Hackers Target House.gov Sites
Hackers broke into more than a dozen Web sites for members of the U.S. House of Representatives in the past week, replacing portions of their home pages with digital graffiti, according House officials.
The landing pages at house.gov for Reps. Duncan Hunter (R-Calif.), Jesse L. Jackson, Jr. (D-Ill.), and Spencer Bachus (R-Ala.) were among at least 18 member pages that were defaced in a series of break-ins that apparently began earlier this month, according to zone-h.com, a site that archives evidence of Web site attacks.
Adam Bozzi, a spokesman for Rep. Harry Mitchell (D-Ariz.), confirmed that Mitchell's site was among those hacked. Bozzi said it appears the attackers broke in by guessing passwords used to administer the site. Bozzi said the messages that the hackers left behind had been erased, and that his office now has stronger passwords for the site.
The hackers replaced portions of the member pages with multiple copies of the message "H4ck3d by 3n_byt3 @ Indonesia H4ck3rs" according to zone-h.com.
Jeff Ventura, a spokesman for the House's chief administrative officer,
said the defacements of several member Web sites began Aug. 1, and were the result of an outside computer vendor failing to adhere to the House's required security standards.
"The defacements were the digital version of graffiti and did not result in the theft or loss of any sensitive data or materials," Ventura said. "Over the last year the House has continued aggressively fortifying its security systems. These improvements to our systems resulted in the swift identification of the site defacements, which were fixed within hours of being detected."
Ventura said Dan Beard, the House's chief administrative officer, has called for an immediate review of the House's relationship with the vendor in question.
The vendor responsible is GovTrends, a Web design company in Alexandria hired to provide Web hosting for about 100 House sites, although not all were affected.
GovTrends founder Ab Emam said the breaches were the result of passwords assigned by GovTrends to member offices that were never changed.
"Most of these passwords could be guessed, they were obvious," Emam said. "That's been changed, and each of these sites is now required to have strong passwords."
Zone-h categorized the majority of the break-ins as "mass defacements," which generally result from hackers targeting a single, a known security weakness present in one commonly used operating system or Web application. According to Zone-h, the hacker claiming responsibility for the attacks signed his name "3n_byt3," is responsible for at least 797 Web site break-ins, including 366 flagged as mass defacements.
Update, Aug. 7, 11:22 a.m. ET: Rep. Spencer Bachus has sent a letter to the House's chief administrative officer, requesting more information about the attacks. Bachus cites information provided to him by Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham. Warner suggested that the break-ins at the House sites were caused not by password guessing, but by "SQL injection," an attack that exploits security weaknesses in Web server configurations.
"GovTrends refused to provide copies of the logs of the intrusion and deferred to [chief administrative officer]," Bachus wrote. "While GovTrends is speculating to the press that this was a simple password guess, they have referred us to HIR to get evidence supporting their speculation. Please provide copies of the web logs and evidence supporting GovTrends speculation so that we can determine how best to proceed."
A copy of the Bachus letter is available here.
August 6, 2009; 10:26 AM ET
Categories: U.S. Government , Web Fraud 2.0 | Tags: house.gov hack defacement
Save & Share: Previous: Researchers: XML Security Flaws are Pervasive
Next: Russia-Georgia Conflict Blamed for Twitter, Facebook Outages
Posted by: OrderZero | August 6, 2009 4:38 PM | Report abuse
Posted by: DD163 | August 6, 2009 7:23 PM | Report abuse
Posted by: lembark | August 7, 2009 9:46 AM | Report abuse
Posted by: peterpallesen | August 7, 2009 10:07 AM | Report abuse
Posted by: frantaylor | August 7, 2009 11:16 AM | Report abuse
Posted by: eiverson1 | August 11, 2009 1:29 PM | Report abuse
Posted by: eiverson1 | August 11, 2009 1:34 PM | Report abuse
The comments to this entry are closed.