Hacking Hatch
It appears that a Republican staffer hacked into the files of Democratic committee members in order to leak confidential documents on the Democrat's judicial confirmation strategies.
The majority of my training in systems administration came from the time I spent working in the U.S. Senate, so I'm watching this with interest. None of the stories I've found so far have the technical details of how this was done, so I can't sensibly comment. All I can say is that the sysadmins in the Senate were normally working hard at a difficult job, and I'd not be surprised if someone made a network share accessible that they shouldn't have.
(Yes, that wouldn't excuse a staffer who leaked the memos instead of alerting the SA that security was compromised. And it might have been deliberate 'hacking,' in the sense of an actual stolen password or trojan horse or something. I don't see it as likely, and my immediate if uninformed guess would be that someone took advantage of a barn door left open.)
If this happened because some non-partisan SA was negligent, my heart really goes out to him...
UPDATE: An astute commentator pointed me to this Opinion Journal article.
A statement put out last week by Mr. Hatch's office says that the accused staffer "improperly accessed at least some of the documents referenced in the media reports." That accusation bears scrutiny in light of how the committee's computer system is organized: Until Nov. 16, all Judiciary staffers used the same computer server and had access to a shared drive, a system put in place when Sen. Leahy took over as chairman in 2001 and hired his own IT staff.The Leahy techies neglected to put up a firewall between the GOP and Democratic staff, making it possible for all staffers to read everything posted on the shared drive. No one hacked into anyone's private files. These are, in effect, Leahy leaks.
So why is the hapless staffer being hounded? And why is no one reporting the much bigger story of the memos?
Now this I buy. I don't know much about Senate committee IT staffing, but it sounds a lot more plausible. The term 'firewall' seems rather odd there, implying it might have been one server and two networks, but this sounds a lot more like a garden variety leak: someone left information in a ludicrous place, and someone else (acting unethically) gave it to a third party to publish. And I'm betting some poor SA takes the blame at some point.
As for the Opinion Journalist's question about why no one is paying attention to the 'bigger question' of the memos? It's not that big a deal. The fact that a Democratic staffer might have stated "most of Bush's nominees are nazis" is not great news, though it's tacky. (One does wonder if the staffer who wrote that will get similar castigation to Trent Lott.) The memos themselves are a pretty damning indication that Washington politics are crass, and delaying a nomination in order to specifically affect the outcome of a court case doesn't pass the stink test. But I don't think there's anything in the memos that surprises me. (For what it's worth, you can find the memos here.)
But then again, if the 'hacking' amounts to someone cutting and pasting files off a badly-secured server, I doubt this goes down in the annals of the great leaks of the Senate, either.
Comments
check out http://www.opinionjournal.com/editorial/feature.html?id=110004370
owvupPosted by: sdfgh | December 5, 2003 08:47 PM
First off, my guess is that 'firewall' should actually be read as permissions, and that the writer simply does not understand the finer distinctions of computer terminology
Secondly, I don't really have time to do actual research (and shame on you A. for blogging when you should be studying, although since we are in the same class, feel free to keep doing it :-), but, this does seem illegal to me.
This statute seems like one that might apply.
Whoever
(2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains--
(B) information from any department or agency of the United States;
and
(e)(6) the term "exceeds authorized access" means to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter;
So it seems to come down to what the definition of 'entitled' is.
Posted by: Josh | December 6, 2003 03:54 PM
It might be a crime (indeed, I think it is): but it's not hacking. ;) All I was saying.
And yeah, I think you're likely right that she means 'permissions,' but I figured I ought to point out the possibility.
xrulbdPosted by: A. Rickey | December 6, 2003 04:04 PM
A. Rickey, you're more of a dork than i am, and i'm in the engineering school
mldww nfpoqpaPosted by: gideon | December 7, 2003 01:21 PM
how do i hack msn display pictures?
Posted by: Adam | September 27, 2005 05:51 PM