RE: Major hack attack on the U.S. Senate

["B. Kinney" <bkinney () fatcow com>]

I don't disagree with your opinion on the article - it was meant to be
shock journalism.  It's the only way they can get us to read anything
about our political system.

I still am of the nature that you don't go places you don't belong.  If
you need a more concrete example, think about the ladie's room.  How old
were you when you learned which door is NOT yours?  

Do you ever enter the wrong one with the intent of seeing something?!
If you did, don't you think your friends and coworkers would find it
inappropriate and disgraceful?  



----Original Message-----
From: ~Kevin Davis³ [mailto:computerguy () cfl rr com] 
Sent: Thursday, January 22, 2004 8:29 PM
To: BUGTRAQ@SECURITYFOCUS. COM
Subject: Re: Major hack attack on the U.S. Senate


This was clearly not a "hack attack".  The title and opening content of
this article is quite intentionally misleading.  The phrases
"infiltration", "monitoring secret memos", "exploited computer glitch",
"hack attack" are used.  If you read the entire article you will find
out the following:

First, "A technician hired by the new judiciary chairman, Patrick Leahy,
Democrat of Vermont, apparently made a mistake that allowed anyone to
access newly created accounts on a Judiciary Committee server shared by
both parties -- even though the accounts were supposed to restrict
access only to those with the right password."

Which means the Democrats screwed up setting up their own share point
and allowed public access to it.  There was no "computer glitch" which
was "exploited".  This was completely a human screw-up.  And there was
no hacking ("exploitation of a computer glitch") done by the
Republicans. Unless you wish to call clicking on a share point
configured with public access and opening it up "hacking".

Additionally the Republicans allegedly "in the summer of 2002, their
computer technician informed his Democratic counterpart of the glitch".

The Republicans knew that the share was supposed to be protected (why
else would they inform the Democrats of the misconfiguration?) so they
certainly did something wrong despite (supposedly) warning the Democrats
of the problem, but not to the extent that the article - in the way that
it was written - would like you to believe.

----- Original Message ----- 
From: "Richard M. Smith" <rms () computerbytesman com>
To: "BUGTRAQ@SECURITYFOCUS. COM" <BUGTRAQ () securityfocus com>
Sent: Thursday, January 22, 2004 12:25 PM
Subject: Major hack attack on the U.S. Senate


>
http://www.boston.com/news/nation/articles/2004/01/22/infiltration_of_fi
les_
> seen_as_extensive?mode=PF
>
> Infiltration of files seen as extensive
> Senate panel's GOP staff pried on Democrats
> By Charlie Savage, Globe Staff, 1/22/2004
>
> WASHINGTON -- Republican staff members of the US Senate Judiciary 
> Commitee infiltrated opposition computer files for a year, monitoring 
> secret
strategy
> memos and periodically passing on copies to the media, Senate 
> officials
told
> The Globe.
>
> From the spring of 2002 until at least April 2003, members of the GOP 
> committee staff exploited a computer glitch that allowed them to 
> access restricted Democratic communications without a password. 
> Trolling through hundreds of memos, they were able to read talking 
> points and accounts of private meetings discussing which judicial 
> nominees Democrats would
fight --
> and with what tactics.
>
> The office of Senate Sergeant-at-Arms William Pickle has already 
> launched
an
> investigation into how excerpts from 15 Democratic memos showed up in 
> the pages of the conservative-leaning newspapers and were posted to a 
> website last November.
>
> With the help of forensic computer experts from General Dynamics and 
> the
US
> Secret Service, his office has interviewed about 120 people to date 
> and seized more than half a dozen computers -- including four 
> Judiciary
servers,
> one server from the office of Senate majority leader Bill Frist of 
> Tennessee, and several desktop hard drives.
>
> ...