Congressmen's Websites HackedHomepages of a Dozen House Members Defaced
According to a letter written by U.S. Rep. Spencer Bachus, R.-Ala, Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham informed him of the breach, and his staff immediately contacted the House Information Resources (HIR) office to determine the cause of the hack, which occurred over the weekend of Aug. 1 and 2.
A report on washingtonpost.com says that Bachus was among a dozen representatives - Democrats and Republicans - who had portions of their homepages defaced with digital graffiti. Among the other representatives whose homepages were breached: Duncan Hunter, R.-Calif.; Jesse Jackson Jr., D.-Ill; and Harry Mitchell, D-Ariz.
"The defacements ... did not result in the theft or loss of any sensitive data or materials," Jeff Ventura, a spokesman for the House chief administrative office, told the Post. "Over the last year, the House has continued aggressively fortifying its security systems. These improvements to our systems resulted in the swift identification of the site defacements, which were fixed within hours of being detected."
But Bachus complained his office was not immediately notified. "Only after questioning CAO staff were we told that we could expect information about the incident from (website vendor) GovTrends," Bachus wrote in a letter to House Chief Administrative Officer Daniel Beard. "As many as five days could have lapsed from when the hack occurred and when we would have been notified by GovTrends. It is my hope that your office will consider immediately informing member offices of cyber attacks in the future rather than relying on outside vendors."
GovTrends founder Ab Emam told the Post that the breaches were the result of passwords assigned by GovTrends to member offices that were never changed.
"Most of these passwords could be guessed, they were obvious," Emam said. "That's been changed, and each of these sites is now required to have strong passwords."
But Bachus is dubious. "Gary Warner, through his research, was able to document a series of more than 700 attacks by this criminal, a U.S.-based server he believes was used by this hacker to host his blog where he provides tutorials on SQL injection attacks, and intelligence revealing the university where the suspected hacker studied computer programming," Buchus wrote.
"GovTrends refused to provide copies of the logs of the intrusion and deferred to CAO," Buchus' letter continued. "While GovTrends is speculating to the press that this was a simple password guess, they have referred us to HIR to get evidence supporting their speculation. Please provide copies of the web logs and evidence supporting GovTrends speculation so that we can determine how best to proceed."