MUST READ! "Hacking The Hill"--National Journal Magazine COVER STORY

[David Farber <dave () farber net>]

Begin forwarded message:

From: dewayne () warpspeed com (Dewayne Hendricks)
Date: January 20, 2009 2:59:33 PM EST
To: Dewayne-Net Technology List <xyzzy () warpspeed com>
Subject: [Dewayne-Net] MUST READ!  "Hacking The Hill"--National  
Journal Magazine COVER STORY

[Note:  This item comes from friend Steve Goldstein.  I'm way behind  
on posting to my list and am planning to work thru the backlog  
starting today.  If you've sent something in and haven't seen it post,  
please be patient.  I appreciate all your submissions as you help to  
make this list and experience what it is.  Thanks!  DLH]

From: Steve Goldstein <steve.goldstein () cox net>
Date: December 19, 2008 12:19:12 PM PST
To: dewayne () warpspeed com (Dewayne Hendricks), "David Farber [IP]" <dave () farber net 
>
Subject: MUST READ!  "Hacking The Hill"--National Journal Magazine  
COVER STORY

National Journal Magazine
COVER STORY
Hacking The Hill
How the Chinese -- or someone -- hacked into House of Representatives  
computers in 2006, and what it will take to keep out the next  
electronic invader.

by Shane Harris

Saturday, Dec. 20, 2008


Hacking the Hill: One of the very best cyber security stories of the
year was published this morning in the National Journal with details
about the hacking of Congress.  National Journal is the authoritative
publication read by most executive and legislative branch leaders in the
US government, but it is expensive and rarely posted and usually the
rest of us don't get to see what it contains. This time, for SANS alumni
and NewswBites readers, they made an exception.  Written by Shane
Harris, it is at:

<http://www.nationaljournal.com/njmagazine/cs_20081220_6787.php>


Excerpts:

On October 26, 2006, computer security personnel from across the  
legislative branch were informed that the Congressional Budget Office  
had been hit with a computer virus. The news might not have seemed  
extraordinary. Hackers had been trying for years to break into  
government computers in Congress and the executive branch, and some  
had succeeded, making off with loads of sensitive information ranging  
from codes for military aircraft schedules to design specifications  
for the space shuttle.
..
A computer in one member's office matched the profile of the CBO  
incident. The virus seemed to be contacting Internet addresses outside  
the House, probably other infected computers or servers, to download  
malicious files into the House system. According to a confidential  
briefing on the investigation prepared by the security office and  
obtained by National Journal, security employees contacted the  
member's office and directed staffers to disconnect the computer from  
the network. The briefing does not identify the member of Congress.

Apparently worried that the virus could have already infected other  
machines, security personnel met with aides from the member's office  
and examined the computer. They confirmed that a virus had been placed  
on the machine. The member's office then called the FBI, which employs  
a team of cyber-forensic specialists to investigate hackings. The  
House security office made a copy of the hard drive and gave it to the  
bureau.

Upon further analysis, the security office found more details about  
the nature and possible intent of the hack. The machine was infected  
with a file that sought out computers outside the House system to  
retrieve "malware," malicious or destructive programs designed to spy  
on the infected computer's user or to clandestinely remove files from  
the machine. This virus was designed to download programs that tracked  
what the computer user typed in e-mail and instant messages, and to  
remove documents from both the hard drive and a network drive shared  
by other House computers. As an example of the virus's damage, the  
security office briefing cited one House machine on which "multiple  
compressed files on multiple days were created and exported." An  
unknown source was stealing information from the computer, and the  
user never knew it.

Armed with this information about how the virus worked, the security  
officers scanned the House network again. This time, they found more  
machines that seemed to match the profile -- they, too, were infected.  
Investigators found at least one infected computer in a member's  
district office, indicating that the virus had traveled through the  
House network and may have breached machines far away from Washington.

Eventually, the security office determined that eight members' offices  
were affected; in most of the offices, the virus had invaded only one  
machine, but in some offices, it hit multiple computers. It also  
struck seven committee offices, including Commerce; Transportation and  
Infrastructure; Homeland Security; and Ways and Means; plus the  
Commission on China, which monitors human rights and laws in China.  
Most of the committee offices had one or two infected computers. In  
the International Relations Committee (now the Foreign Affairs  
Committee) office, however, the virus had compromised 25 computers and  
one server.

..
The confidential briefing does not say where the hacker was, nor does  
it attribute the attack to a particular group or country. Such  
information is notoriously difficult for investigators to ascertain.  
But according to some members of Congress whose machines were  
infected, the attack described in the briefing emanated from China and  
was probably designed to steal sensitive information from lawmakers'  
and committee offices.

Chinese Traces

That allegation and others about Chinese cyber-espionage lie at the  
heart of a simmering controversy over Chinese or China-supported  
hacking of U.S. government computer systems. As National Journal  
reported earlier this year, computer hackers, who several  
investigators and senior government officials believe are based in  
China and sometimes work on the Chinese government's behalf, have  
penetrated deeply into the information systems of U.S. corporations  
and government agencies.

The hackers have reportedly stolen proprietary information from  
executives and even one Cabinet secretary in advance of business  
meetings in China. Some sources contend, moreover, that Chinese  
hackers may have played a role in two major power outages in the  
United States. Power companies and outside investigators call such  
allegations demonstrably untrue, but many cyber-security professionals  
express considerable anxiety about the vulnerability of U.S. networks.

Concern about China is so great that, only hours before the opening  
ceremonies of the Olympic Games in Beijing last summer, the United  
States' top counterintelligence official, Joel Brenner, warned  
American visitors to leave their cellular phones and wireless handheld  
computers at home. "Somebody with a wireless device in China should  
expect it to be compromised while he's there," Brenner said on CBS  
News. "The public security services in China can turn your telephone  
on and activate its microphone when you think it's off." For those who  
were required or determined to take their electronic equipment,  
Brenner advised that they remove the batteries when they were not  
using the device.

Chinese sources were at the root of the hack on members of Congress in  
2006, according to some lawmakers. In an interview with National  
Journal last summer, Rep. Mark Kirk, R-Ill., said that the virus  
described in the House's confidential briefing had infected a machine  
in his office. House security personnel informed him of the infection,  
Kirk said, and he called the FBI.

Kirk then co-chaired the House U.S.-China Working Group, whose members  
had met with 11 Chinese business leaders less than a year earlier to  
discuss bilateral trade issues. The group has held monthly meetings to  
foster a diplomatic dialogue between Chinese and U.S. officials. Kirk  
said that his office's infected computer was trying to contact  
Internet addresses that "eventually resolved themselves in China." He  
hastened to add, "Obviously, you don't know who is the real owner or  
operator of the [Internet] address."

..

.. Although Kirk said he didn't know what files, if any, the hacker  
had pilfered, he assumed that the intruder wasn't looking for  
information about Kirk's constituents in Illinois. He concluded that  
the hacker was more interested in his China policy. "At that point,"  
Kirk said, "it seemed what we had was a case of overseas espionage."

This past June, Rep. Frank Wolf, a Republican from Northern Virginia,  
took to the House floor and announced that four of his office's  
computers "were compromised by an outside source."

"On these computers," he said, "was information about all of the  
casework I have done on behalf of political dissidents and human- 
rights activists around the world." Wolf is an outspoken critic of  
China's human-rights policies.

"That kind of information, as well as everything else on my office  
computers -- e-mails, memos, correspondence, and district casework --  
was open for outside eyes to see," Wolf said. And then, without naming  
names, he added, "Several other members were similarly compromised."

Wolf said he had met with staff from the House Information Resources  
office and with FBI officials. "It was revealed," he said, "that the  
outside sources responsible for this attack came from within the  
People's Republic of China." A spokesperson for Wolf told NJ that the  
intrusion he spoke of on the House floor is the same attack described  
in the confidential briefing obtained by National Journal and prepared  
by the House information security office. That briefing states that  
Wolf was one of the eight members affected, and that four of his  
machines were hit -- the same number that Wolf cited publicly. In his  
floor remarks, Wolf said that his computers were found to have been  
compromised in August 2006, two months before the House Information  
Systems Security Office scanned the network for possible infections.
RSS Feed: <http://www.warpspeed.com/wordpress>




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com