Bugtraq mailing list archives
RE: Major hack attack on the U.S. Senate
From: "B. Kinney" <bkinney () fatcow com>
Date: Fri, 23 Jan 2004 14:45:57 -0700
I don't disagree with your opinion on the article - it was meant to be shock journalism. It's the only way they can get us to read anything about our political system. I still am of the nature that you don't go places you don't belong. If you need a more concrete example, think about the ladie's room. How old were you when you learned which door is NOT yours? Do you ever enter the wrong one with the intent of seeing something?! If you did, don't you think your friends and coworkers would find it inappropriate and disgraceful? ----Original Message----- From: ~Kevin DavisĀ³ [mailto:computerguy () cfl rr com] Sent: Thursday, January 22, 2004 8:29 PM To: BUGTRAQ@SECURITYFOCUS. COM Subject: Re: Major hack attack on the U.S. Senate This was clearly not a "hack attack". The title and opening content of this article is quite intentionally misleading. The phrases "infiltration", "monitoring secret memos", "exploited computer glitch", "hack attack" are used. If you read the entire article you will find out the following: First, "A technician hired by the new judiciary chairman, Patrick Leahy, Democrat of Vermont, apparently made a mistake that allowed anyone to access newly created accounts on a Judiciary Committee server shared by both parties -- even though the accounts were supposed to restrict access only to those with the right password." Which means the Democrats screwed up setting up their own share point and allowed public access to it. There was no "computer glitch" which was "exploited". This was completely a human screw-up. And there was no hacking ("exploitation of a computer glitch") done by the Republicans. Unless you wish to call clicking on a share point configured with public access and opening it up "hacking". Additionally the Republicans allegedly "in the summer of 2002, their computer technician informed his Democratic counterpart of the glitch". The Republicans knew that the share was supposed to be protected (why else would they inform the Democrats of the misconfiguration?) so they certainly did something wrong despite (supposedly) warning the Democrats of the problem, but not to the extent that the article - in the way that it was written - would like you to believe. ----- Original Message ----- From: "Richard M. Smith" <rms () computerbytesman com> To: "BUGTRAQ@SECURITYFOCUS. COM" <BUGTRAQ () securityfocus com> Sent: Thursday, January 22, 2004 12:25 PM Subject: Major hack attack on the U.S. Senate
http://www.boston.com/news/nation/articles/2004/01/22/infiltration_of_fi les_
seen_as_extensive?mode=PF Infiltration of files seen as extensive Senate panel's GOP staff pried on Democrats By Charlie Savage, Globe Staff, 1/22/2004 WASHINGTON -- Republican staff members of the US Senate Judiciary Commitee infiltrated opposition computer files for a year, monitoring secret
strategy
memos and periodically passing on copies to the media, Senate officials
told
The Globe. From the spring of 2002 until at least April 2003, members of the GOP committee staff exploited a computer glitch that allowed them to access restricted Democratic communications without a password. Trolling through hundreds of memos, they were able to read talking points and accounts of private meetings discussing which judicial nominees Democrats would
fight --
and with what tactics. The office of Senate Sergeant-at-Arms William Pickle has already launched
an
investigation into how excerpts from 15 Democratic memos showed up in the pages of the conservative-leaning newspapers and were posted to a website last November. With the help of forensic computer experts from General Dynamics and the
US
Secret Service, his office has interviewed about 120 people to date and seized more than half a dozen computers -- including four Judiciary
servers,
one server from the office of Senate majority leader Bill Frist of Tennessee, and several desktop hard drives. ...
Current thread:
- Re: Major hack attack on the U.S. Senate, (continued)
- Re: Major hack attack on the U.S. Senate rsh (Jan 24)
- Re: Major hack attack on the U.S. Senate Kirk Spencer (Jan 24)
- Re: Major hack attack on the U.S. Senate Crispin Cowan (Jan 26)
- Re: Major hack attack on the U.S. Senate Daniel . Capo (Jan 24)
- Re: Major hack attack on the U.S. Senate Dinesh Nair (Jan 24)
- Re: Major hack attack on the U.S. Senate ed (Jan 24)
- Re: Major hack attack on the U.S. Senate Brian C. Lane (Jan 23)
- Re: Major hack attack on the U.S. Senate Kevin Reardon (Jan 24)
- Re: [work] Re: Major hack attack on the U.S. Senate opticfiber (Jan 24)
- Re: [work] Re: Major hack attack on the U.S. Senate Jonathan A. Zdziarski (Jan 24)
- RE: Major hack attack on the U.S. Senate B. Kinney (Jan 24)
- Message not available
- RE: Major hack attack on the U.S. Senate bugtraq (Jan 24)
- Message not available