[33206] in bugtraq
Re: Major hack attack on the U.S. Senate
daemon@ATHENA.MIT.EDU (Brian C. Lane)
Fri Jan 23 16:36:46 2004
From: "Brian C. Lane" <bcl@brianlane.com>
To: BUGTRAQ@securityfocus.com
In-Reply-To: <E1AjiZx-0001RQ-00@smtp03.mrf.mail.rcn.net>
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-++mu4K/EE8wzUiJmRa73"
Message-Id: <1074871703.5128.9.camel@marvin.home>
Mime-Version: 1.0
Date: Fri, 23 Jan 2004 07:28:23 -0800
--=-++mu4K/EE8wzUiJmRa73
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Thu, 2004-01-22 at 09:25, Richard M. Smith wrote:
> http://www.boston.com/news/nation/articles/2004/01/22/infiltration_of_fil=
es_
> seen_as_extensive?mode=3DPF
> =20
> Infiltration of files seen as extensive
> Senate panel's GOP staff pried on Democrats
> By Charlie Savage, Globe Staff, 1/22/2004
>=20
> WASHINGTON -- Republican staff members of the US Senate Judiciary Commite=
e
> infiltrated opposition computer files for a year, monitoring secret strat=
egy
> memos and periodically passing on copies to the media, Senate officials t=
old
> The Globe.
>=20
[snip]
You left off the most important fact in your snip. The final paragraph
pretty well sums it up:
"A technician hired by the new judiciary chairman, Patrick Leahy,
Democrat of Vermont, apparently made a mistake that allowed anyone to
access newly created accounts on a Judiciary Committee server shared by
both parties -- even though the accounts were supposed to restrict
access only to those with the right password."
I sure wouldn't call this a major hack attack. Someone goofed. Someone
else took advantage of the goof (and according to some reports even
reported it to the bonehead technician).
One one hand you really shouldn't look at someone else's files. On the
other hand if you're cooking up dirty tricks you darn well ought to make
sure your memos are protected, not stored in the clear on a shared
system.
And these are the jokers who want to dictate to us how to secure the
Internet and stop SPAM? Heh!
Brian
---[Office 71.6F]--[Fridge 38.4F]---[Fozzy 88.8F]--[Coaster 71.7F]---
Linux Software Developer http://www.brianlane.com
--=-++mu4K/EE8wzUiJmRa73
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Remember Lexington Green!
iD8DBQBAET2XIftj/pcSws0RAlGCAJ4+oW3Ehqu010EDWNUEy9Dt9+x+DACfQs5n
8KkRKpErXmowOpAt8ayLNJ8=
=AgeX
-----END PGP SIGNATURE-----
--=-++mu4K/EE8wzUiJmRa73--
