Details Emerge On the 2006 Hacking of Congress

The National Journal just published an article with details about the hacking of Congress in 2006, possibly by agents in China, though the attack's origin is uncertain. The article notes the difficult work of the House Information Systems Security Office, which must set security policies and then try to enforce them on a population of the equivalent of C-level executives. The few members who have called attention to the issue of Congressional cyber-security have been advised to shut up about it, by whom the reporter did not discover. "Armed with this information about how the virus worked, the security officers scanned the House network again. This time, they found more machines that seemed to match the profile — they, too, were infected. Investigators found at least one infected computer in a member's district office, indicating that the virus had traveled through the House network and may have breached machines far away from Washington. Eventually, the security office determined that eight members' offices were affected; in most of the offices, the virus had invaded only one machine, but in some offices, it hit multiple computers. It also struck seven committee offices, including Commerce; Transportation and Infrastructure; Homeland Security; and Ways and Means; plus the Commission on China, which monitors human rights and laws in China."

You would have to be a total idiot to believe that

[WindBourne]

Congress overseas ALL of what is going on. That is THEIR job. If the old white house, Pelosi and Reid are dumb enough to use Window boxes, then a lot of information has most likely been sent to China. They will be aware of operations throughout the world (though not necessarily who is in them). Pelosi will have access to very UNIQUE information about NK, Russia, and China that will have been fed to her from CIA, NSA, and NRO. By having access to that info, somebody in CHina or Russia could narrow suspects down. In fact, China has been at this for over a decade. My guess is that they have BEEN narrowing the trap for a long time (or have them).

It is a disaster to America and most likely to the west to have this information get out. Sadly, NSA has been usurp by DHS who is LOADED with total idiots.

It doesn't surprise me

[CXI]

We've had to deal with a number of government agencies where I work. It's not surprising they get hacked. The Defense Security Service, for instance, tried to force us to "get a .com address if you want to interact with our online tools, because .edu addresses are insecure". After laughing to their face it took three weeks to convince them they had no clue what they were talking about. They also asked me to contact them any time we saw "anomalous" traffic on our network. I offered to forward them a copy of the 90% of our packets that are anomalous, but they weren't amused. As another example, the State Department is basing export restriction management on broken Active X that requires users to be Administrators to use. :/ The list goes on.

I was going to go check something on their site, and discovered that it's now running a self signed cert. *sigh* Check out the mission of DSS, and the irony is... scary: http://en.wikipedia.org/wiki/Defense_Security_Service

DSS is tasked with facilitating personnel security investigations, supervising industrial security, and performing security education and awareness training.

Doomed I tell you, doomed.