Hackers break into Senate computers

WASHINGTON Tue Jun 14, 2011 2:38pm EDT

A message from the Lulz Security hacking group regarding the hack of the senate website in seen in a screen grab from the Lulzsecurity.com website taken June 14, 2011. REUTERS/Staff

A message from the Lulz Security hacking group regarding the hack of the senate website in seen in a screen grab from the Lulzsecurity.com website taken June 14, 2011.

Credit: Reuters/Staff

Related Topics

WASHINGTON (Reuters) - The Senate's website was hacked over the weekend, leading to a review of all of its websites, in the latest embarrassing breach of security to hit a major U.S.-based institution.

The loosely organized hacker group Lulz Security broke into a public portion of the Senate website but did not reach behind a firewall into a more sensitive portion of the network, Martina Bradford, the deputy Senate sergeant at arms, said on Monday.

Despite the breach, the Sergeant at Arms Office, which provides security for the Senate, said that the breach had not compromised any individual senator's information.

Lulz announced the hack on Monday.

"We were responding to their allegations. Basically what we're saying that the server they got into is for public access and is in the public side," said Bradford.

Lulz Security, who have hacked into Sony's website and the Public Broadcasting System, posted online a list of files that appear not to be sensitive but indicate the hackers had been into the Senate's computer network.

"We don't like the U.S. government very much," Lulz Security said at the top of their release. "This is a small, just-for-kicks release of some internal data from Senate.gov - is this an act of war, gentlemen? Problem?"

The comment refers to reports that the military had decided that it could respond to cyber attacks from foreign countries with traditional military force.

Senate staffers were alerted about the breach late Monday.

"Although this intrusion is inconvenient, it does not compromise the security of the Senate's network, its members or staff," Bradford said in a statement. "Specifically, there is no individual user account information on the server supporting senate.gov that could have been compromised."

"The hackers may have done the equivalent of burglarizing the Senate and bragging because they managed to steal a bunch of souvenirs from the gift shop," said Stewart Baker, a former cyber official at the Department of Homeland Security. He is now with the law firm Steptoe and Johnson.

'ESPECIALLY EMBARRASSING'

The Senate has been the frequent target of hacking attacks, with tens of thousands thwarted each month, Senate Sergeant at Arms Terrance Gainer told Reuters in early June.

Still, the break-in is just the latest in a series of embarrassing hacks against companies and organizations.

The International Monetary Fund has been hit, as have Lockheed Martin Corp, Citigroup Inc, Google and Michaels Stores.

The break-in would cause embarrassment at the Senate, said John Bumgarner of the Cyber Consequences Unit, a think tank.

"They're all valid directories," he said after looking at data that Lulz posted online. "This is an especially embarrassing incident for the Senate, because they are often asking others to explain why their cybersecurity programs have failed."

"The information disclosed online ... shows that the intruders had administrator-level access to the Senate server. This access could have potentially been used as a jump-off point to compromise other systems in the network," he said.

Lulz, which is Internet slang for 'laugh out loud,' has claimed hacks into websites owned by Sony Corp. It has also claimed responsibility for defacing the Public Broadcasting Service network websites, and for posting on Monday data from PBS servers to protest a "Front Line" documentary about WikiLeaks.

Lulz claimed credit for breaking into a Fox.com website and publishing data about contestants for the upcoming Fox TV talent show, "X Factor." Fox is a unit of News Corp.

Another loosely affiliated hacking group, Anonymous, gained prominence when it temporarily crippled the websites of MasterCard, Visa and PayPal after they cut off financial services to WikiLeaks.

It has also attacked websites in Syria, Tunisia, Egypt and India for political reasons.

(Additional reporting by Donna Smith; Editing by Eric Beech)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (13)
OCTheo wrote:
Does all these hacking break-ins mean that no one is safe? Who designed these so called security platforms for websites?

And where does cloud services like the soon to be inaugurated Apple’s iCloud stand on this security issues? Next they will hack into a nuclear weapons facility. Scary to say the least!

Since the Pentagon is about to run out of issues to declare war on, my guess is that the next “WAR ON…..”, will be hackers. Like War on Terrorism. And this time, the smart bombs will be dropping on American and European soils.

Jun 13, 2011 10:07pm EDT  --  Report as abuse
txgadfly wrote:
In the USA, almost all computing decisions are made by accountants or other non-technical people or by foreigners.

We do not train our own people about computing nor do we employ them. What do you expect? Think it is like mounting a tire or something?

We are steadily falling behind in technology and have been for over 15 years.

Jun 13, 2011 11:39pm EDT  --  Report as abuse
virology101 wrote:
OMG how scary! All of a sudden all the things that those who would further control and censor the internet said would happen, are ‘happening’! Now I’ll bet the sheeple will willingly sign up for an Internet ID or some other nonsense- in the name of safety…

Jun 13, 2011 12:56am EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.