were intact.