Woe Unto White House Site

[InfoSec News <isn () c4i org>]

http://www.wired.com/news/politics/0,1283,43993,00.html

By Declan McCullagh 
3:30 p.m. May 22, 2001 PDT  
      
WASHINGTON -- It's no secret that the First Homepage is second rate. 

For the last four months, critics have been savaging whitehouse.gov by
calling it state-of-the-art -- five years ago.

Then, just as the Bush administration was finalizing plans to relaunch
the site, malicious hackers appear to have defaced the executive
branch homepage on Tuesday. In addition, a denial-of-service attack
left whitehouse.gov unreachable from, according to a Web monitor,
around 2:30 p.m. EDT to 8:20 p.m.

Around 3:45 p.m., a Wired News reporter spotted a black page with
three items -- two dead links to news articles and a link to a mirror
of a previous hack -- on the whitehouse.gov home page. A White House
spokesman confirmed a denial-of-service attack took place but said,
"I'm not aware of a hack at this time."

Still, President Bush plans to redesign and relaunch his homepage in
the next month or so.

"The site will be dramatically improved within a matter of weeks,"
White House spokesman Tucker Eskew said during an interview before the
attack took place.

"We take very seriously our response to be stewards of the history and
traditions of this place," Eskew said. A revamped whitehouse.gov, he
believes, will reflect Bush's serious, self-effacing approach to
serving in the highest office in the land.

It's also intended to reflect advances in Web design. Back when former
President Bill Clinton launched whitehouse.gov at a ceremony in
October 1994, multimedia meant including the occasional JPEG image
file with the text of a speech or press release.

Now, however, visitors expect the same rich audio and video that
commercial websites provide. Bush's aides expect to draw on the wealth
of daily content already generated -- albeit in analog form -- by the
official White House photographer and video crew that often
accompanies the president throughout the day.

"We've added a good deal more streaming media with each passing week,"
said Eskew. "(Future efforts) will be done internally with resources
already available."

To redesign whitehouse.gov, the Bush administration has organized a
team of about a dozen people -- including career staff, information
technology specialists, public relations workers, and strategic
planners -- that meets frequently but irregularly. After the redesign
is complete, they'll brief Bush on their plans.

The whitehouse.gov site has always been more than merely another
bucket of bits: It's a prominent symbol of the federal government,
which means it regularly becomes a target for anti-American sentiment.

Earlier this month, online vandals -- officials suspect pro-China
hackers -- launched a denial-of-service attack against whitehouse.gov,
making the site unreachable for a few hours. White House officials
refused to discuss counter-measures that have been adopted since then.

During Tuesday's whitehouse.gov outage, the denial-of-service attack
left whitehouse.gov crippled. A monitoring program illustrates how
technicians struggled to thwart the attack, with intermittent success
throughout the evening until around 8:20 p.m.

In May 1999, electronic intruders -- apparently upset over the NATO
bombing in Yugoslavia -- forced whitehouse.gov offline for over 24
hours. A White House spokesman said at the time that the system was
offline after "an attempt was made ... to break into the system that
operates the White House Web page."

Sensitive documents, such as ones aides and officials exchange via
email, are stored on a system that is not linked with the
whitehouse.gov Web server.

But irksome hackers aren't the only technical challenges the White
House staff has had to confront.

When Bush's aides took over management of the site in January during
the first electronic presidential transition, dozens of links returned
error messages, and the homepage temporarily sported an unusual phrase
on the left-hand rail: "Insert Something Meaningful Here."

[...]
 



ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.