Congressmen's Websites Hacked

Homepages of a Dozen House Members Defaced
Congressmen's Websites Hacked
At least one hacker defaced the homepages of several members of the House of Representatives earlier this month.

According to a letter written by U.S. Rep. Spencer Bachus, R.-Ala, Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham informed him of the breach, and his staff immediately contacted the House Information Resources (HIR) office to determine the cause of the hack, which occurred over the weekend of Aug. 1 and 2.

A report on says that Bachus was among a dozen representatives - Democrats and Republicans - who had portions of their homepages defaced with digital graffiti. Among the other representatives whose homepages were breached: Duncan Hunter, R.-Calif.; Jesse Jackson Jr., D.-Ill; and Harry Mitchell, D-Ariz.

"The defacements ... did not result in the theft or loss of any sensitive data or materials," Jeff Ventura, a spokesman for the House chief administrative office, told the Post. "Over the last year, the House has continued aggressively fortifying its security systems. These improvements to our systems resulted in the swift identification of the site defacements, which were fixed within hours of being detected."

But Bachus complained his office was not immediately notified. "Only after questioning CAO staff were we told that we could expect information about the incident from (website vendor) GovTrends," Bachus wrote in a letter to House Chief Administrative Officer Daniel Beard. "As many as five days could have lapsed from when the hack occurred and when we would have been notified by GovTrends. It is my hope that your office will consider immediately informing member offices of cyber attacks in the future rather than relying on outside vendors."

GovTrends founder Ab Emam told the Post that the breaches were the result of passwords assigned by GovTrends to member offices that were never changed.

"Most of these passwords could be guessed, they were obvious," Emam said. "That's been changed, and each of these sites is now required to have strong passwords."

But Bachus is dubious. "Gary Warner, through his research, was able to document a series of more than 700 attacks by this criminal, a U.S.-based server he believes was used by this hacker to host his blog where he provides tutorials on SQL injection attacks, and intelligence revealing the university where the suspected hacker studied computer programming," Buchus wrote.

"GovTrends refused to provide copies of the logs of the intrusion and deferred to CAO," Buchus' letter continued. "While GovTrends is speculating to the press that this was a simple password guess, they have referred us to HIR to get evidence supporting their speculation. Please provide copies of the web logs and evidence supporting GovTrends speculation so that we can determine how best to proceed."

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.