Details Emerge On the 2006 Hacking of Congress

The National Journal just published an article with details about the hacking of Congress in 2006, possibly by agents in China, though the attack's origin is uncertain. The article notes the difficult work of the House Information Systems Security Office, which must set security policies and then try to enforce them on a population of the equivalent of C-level executives. The few members who have called attention to the issue of Congressional cyber-security have been advised to shut up about it, by whom the reporter did not discover. "Armed with this information about how the virus worked, the security officers scanned the House network again. This time, they found more machines that seemed to match the profile — they, too, were infected. Investigators found at least one infected computer in a member's district office, indicating that the virus had traveled through the House network and may have breached machines far away from Washington. Eventually, the security office determined that eight members' offices were affected; in most of the offices, the virus had invaded only one machine, but in some offices, it hit multiple computers. It also struck seven committee offices, including Commerce; Transportation and Infrastructure; Homeland Security; and Ways and Means; plus the Commission on China, which monitors human rights and laws in China."

It had to be the Chinese

[HBI]

Only a paranoid totalitarian state would waste time penetrating Congress. There's not much there that isn't accessible via the news. Anyone who had half a brain would target the Executive branch, where there is data that is not publically accessible.

Silly commies.

Re:It had to be the Chinese

[Chrisq]

Only a paranoid totalitarian state would waste time penetrating Congress. There's not much there that isn't accessible via the news. Anyone who had half a brain would target the Executive branch, where there is data that is not publically accessible.

Silly commies.

Or maybe they are hoping finding this will divert attention from the real stealth virus in the Pentagon.

Re:It had to be the Chinese

[HBI]

Shhh. We can't talk about that, yet.

Re:It had to be the Chinese

[morgan_greywolf]

Anybody could have hacked Congress for any number of reasons. Why did Mitnick hack the phone system? Why does anybody attempt to gain unauthorized access to systems they're not supposed to be messing with?

Many years ago, when I was a youngster, people were doing it just to prove they could.

Re:It had to be the Chinese

[colfer]

Negotiations over trade policy, for one thing, were compromised. What makes you say there's not much there? Congressional committees monitor all the executive agencies, and keep tons of confidential info.

You would have to be a total idiot to believe that

[WindBourne]

Congress overseas ALL of what is going on. That is THEIR job. If the old white house, Pelosi and Reid are dumb enough to use Window boxes, then a lot of information has most likely been sent to China. They will be aware of operations throughout the world (though not necessarily who is in them). Pelosi will have access to very UNIQUE information about NK, Russia, and China that will have been fed to her from CIA, NSA, and NRO. By having access to that info, somebody in CHina or Russia could narrow suspects down. In fact, China has been at this for over a decade. My guess is that they have BEEN narrowing the trap for a long time (or have them).

It is a disaster to America and most likely to the west to have this information get out. Sadly, NSA has been usurp by DHS who is LOADED with total idiots.

Re:You would have to be a total idiot to believe t

[WindBourne]

LOTS of information gets out. Far too much. The names of many projects are known all over. What is not known is all objectives, who all is involved (typically, the top person who is running it is known), and all the results. But far too often, congress members are given and sometimes leaked information that does make it on their system. They pass it in emails to each other, etc.

Yes, Windows is the surest sign of an easy compromise. Even this virus was designed for Windows. Nearly all the virus on goods coming from China are for Windows. It will remain that way as long as Windows is easy to crack and dominant. The fact that a number of EU countries, Russia, and China are switching their govs to Linux (and some mac) should have generated LOADS of virus for these systems IF it were easy. Do you see them? NOPE. Get past your silly prejudice and bias and look at the facts. Virus are written for easy targets that yield information.

It doesn't surprise me

[CXI]

We've had to deal with a number of government agencies where I work. It's not surprising they get hacked. The Defense Security Service, for instance, tried to force us to "get a .com address if you want to interact with our online tools, because .edu addresses are insecure". After laughing to their face it took three weeks to convince them they had no clue what they were talking about. They also asked me to contact them any time we saw "anomalous" traffic on our network. I offered to forward them a copy of the 90% of our packets that are anomalous, but they weren't amused. As another example, the State Department is basing export restriction management on broken Active X that requires users to be Administrators to use. :/ The list goes on.

I was going to go check something on their site, and discovered that it's now running a self signed cert. *sigh* Check out the mission of DSS, and the irony is... scary: http://en.wikipedia.org/wiki/Defense_Security_Service

DSS is tasked with facilitating personnel security investigations, supervising industrial security, and performing security education and awareness training.

Doomed I tell you, doomed.

Re:It doesn't surprise me

[LordKaT]

I once sent DSS a resume containing nothing but "penispenispenis" in all of the sections, and got a reply that I should come down and take their employment test.