Hackers Breach Senate.gov Website

Posted June 13, 2011 at 6:43pm

The Senate’s computer system was hacked over the weekend, but the intrusion did not undermine the network’s security and no individual user information was stolen, the Senate Sergeant-at-Arms’ office confirmed Monday.

Deputy Sergeant-at-Arms Martina Bradford wrote in an email to reporters that the hackers did not gain access to the Senate’s computer network, but “were only able to read and determine the directory structure of the files placed on senate.gov.”

“Although this intrusion is inconvenient, it does not compromise the security of the Senate’s network, its members or staff,” Bradford wrote. “Specifically, there is no individual user account information on the server supporting senate.gov that could have been compromised.”

The hacker group Lulz Security, which has recently attacked the websites of Sony and the Public Broadcasting Service, claimed credit for the hack, posting what appears to be a long string of HTML Web programming code copied from the Senate site to its own website. Reuters first reported the incident.

In a note released with the code, the group said the internal data came from senate.gov.

“We don’t like the US government very much. Their boats are weak, their lulz are low, and their sites aren’t very secure. In an attempt to help them fix their issues, we’ve decided to donate additional lulz in the form of owning them some more!” the note read. “This is a small, just-for-kicks release of some internal data from Senate.gov — is this an act of war, gentlemen? Problem?”

Bradford downplayed the repercussions of the hack. The group only accessed a server that is on the public side of the Senate’s network firewall, she wrote.

“Senate Sergeant at Arms staff traced the source of the access to a vulnerability in a portion of the website that is maintained by an individual Senate office, and immediately took steps to remove the vulnerability,” Bradford wrote. “Because each Senate member and committee maintains its own presence on senate.gov and may not always incorporate recommended security protocols, Sergeant at Arms staff has configured the server to minimize the damage that can be caused by a vulnerability in any portion of the site.”

The Senate Sergeant-at-Arms’ office will review all sites hosted on senate.gov and will urge offices to review their individual sites as well, Bradford added.