Slashdot Mirror

← Back to Stories (view on slashdot.org)

Details Emerge On the 2006 Hacking of Congress

Posted by kdawson on from the by-party-or-parties-unknown dept.

The National Journal just published an article with details about the hacking of Congress in 2006, possibly by agents in China, though the attack's origin is uncertain. The article notes the difficult work of the House Information Systems Security Office, which must set security policies and then try to enforce them on a population of the equivalent of C-level executives. The few members who have called attention to the issue of Congressional cyber-security have been advised to shut up about it, by whom the reporter did not discover. "Armed with this information about how the virus worked, the security officers scanned the House network again. This time, they found more machines that seemed to match the profile — they, too, were infected. Investigators found at least one infected computer in a member's district office, indicating that the virus had traveled through the House network and may have breached machines far away from Washington. Eventually, the security office determined that eight members' offices were affected; in most of the offices, the virus had invaded only one machine, but in some offices, it hit multiple computers. It also struck seven committee offices, including Commerce; Transportation and Infrastructure; Homeland Security; and Ways and Means; plus the Commission on China, which monitors human rights and laws in China."

3 of 77 comments (clear)

  1. Re:It had to be the Chinese by colfer · · Score: 4, Informative

    Negotiations over trade policy, for one thing, were compromised. What makes you say there's not much there? Congressional committees monitor all the executive agencies, and keep tons of confidential info.

  2. It doesn't surprise me by CXI · · Score: 5, Informative

    We've had to deal with a number of government agencies where I work. It's not surprising they get hacked. The Defense Security Service, for instance, tried to force us to "get a .com address if you want to interact with our online tools, because .edu addresses are insecure". After laughing to their face it took three weeks to convince them they had no clue what they were talking about. They also asked me to contact them any time we saw "anomalous" traffic on our network. I offered to forward them a copy of the 90% of our packets that are anomalous, but they weren't amused. As another example, the State Department is basing export restriction management on broken Active X that requires users to be Administrators to use. :/ The list goes on.

    I was going to go check something on their site, and discovered that it's now running a self signed cert. *sigh* Check out the mission of DSS, and the irony is... scary: http://en.wikipedia.org/wiki/Defense_Security_Service

    DSS is tasked with facilitating personnel security investigations, supervising industrial security, and performing security education and awareness training.

    Doomed I tell you, doomed.

  3. Re:Why was this modded down? by c0y · · Score: 2, Informative

    And #2 is Israel. It's time to cut off all aid to them.
    They seem to think we're their enemy, so I cannot fathom why we keep giving them billions of dollars every year.