Re: Major hack attack on the U.S. Senate

[Kirk Spencer <kspencer () ngrl org>]

Agreed this was not a "hack attack" as usually considered.  However, I would 
raise two points.  The first is simple - If someone starts reading files on a 
computer to which they are not supposed to have access, do we not consider 
this an attack?  Even if the reason they got in is configuration errors?

Second, there is a question of which side's position is easier to believe.  
You said: " Additionally the Republicans allegedly 'in the summer of 2002, 
their computer technician informed his Democratic counterpart of the glitch.'  
You cut off the next sentence which says:  " Other staffers, however, denied 
that the Democrats were told anything about it before November 2003."  The 
article does not state whether it was Democrat or Republican staffers.  

I'll ask a simple question which indicates why I think the latter is more 
probable:  Can you think of a sysadmin who wouldn't act when told that _all_ 
his clients' passwords were invalid because the permissions were misapplied?

I think that the word "hack" is wrong.  Otherwise, yes, I think the tenor of 
the article has validity.

Kirk Spencer

On Thursday 22 January 2004 10:29 pm, ~Kevin Davis³ wrote:
> This was clearly not a "hack attack".  The title and opening content of
> this article is quite intentionally misleading.  The phrases
> "infiltration", "monitoring secret memos", "exploited computer glitch",
> "hack attack" are used.  If you read the entire article you will find out
> the following:
>
> First, "A technician hired by the new judiciary chairman, Patrick Leahy,
> Democrat of Vermont, apparently made a mistake that allowed anyone to
> access newly created accounts on a Judiciary Committee server shared by
> both parties -- even though the accounts were supposed to restrict access
> only to those with the right password."
>
> Which means the Democrats screwed up setting up their own share point and
> allowed public access to it.  There was no "computer glitch" which was
> "exploited".  This was completely a human screw-up.  And there was no
> hacking ("exploitation of a computer glitch") done by the Republicans.
> Unless you wish to call clicking on a share point configured with public
> access and opening it up "hacking".
>
> Additionally the Republicans allegedly "in the summer of 2002, their
> computer technician informed his Democratic counterpart of the glitch".
>
> The Republicans knew that the share was supposed to be protected (why else
> would they inform the Democrats of the misconfiguration?) so they certainly
> did something wrong despite (supposedly) warning the Democrats of the
> problem, but not to the extent that the article - in the way that it was
> written - would like you to believe.
(snip)