BreachExchange mailing list archives
Hackers down House Democrats' websites
From: Inga Goddijn <inga () riskbasedsecurity com>
Date: Tue, 28 Jun 2016 16:03:41 -0500
http://www.politico.com/story/2016/06/hackers-house-democrats-websites-224904 More than a dozen House Democrats’ official websites have been down since shortly after an overnight sit-in to push for gun control legislation, and the contractor operating the sites told POLITICO that hackers are to blame. The outage is affecting the congressional sites of Reps. Earl Blumenauer <https://cd.politicopro.com/member/51280>, John Carney <https://cd.politicopro.com/member/151744>, Rosa DeLauro <https://cd.politicopro.com/member/51351>, Lloyd Doggett <https://cd.politicopro.com/member/51359>, Tammy Duckworth <https://cd.politicopro.com/member/198768>, Donna Edwards <https://cd.politicopro.com/member/61889>, Sam Farr <https://cd.politicopro.com/member/51376>, Tulsi Gabbard <https://cd.politicopro.com/member/36630>, Alan Grayson <https://cd.politicopro.com/member/66847>, Marcy Kaptur <https://cd.politicopro.com/member/51457>, William Keating <https://cd.politicopro.com/member/158349>, John Larson <https://cd.politicopro.com/member/51477>, Jim McDermott <https://cd.politicopro.com/member/51511>, Richard Neal <https://cd.politicopro.com/member/51543>, Ed Perlmutter <https://cd.politicopro.com/member/51317>, Jackie Speier <https://cd.politicopro.com/member/57066> and Filemon Vela <https://cd.politicopro.com/member/198780>. With the exception of of Perlmutter, all of these lawmakers have contracts with a company called DCS to manage their websites. DCS builds websites using Joomla, a content management system that has suffered from serious security flaws <http://arstechnica.com/security/2015/10/joomla-bug-puts-millions-of-websites-at-risk-of-remote-takeover-hacks/> . “The sites were hacked,” Scott Ferson, the president of the public affairs group representing DCS, told POLITICO. Ferson said that DCS expected to restore site functionality “by the end of the week.” Gordon Stanton, DCS’s director of congressional services, told POLITICO that the hacker uploaded a file called a web shell to the database for one of the lawmakers’ websites and used it to launch a “coordinated attack” against the other sites. The Department of Homeland Security warned <https://www.us-cert.gov/ncas/alerts/TA15-314A> last November about this kind of attack. Stanton said the attack began at 1:05 p.m. on June 23, roughly two hours after House Democrats ended a day-long sit-in protesting a lack of action on gun control legislation. “We are working with House Security to remedy the situation in a way that restores the websites as quickly as possible while still ensuring comprehensive security,” he said. According to Ferson, “no information was compromised” in the hack. Several Hill staffers told POLITICO that many offices have expressed frustration with the inability of DCS to quickly respond to outages and security concerns. One affected office said it was the second time in 2016 that their website had gone down. Anger at DCS is so widespread that some aides asked colleagues on an internal email list for suggestions of other vendors. The role of Joomla in the hack remains unclear. The company did not respond to several requests for comment about whether its engineers knew of unpatched flaws in its code. Stanton said that DCS was "still investigating how the web shell was deployed, but we believe that Joomla’s security is as robust as any other CMS used by the House." A spokesman for the House Chief Administrative Officer, which handles logistical functions like IT for members’ office, said in a statement that the CAO was “working with these offices and [DCS] to ensure the offices' information is secure before the websites are relaunched.” Ferson said that DCS has spent time “coordinating with the House in terms of having the right solution in place” to deal with hacks. Stanton said that the House’s security team audits DCS’s servers and the websites it produces for lawmakers. The last such audit took place in March. The company also applies the latest security updates to its software every night, according to Stanton.
_______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Hackers down House Democrats' websites Inga Goddijn (Jun 29)