Re: Major hack attack on the U.S. Senate

[~Kevin Davis³ <computerguy () cfl rr com>]

This was clearly not a "hack attack".  The title and opening content of this
article is quite intentionally misleading.  The phrases "infiltration",
"monitoring secret memos", "exploited computer glitch", "hack attack" are
used.  If you read the entire article you will find out the following:

First, "A technician hired by the new judiciary chairman, Patrick Leahy,
Democrat of Vermont, apparently made a mistake that allowed anyone to access
newly created accounts on a Judiciary Committee server shared by both
parties -- even though the accounts were supposed to restrict access only to
those with the right password."

Which means the Democrats screwed up setting up their own share point and
allowed public access to it.  There was no "computer glitch" which was
"exploited".  This was completely a human screw-up.  And there was no
hacking ("exploitation of a computer glitch") done by the Republicans.
Unless you wish to call clicking on a share point configured with public
access and opening it up "hacking".

Additionally the Republicans allegedly "in the summer of 2002, their
computer technician informed his Democratic counterpart of the glitch".

The Republicans knew that the share was supposed to be protected (why else
would they inform the Democrats of the misconfiguration?) so they certainly
did something wrong despite (supposedly) warning the Democrats of the
problem, but not to the extent that the article - in the way that it was
written - would like you to believe.

----- Original Message ----- 
From: "Richard M. Smith" <rms () computerbytesman com>
To: "BUGTRAQ@SECURITYFOCUS. COM" <BUGTRAQ () securityfocus com>
Sent: Thursday, January 22, 2004 12:25 PM
Subject: Major hack attack on the U.S. Senate


>
http://www.boston.com/news/nation/articles/2004/01/22/infiltration_of_files_
> seen_as_extensive?mode=PF
>
> Infiltration of files seen as extensive
> Senate panel's GOP staff pried on Democrats
> By Charlie Savage, Globe Staff, 1/22/2004
>
> WASHINGTON -- Republican staff members of the US Senate Judiciary Commitee
> infiltrated opposition computer files for a year, monitoring secret
strategy
> memos and periodically passing on copies to the media, Senate officials
told
> The Globe.
>
> From the spring of 2002 until at least April 2003, members of the GOP
> committee staff exploited a computer glitch that allowed them to access
> restricted Democratic communications without a password. Trolling through
> hundreds of memos, they were able to read talking points and accounts of
> private meetings discussing which judicial nominees Democrats would
fight --
> and with what tactics.
>
> The office of Senate Sergeant-at-Arms William Pickle has already launched
an
> investigation into how excerpts from 15 Democratic memos showed up in the
> pages of the conservative-leaning newspapers and were posted to a website
> last November.
>
> With the help of forensic computer experts from General Dynamics and the
US
> Secret Service, his office has interviewed about 120 people to date and
> seized more than half a dozen computers -- including four Judiciary
servers,
> one server from the office of Senate majority leader Bill Frist of
> Tennessee, and several desktop hard drives.
>
> ...