US Senate Staff Targeted By State-Backed Hackers, Senator Says

An anonymous reader quotes a report from PBS NewsHour: Sen. Ron Wyden, an Oregon Democrat, said in a Wednesday letter to Senate leaders that his office discovered that "at least one major technology company" has warned an unspecified number of senators and aides that their personal email accounts were "targeted by foreign government hackers." Similar methods were employed by Russian military agents who leaked the contents of private email inboxes to influence the 2016 elections. Wyden did not specify the timing of the notifications, but a Senate staffer said they occurred "in the last few weeks or months." But the senator said the Office of the Sergeant at Arms, which oversees Senate security, informed legislators and staffers that it has no authority to help secure personal, rather than official, accounts. "This must change," Wyden wrote in the letter. "The November election grows ever closer, Russia continues its attacks on our democracy, and the Senate simply does not have the luxury of further delays."

yep

FYI,
NSA backed hackers.

passphrase = reared

Lessons not learned?

[MiniMike]

If anybody who works for a high profile hacking target like a senator still uses their personal e-mail for work related business, they're a complete idiot.

Looking forward to the next round of leaks...

Re:Lessons not learned?

No one said they were using their personal e-mail for work related business. The problem is that these people buy porn and organize hunting trips, and details are in their personal e-mail. Basically they have things to hide.

Re:Lessons not learned?

[Anubis+IV]

Well, then, it strikes me that they have two options:

1) Have the integrity necessary to not engage in personal behavior that runs contrary to your public image. Good luck with that.

2) Use some balance of carrots and sticks to encourage services to better protect our data/not keep it in the first place, but also provide more teeth for going after the bad guys.

They can do both if they want, but they don’t get to institutionalize the routine violation of our right to privacy and then complain about the situation when theirs is violated.

Re:Lessons not learned?

No one said they were using their personal e-mail for work related business. The problem is that these people buy porn and organize hunting trips, and details are in their personal e-mail. Basically they have things to hide.

Even if people have nothing illegal or even unethical to hide, they have privacy, can be embarrassed, can feel threatened, have family and personal relationships that can be targeted for leverage, have financial situations that can be exploited and in the age of GPS devices movements can be targeted which can leave people open to well targeted attacks or attempts to make contacts for espionage.

I mean as a national security professional how would you feel if agents of a foreign power know that your wife picks the kids up from soccer on Tuesdays at 4pm? Or you meet your friends for a pint on Fridays at 3:30 down at the pub? Or that you really really need that equity loan to refinance your debt next Tuesday.

Treating state sponsored hacking like some personal problem or just fodder for sex scandal reporting is terribly misguided. The targeting of the personal emails of government workers and contractors is a national security threat not some shame on those individuals or the private companies that are targeted.

"Securing" (whatever that means) non governmental accounts shouldn't be the only issue... the FBI should be treating the targeting of personal emails of government employees and national security professionals by foreign governments as part of espionage investigations above and beyond the Federal crime of unauthorized access to these systems.

And the primary goal shouldn't be token convictions or criminal charges against people that live in other countries, but preventing these threats in the future by what means are proportionate and necessary.

Don't worry

All indications are that all but 15 of the Senators use their personal accounts for official business.

The 15 are confirmed to still be at Western Union sending telegrams.

Re:Don't worry

[VeryFluffyBunny]

Why is it that US senators are so reluctant to use their official email accounts for official business? Why don't they want those email exchanges to go down on public record?

Re:Don't worry

[RespekMyAthorati]

Why don't they want those email exchanges to go down on public record?

Guess.

Re:Don't worry

[VeryFluffyBunny]

The question was rhetorical.

Well...duh.

[argStyopa]

1) It's unsurprising that this was floated by a Democrat, whose party has been essentially asserting that the Russians stole the election by unspecified "hacking" (leaving furrows in the turf as the goalposts constantly shift on what THAT means).
2) Nevertheless ... the idea that Senate offices/staff may be the targets of nefarious hacking attempts (regardless of party affiliation) is really so obvious that it falls into the "don't run with scissors" category.

I know the men and women of our government are oblivious and at least 1.5 decades behind any technological curve, but do they really have to be told this?

Re:Well...duh.

Wyden is often one of the few technologically knowledgeable senators... but I have to agree strongly on (2). This is a dog-bites-man story. The lack of state-sponsored hacking attempts on sitting senators would be much more surprising. And rather good evidence that your methods for detecting hacking attempts don't work.

Re:Well...duh.

Yes, yes they DO need to be told this. They aren't tech people. You're talking about a governmental body that still needs two sets of laws, one for stuff done online and one for stuff done in the real world. That's 1990's thinking. Stuff on the internet impacts the real world all the time. I mean, hell, online retail should be an easy demonstration of this where I click things on the computer, money disappears from my bank account, and a thing arrives at my doorstep.

It's too abstract. There's no missile heading for the homeland. There's no warship off the coast launching bombers. It will take a hack that turns off the lights to get it through to these ignorant dinosaurs. I forget who the Senator was, but he would have each of his emails printed up by a staffer so he could read them because using the computer was too hard. The President doesn't email (could be because it's too hard, or it could be because he's trying to cover his ass). Email is a pretty low bar for technical competence. It's like not knowing how to control a horse in 1776.

Re:Well...duh.

[Registered+Coward+v2]

I know the men and women of our government are oblivious and at least 1.5 decades behind any technological curve, but do they really have to be told this?

While many certainly are, there are a lot of them who regularly use the latest technology and are frustrated by the government's "Yesterday's Technology Deployed Tomorrow" approach to systems. It's quicker and easier to send a text from your own phone than to find a desktop to send an Outlook Webmail email; not to mention the "so an so is a real ass" comments you don't want archived forever.

Part of the reason is also a broader cultural one; we have become so used to instant communication and using technology that the line between what is a personal and what is a business machine has become blurred.

Re:Well...duh.

[drinkypoo]

1) It's unsurprising that this was floated by a Democrat, whose party has been essentially asserting that the Russians stole the election by unspecified "hacking"

The FBI and CIA (you know, the "intelligence community"?) has been saying it, the Democrats have been repeating it.

2) Nevertheless ... the idea that Senate offices/staff may be the targets of nefarious hacking attempts (regardless of party affiliation) is really so obvious that it falls into the "don't run with scissors" category.

Yes, but the idea that it's coming from a specific nation and we're not doing anything about it falls into the "traitorous and incompetent" category.

Re:Well...duh.

[LazarusQLong]

Yes, they do. No, they aren't 1.5 decades behind, more like 4 decades behind. They are really only knowledgeable in how to lie and manipulate people, nothing else.

Re:Well...duh.

[LynnwoodRooster]

The FBI and CIA (you know, the "intelligence community"?) has been saying it, the Democrats have been repeating it.

Because politics NEVER entered the leadership of the FBI and the CIA, amirite?

Re:Well...duh.

Mainly because it is cheaper to leave an anonymous donation, as opposed to blowing a 0-day to attack a senator.

Re: Well...duh.

That's what you told us for 15 years straight.

Re:Well...duh.

Exactly! This article is full of liberal bias and good example of how Slashdot.Org is against conservatives. I used to be a very big liberal but I realized how evil they are and now am absolutely big supporter of amazing Republican party and effective Trump leadership. Also our relationship with new Russia and president Putin is at all time high with peace ruling the world instead of liberal war. Down with SJW culture marxists Demon-crats and traitorous mainstream media who want to take the guns and imprison all us normal straght white male christians and put the blacks and the homosexuals into power and permanent end to democracy.

Re: Well...duh.

[TimMD909]

Of course you don't run with scissors. Run with a knife. You'll go faster.

Re:Well...duh.

[jbmartin6]

Another DUH is that government officials in other countries can all say the say same thing, where "state-backed hackers" refers to US intelligence agencies among others.

Re:Well...duh.

The FBI and CIA (you know, the "intelligence community"?) has been saying it, the Democrats have been repeating it.

The Democrats never provided the DNC server to be inspected by the FBI or CIA. Instead, every agency in the government has been echoing the debunked report from a private firm that said exactly what the DNC wanted it to say: that their servers were hacked by a Russian spy ring. Perhaps they were and perhaps they were not, but it is apparent that the DNC hack itself was committed by an insider based on the transfer rates exceeding that of internet connections.

Similarly, the other "hack" was not a hack at all. Instead it was a spearphishing campaign that could be committed by literally anyone.

It is, and always should have been, obvious that the DNC (and RNC) are active targets of any foreign power, just as US intelligence should be actively trying to penetrate the political factions of other nations. To say or suggest otherwise is idiotic.

Yes, but the idea that it's coming from a specific nation and we're not doing anything about it falls into the "traitorous and incompetent" category.

First of all, traitorous and incompetent are two very separate issues. Second of all, there are more sanctions against Russia now than there were during the 2016 election. Finally, this fraud that Russia is the only nation attempting to hack the US -- or even the best at doing it -- is outrageously political and disgusting.

China is the most aggressive nation hacking the US (and our allies) and it has been for years, yet the Democrats (and you) are so insanely against Trump that you have finally agreed that Russia is once again our enemy. As a reminder, HRC famously rebooted our efforts with Russia in 2009 and the previous administration pretended that everything was great with Russia, including negotiating to remove our missile defense system from Poland for Russia in 2012, while drawing yet another hard line in the sand after Crimea was annexed by Russia. All the while literally laughing at Mitt Romney's idea that Russia is rising back to their cold war efforts.

China, Russia, North Korea, and Iran -- as well as multiple (most) allies! -- are all attempting to infiltrate the US in private, political, and government institutions. What Trump has done relative to Russia is far from treasonous and, at best, shows that he can be played by his ego just as well as most previous administrations. His tweets are downright stupid, but the actual policies and sanctions hitting Russia are heavier than they have seen in years. And those years include when the previous administration claimed to witness all of this going down, naturally after the fact.

Try to stop thinking of this garbage politically and try to think of it logically. If you can do that, then you will not like what you see on either side and maybe we can finally make progress rather than focusing on impeaching a President because you do not like him.

Re:Well...duh.

[RespekMyAthorati]

yet the Democrats (and you) are so insanely against Trump that you have finally agreed that Russia is once again our enemy.

The Democrats,along with the FBI and the CIA.
A China is big on stealing secrets, but Russians are the masters of social engineering.

Jail her!

Don't forget the emails - jail her now!

Re:Jail her!

who, collins?

Re:Jail her!

No, his mother, so he can finally be free of the basement cellar in which she has him locked.

always remember, they project.

passphrase : interest

Would have thought it was the Chinese

Chinese are the hacking stars. They have hacked/stolen technology for the last decade (including new fighter jet designs).

With the tariffs going on, the have every reason to try to destabilize.

Upshot - Put regulations and constant checks on Senators (including 'I conform to all requirements' attestations) like the banks have.

Still using private e-mail?

[guruevi]

Off course the master-at-arms isn't going to secure your private e-mail, you shouldn't be using it.

This is pretty blatant admission of law avoidance by D-Wyden. Where is the FBI on that investigation?

Re:Still using private e-mail?

Off course the master-at-arms isn't going to secure your private e-mail, you shouldn't be using it.

This is pretty blatant admission of law avoidance by D-Wyden. Where is the FBI on that investigation?

WTF are you going on about. Of course they have personal email. There are things that are illegal for them to use a government account on, like campaigning.

Re:Still using private e-mail?

[Jahoda]

I absolutely agree. We should especially investigate these transgressions by the white house considering they campaigned on email security.

Re: FAke NEws BY DEms

Fuck you, Ivan. Slavic scum, can't wait until you people start eating each other again like the useless humps you all are.

Senator Wyden, your entitlement is showing.

[MachineShedFred]

Dear Senator Wyden,

None of the other 300+ million US Citizens have their personal email "secured" by law enforcement authorities either. Maybe you shouldn't be keeping secure info in your personal email either. That's what your official @senate.gov email is for, which IS secured by law enforcement.

If you would like your personal email to be secure, you should probably self-fund that, just like everyone else. Or, get used to the idea that email isn't secure, at all.

Warm regards,
Everyone else that isn't an entitled jackass Senator.

PS if this is an attempt to set the table for more excuses for electoral losses in November, it's not a good one. Complaining about "email hacking" when bad shit comes out makes you and your compatriots look like idiots because you were using insecure systems to hide shit from your bosses - the people. By far, the best, most effective way to not have disclosures of shady shit stolen from your email, is to not have shady shit in your email.

Re:Senator Wyden, your entitlement is showing.

That's what your official @senate.gov email is for, which IS secured by law enforcement.

Unfortunately those official email accounts are getting hacked too.

Re:Senator Wyden, your entitlement is showing.

I think the proper, 2018 way, of dealing with DNC emails being hacked by the executive branch would be to appoint a special council to look into Russian collusion between Patrick Leahy (D-VT) and Putin.

I know it doesn't make sense, but the FBI illegally wiretapped Trump during an election so Obama and the DNC could access his campaign team's communications. The result of that is a 18+ month special council investigation into Trump because the FBI illegally wiretapped him. So it appears the way to deal with your emails being hacked is to falsely accuse you of a crime and appoint a special council to investigate you. I suspect the outcome will be Joe Podesta, not involved at all, will end up being convicted for tax evasion and that will be touted as evidence that the DNC was completely wrong for having their emails illegally accessed.

The above is sarcasm to demonstrate what is currently going on.

Re:Senator Wyden, your entitlement is showing.

[Obfuscant]

None of the other 300+ million US Citizens have their personal email "secured" by law enforcement authorities either. Maybe you shouldn't be keeping secure info in your personal email either.

This is what I was thinking of saying, but don't bother. He isn't listening. I could send him megabytes (at least) of logs of failed ssh login attempts on the servers I run, most of which are originating in China. But Russia "hacking email" (which for Podesta was "please send us your email password") is bad bad bad bad.

This is the senator who proudly said:

"I want to deliver a warning this afternoon: When the American people find out how their government has secretly interpreted the Patriot Act, they will be stunned and they will be angry," he said.

but then did nothing to stop it. He is a Senator. He has the authority to write laws. Now he's warning us that people are trying to hack lawmaker's email, when anyone involved in computer admin already knows and is tired of it.

Re:Senator Wyden, your entitlement is showing.

[Jahoda]

I know, damn that evil Ron Wyden. He should follow the example of the white hosue who campaigned on email security.

Re:Senator Wyden, your entitlement is showing.

[Obfuscant]

I know, damn that evil Ron Wyden. He should follow the example

He should act on things he knows are wrong instead of just saying the equivalent of "if you knew what I know you'd be mad." What other people do with their problems is irrelevant.

It's really hard to forget his example of leadership in campaigning, where he came out one day saying he was going to run the most ethical and honest campaign for Senate, and then the next day we got to see the ads claiming his opponent had killed a teenager. (The teenager had been killed in a farming accident on a farm run by the family of the candidate that even the parents admitted was not the opponent's fault and they bore no ill will at all towards him.) When you understand history, you can see it repeating.

Re:Senator Wyden, your entitlement is showing.

[pots]

I expect better, this is pathetic. The issue at hand is elections, and politicians are required to keep personal business (e.g.: getting elected) separate from official business. It's illegal for a senator to use a senate.gov email account for campaigning, and probably a very bad idea to be using it for anything else personal. Like, for example, making vacation plans with his family. Which would expose exactly where he's going to be and when, what he likes to do while on vacation, when he will and will not be working / campaigning / considering some large bill which a foreign actor might like to influence.

Second: I don't have terribly high expectations of the people here, but I do expect them to at least recognize that any vulnerability is a potential attack vector. You wouldn't think that an SQL injection for some website could lead to penetration of a company's internal development servers, but I expect you to know that it can and does.

Third: who says that he doesn't pay to secure his email? And the email for his staff? And his family? And his friends? Maybe he doesn't for all of those people. Maybe he does. That would make targeting him harder... and? So? Would that make these attacks okay? Would that mean that we could just ignore attacks on our congressional representatives, because paying some security company is totally foolproof?

Re:Senator Wyden, your entitlement is showing.

[MachineShedFred]

Senator Wyden sits on the US Senate Select Committee on Intelligence. He knows damn well that the NSA is doing the exact same shit to the countries that are doing this to us, and I'm sure he's perfectly fine with that.

What goes around, comes around. Plus, he married a rich New Yorker and spends most of his "not-in-Washington" time in Manhattan. He's only a senator from Oregon by name, and comes back to visit Oregon every 6 years or so to get re-elected; not that Oregon would ever vote for any of the stiffs that the Republican party puts up.

He has the resources to hire to do this correctly, and not bitch and whine that the government isn't doing it for him. As for the campaigning, I'm pretty sure that he gets plenty of donations that can help to secure campaign communications.

Still not going to show any sympathy for an entitled jackass hypocrite.

Prepared excuses

They're just preparing their excuses if the midterms don't go their way.

Russiagate assertions

Stop being a mouthpiece for state propaganda, Slashdot.

Repeating the assertion that Russia hacked the DNC emails as if it is a fact is feeding the (US) state propaganda and war machine.

If anyone reading is not aware of "Russiagate", please follow Aaron Mate' or Caitlin Johnstone.

If you are really paying attention, you see that the Russiagate narrative:
1) is unproven
2) is used to promote international conflict and sow the seeds of war
3) is a smokescreen that covers the horrendous failure of the Democractic party and it's incideous corruption.

If you are anti war and anti corruption and "woke", stop repeating Russian hacking as if were a fact.

Re:Here's a target

I prefer non-dairy creimer

Hacking e-mail? Amateur!

[LynnwoodRooster]

REAL Senators know that you simply hire foreign spies to work for you for a few decades. E-mail hacks are for those shiftless layabouts in Oregon, in California we go straight to putting spies on the payroll!

Russia boogie man

[p51d007]

The Russians did it the Russians did it. Just more crap by the socialist liberals that want to take away your rights. If elections can't be trusted, we'll just "self appoint" ourselves to run the government. THAT is their ultimate goal. Most democrats & most republicans want it that way.

Re:Russia boogie man

And organizing pro-Hillary rallies and making social media posts supporting her prove they did it to be divisive.

Re:Russia boogie man

So... you're admitting the Russians did it? Now say what the Russians did. Say it!

You'll feel better when you lance this boil, really. We all know the answer. You just need to say it for your own peace and well-being.

Re:Russia boogie man

[RespekMyAthorati]

The Russians did it the Russians did it. Just more crap by the socialist liberals that want to take away your rights.

Dah, Comrade! You is right!

Muh Russia

Wake me up when they mention the omnipresent Israeli and Chinese espionage. Then I'll believe they are talking problems, and not just pre-election politics.

Re:Muh Russia

As well as addressing why the Awan brothers spy ring in congress managed to operate for as long as it did.

Or how Debbi Wasserman Shultz threatened the DC police to return a laptop that was considered evidence in that investigation, pointing to a coverup and an even larger scandal.

Nope, the only thing Democrats want to do is point and wave frantically to divert attention towards Russia.

Wyden wants government overreach.

the Office of the Sergeant at Arms, which oversees Senate security, informed legislators and staffers that it has no authority to help secure personal, rather than official, accounts. "This must change," Wyden wrote in the letter.

In other words, Wyden (D), wants the Senate's Office of the Sergeant at Arms to have security authority over private companies and private email servers.
"Why are these emails encrypted? Where's the decryption key?"

Double the boogie for double the scare!

The hacking Russians did it with Russian hacks!

ROOSSHANS! HAXX0RZ! *spittle*

"Russians" stopped being believable and "hackers" has ceased to have any meaning a long time ago. But never let it be said that American Senators let themselves be stopped by any such trivialities! IT WAS ROOSSHAN HAXX0RZ!!!!1!

Bets on when it'll be Russian hacker terrorist pedophiles, anyone? Like a drug, you always need to keep upping the dose.

Re:Double the boogie for double the scare!

Yesterday they charged Cody Wilson of Defense Distributed of being a pedophile.

Not sure if you were joking, but it is a pattern.

here's a suggestion

[ooloorie]

as warned an unspecified number of senators and aides that their personal email accounts were "targeted by foreign government hackers ... But the senator said the Office of the Sergeant at Arms, which oversees Senate security, informed legislators and staffers that it has no authority to help secure personal, rather than official, accounts. "This must change," Wyden wrote in the letter.

Yes, it must change: stop using personal E-mail for official business. See, that was simple.

Re:Hacking e-mail? Amateur!

[MachineShedFred]

Better yet, Wyden is on the US Senate Select Committee on Intelligence. He probably knows about, if not voted to authorize, CIA / NSA hacking of other countries leaders' email accounts.

The stench of hypocrisy is a bit too much to take on this one.

why do these people keep getting elected

You want it to change, put up a list of everyone who uses their personal email for work so that the population can vote against them.

I have NEVER and i mean NEVER worked for any company that allows me to use my personal email for work related things. I would like anyone to show me a company that allows for such things.

It also goes to show that these government officials suck at compartmentalization which brings into question their security clearance and whether it should be revoked or not. I mean that using a personal email for sensitive data is a major failure of op-sec and should immediately result in all security clearances be pulled.

Some how though, i get the feeling that when the good senator says "this must be fixed" he means that government officials personal accounts should be secured as well. Like any politician, band-aids are preferred over solving the root issue.

correction...

CrowdStrike, the Democrat friendly tech company, has been saying, the FBI and CIA have been repeating it. FTFY

Re:using my email for work

[arexu]

You want it to change, put up a list of everyone who uses their personal email for work so that the population can vote against them.

I have NEVER and i mean NEVER worked for any company that allows me to use my personal email for work related things. I would like anyone to show me a company that allows for such things.

Here's one data point - I use my Gmail account for work all the time. Yes, my company knows and allows it. But I'm just a contract archaeologist, I'm not doing anything political, classified, or liable to shake the wall of decorum. If I were involved in something that might turn political, or that involved classified or government monitored operations, or that would scare the horses, I'd take the time to use company email. No, I'm not gonna give you my RL name, who the fuck are you, voices on the internet?

Wait...

Quote:"his office discovered that "at least one major technology company" has warned an unspecified number of senators and aides that their personal email accounts were "targeted by foreign government hackers."

Sounds like a scare tactic sales pitch from an anti-virus company drumming up business?

What he actually said...

[ole_timer]

was...why is the senate not protected? because no one is. that bears repeating. NO ONE IS. doh.

Re:Hacking e-mail? Amateur!

[ole_timer]

saves a lot of work to just hire 'em! priceless.