Hacking The Hill

[InfoSec News <alerts () infosecnews org>]

http://www.nationaljournal.com/njmagazine/cs_20081220_6787.php

By Shane Harris
National Journal Magazine
Dec. 20, 2008

On October 26, 2006, computer security personnel from across the 
legislative branch were informed that the Congressional Budget Office 
had been hit with a computer virus. The news might not have seemed 
extraordinary. Hackers had been trying for years to break into 
government computers in Congress and the executive branch, and some had 
succeeded, making off with loads of sensitive information ranging from 
codes for military aircraft schedules to design specifications for the 
space shuttle.

Employees in the House of Representatives' Information Systems Security 
Office, which monitors the computers of all members, staffers, and 
committee offices, had learned to keep their guard up. Every year of 
late, they have fended off more than a million hacking attempts against 
the House and removed any computer viruses that made it through their 
safeguards. House computers relay sensitive information about members 
and constituents, and committee office machines are especially loaded 
with files pertaining to foreign policy, national security, and 
intelligence. The security office took the information from the CBO 
attack and scanned the House network to determine whether any machines 
had been compromised in a similar fashion.

They found one. A computer in one member's office matched the profile of 
the CBO incident. The virus seemed to be contacting Internet addresses 
outside the House, probably other infected computers or servers, to 
download malicious files into the House system. According to a 
confidential briefing on the investigation prepared by the security 
office and obtained by National Journal, security employees contacted 
the member's office and directed staffers to disconnect the computer 
from the network. The briefing does not identify the member of Congress.

Apparently worried that the virus could have already infected other 
machines, security personnel met with aides from the member's office and 
examined the computer. They confirmed that a virus had been placed on 
the machine. The member's office then called the FBI, which employs a 
team of cyber-forensic specialists to investigate hackings. The House 
security office made a copy of the hard drive and gave it to the bureau.

Upon further analysis, the security office found more details about the 
nature and possible intent of the hack. The machine was infected with a 
file that sought out computers outside the House system to retrieve 
"malware," malicious or destructive programs designed to spy on the 
infected computer's user or to clandestinely remove files from the 
machine. This virus was designed to download programs that tracked what 
the computer user typed in e-mail and instant messages, and to remove 
documents from both the hard drive and a network drive shared by other 
House computers. As an example of the virus's damage, the security 
office briefing cited one House machine on which "multiple compressed 
files on multiple days were created and exported." An unknown source was 
stealing information from the computer, and the user never knew it.

Armed with this information about how the virus worked, the security 
officers scanned the House network again. This time, they found more 
machines that seemed to match the profile -- they, too, were infected. 
Investigators found at least one infected computer in a member's 
district office, indicating that the virus had traveled through the 
House network and may have breached machines far away from Washington.

[...]


_______________________________________________      
Help InfoSecNews.org with a donation!
http://www.infosecnews.org/donate.html