After Hacking, Questions Raised About Security

Posted January 28, 2010 at 8:40am

Updated: 5:24 p.m.Hackers defaced the Web sites of dozens of Members after President Barack Obama’s State of the Union address Wednesday night, sparking discussions on whether to tighten security requirements for third-party vendors who manage Member Web sites. By Thursday afternoon, officials had replaced the 49 affected Web sites with a generic page with the message that the site was “undergoing maintenance.— But earlier that morning, the pages of Members such as Reps. Spencer Bachus (R-Ala.), Joe Wilson (R-S.C.) and Brian Baird (D-Wash.) were defaced with the text: “F*** OBAMA!! Red Eye CREW !!!!! O RESTO E HACKER !!!—GovTrends, a Web design company, manages all the defaced Web sites, said Jeff Ventura, spokesman for House Chief Administrative Officer Dan Beard. The sites should be back up “within the next 24 hours,— he said. In the meantime, he said, “discussions are ongoing as to the course of action to take in terms of strengthening security related to the outside vendors Members and Committees use, like GovTrends.—It’s not the first time GovTrends Web sites have been hacked. In August, a hacker who goes by “3n_byt3— replaced the text on about 20 sites with “H4ck3d by 3n_byt3 @ Indonesia H4ck3rs.— Bachus’ site was defaced both times. On Thursday, he sent a letter to Beard questioning the chamber’s computer security measures.“It greatly disturbs me that only a half-year later, there has been another significant breach of the House computer system,— Bachus wrote. “It raises serious questions in my mind about the standards that CAO has in place for determining which third-party providers are approved to do business with House offices.—At the time of the August defacement, House officials said the hacker was able to gain access to the Web sites by guessing passwords that Member offices use to upload articles and change text. GovTrends had assigned easy passwords and some offices never changed them; those passwords, according to correspondence between Bachus and Beard, was simply the Member’s last name. CAO spokesman Jeff Ventura said House officials are still trying to pinpoint how the hackers managed to access the Web sites this time around. Officials currently believe that the Web sites were infiltrated while GovTrends was updating its system, he said. “We are working with GovTrends to understand exactly why it happened. That is, we have some ideas as to why but nothing has been confirmed yet and analysis is under way,— Ventura said. “What our course of action will be as a result of this is being discussed.—After the August incident, Beard initiated a review of GovTrends security policy. It’s unclear what actions he will take this time around — or what he will be able to do. GovTrends maintains contracts with individual Member offices and does not directly work for the CAO.An aide to Speaker Nancy Pelosi (D-Calif.) said she is expected to ask for a review of the incident, just weeks after Beard released recommendations on tightening controls over House documents. House leaders had requested the review in the wake of a House ethics document that detailed investigations by both the Committee on Standards of Official Conduct and the Office of Congressional Ethics.But Ventura said Wednesday’s defacement was superficial. GovTrends manages the Web sites off-site, outside the Capitol firewall.“The only information that was at risk is the information that is publicly available,— he said, adding that the CAO manages e-mail, documents and other potentially sensitive documents. “You’re looking at graffiti. It’s embarrassing, but it’s not a security breach in the sense of vital sensitive information being stolen.—GovTrends founder Ab Emam did not immediately return calls for comment Thursday.