Slashdot Mirror
Details Emerge On the 2006 Hacking of Congress
The National Journal just published an article with details about the hacking of Congress in 2006, possibly by agents in China, though the attack's origin is uncertain. The article notes the difficult work of the House Information Systems Security Office, which must set security policies and then try to enforce them on a population of the equivalent of C-level executives. The few members who have called attention to the issue of Congressional cyber-security have been advised to shut up about it, by whom the reporter did not discover. "Armed with this information about how the virus worked, the security officers scanned the House network again. This time, they found more machines that seemed to match the profile — they, too, were infected. Investigators found at least one infected computer in a member's district office, indicating that the virus had traveled through the House network and may have breached machines far away from Washington. Eventually, the security office determined that eight members' offices were affected; in most of the offices, the virus had invaded only one machine, but in some offices, it hit multiple computers. It also struck seven committee offices, including Commerce; Transportation and Infrastructure; Homeland Security; and Ways and Means; plus the Commission on China, which monitors human rights and laws in China."
Only a paranoid totalitarian state would waste time penetrating Congress. There's not much there that isn't accessible via the news. Anyone who had half a brain would target the Executive branch, where there is data that is not publically accessible.
Silly commies.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
Its simple folks - there is no such thing complete security. Its a negotiation. If you want a sterile network, then neuter it. Congress can be completely free of network attacks if they disconnect from the Internet, and reality....which defeats the purpose. Short of that I think its a fair assumption that information is a virus. We need to understand that on line is like a public restroom in a football stadium. Relative privacy is available, but don't write any important phone numbers on the wall.
Congress overseas ALL of what is going on. That is THEIR job. If the old white house, Pelosi and Reid are dumb enough to use Window boxes, then a lot of information has most likely been sent to China. They will be aware of operations throughout the world (though not necessarily who is in them). Pelosi will have access to very UNIQUE information about NK, Russia, and China that will have been fed to her from CIA, NSA, and NRO. By having access to that info, somebody in CHina or Russia could narrow suspects down. In fact, China has been at this for over a decade. My guess is that they have BEEN narrowing the trap for a long time (or have them).
It is a disaster to America and most likely to the west to have this information get out. Sadly, NSA has been usurp by DHS who is LOADED with total idiots.
I prefer the "u" in honour as it seems to be missing these days.
The number 1 spy in America IS Chinese. They are VERY active. Nearly all of the spies that we have caught over the last 20 years, have been Chinese that are working in DOD or intel jobs who then send back data to mainland. The same is true in Canada, Australia, EU, and I suspect, Russia. Any place that has more advanced military secrets is being actively infiltrated.
Worse, we are not just sending our goods over there and having them come back loaded with virus, we continue to do so even KNOWING this. You may not have liked the tone of the parent, but it was still accurate.
I prefer the "u" in honour as it seems to be missing these days.
LOTS of information gets out. Far too much. The names of many projects are known all over. What is not known is all objectives, who all is involved (typically, the top person who is running it is known), and all the results. But far too often, congress members are given and sometimes leaked information that does make it on their system. They pass it in emails to each other, etc.
Yes, Windows is the surest sign of an easy compromise. Even this virus was designed for Windows. Nearly all the virus on goods coming from China are for Windows. It will remain that way as long as Windows is easy to crack and dominant. The fact that a number of EU countries, Russia, and China are switching their govs to Linux (and some mac) should have generated LOADS of virus for these systems IF it were easy. Do you see them? NOPE. Get past your silly prejudice and bias and look at the facts. Virus are written for easy targets that yield information.
I prefer the "u" in honour as it seems to be missing these days.
Right now, thanks in large part to Congress, there are more reasons than quality. Doing a small project at home, I found a need for a jig saw. A trip to one of the local pawn shops netted me a nearly new Skil jigsaw that currently retails for about $90 USD. My cost? $30 USD. I cleaned the dust off, looks new. If you have the time, great source of other tools too. Quality merchandise lasts long enough to end up in Pawn shops. Found complete set of deep set impact wrench sockets - $14 USD. Can't beat that.
If Congress keeps up what they have been doing, it will soon be one of the few places I can afford to shop.
Support NYCountryLawyer RIAA vs People
We've had to deal with a number of government agencies where I work. It's not surprising they get hacked. The Defense Security Service, for instance, tried to force us to "get a .com address if you want to interact with our online tools, because .edu addresses are insecure". After laughing to their face it took three weeks to convince them they had no clue what they were talking about. They also asked me to contact them any time we saw "anomalous" traffic on our network. I offered to forward them a copy of the 90% of our packets that are anomalous, but they weren't amused. As another example, the State Department is basing export restriction management on broken Active X that requires users to be Administrators to use. :/ The list goes on.
I was going to go check something on their site, and discovered that it's now running a self signed cert. *sigh* Check out the mission of DSS, and the irony is... scary: http://en.wikipedia.org/wiki/Defense_Security_Service
DSS is tasked with facilitating personnel security investigations, supervising industrial security, and performing security education and awareness training.
Doomed I tell you, doomed.