« Greetings, New Readers? | Main | Left Deploys the Googlebomb »

Hacking Hatch

It appears that a Republican staffer hacked into the files of Democratic committee members in order to leak confidential documents on the Democrat's judicial confirmation strategies.

The majority of my training in systems administration came from the time I spent working in the U.S. Senate, so I'm watching this with interest. None of the stories I've found so far have the technical details of how this was done, so I can't sensibly comment. All I can say is that the sysadmins in the Senate were normally working hard at a difficult job, and I'd not be surprised if someone made a network share accessible that they shouldn't have.

(Yes, that wouldn't excuse a staffer who leaked the memos instead of alerting the SA that security was compromised. And it might have been deliberate 'hacking,' in the sense of an actual stolen password or trojan horse or something. I don't see it as likely, and my immediate if uninformed guess would be that someone took advantage of a barn door left open.)

If this happened because some non-partisan SA was negligent, my heart really goes out to him...

UPDATE: An astute commentator pointed me to this Opinion Journal article.

A statement put out last week by Mr. Hatch's office says that the accused staffer "improperly accessed at least some of the documents referenced in the media reports." That accusation bears scrutiny in light of how the committee's computer system is organized: Until Nov. 16, all Judiciary staffers used the same computer server and had access to a shared drive, a system put in place when Sen. Leahy took over as chairman in 2001 and hired his own IT staff.

The Leahy techies neglected to put up a firewall between the GOP and Democratic staff, making it possible for all staffers to read everything posted on the shared drive. No one hacked into anyone's private files. These are, in effect, Leahy leaks.

So why is the hapless staffer being hounded? And why is no one reporting the much bigger story of the memos?


Now this I buy. I don't know much about Senate committee IT staffing, but it sounds a lot more plausible. The term 'firewall' seems rather odd there, implying it might have been one server and two networks, but this sounds a lot more like a garden variety leak: someone left information in a ludicrous place, and someone else (acting unethically) gave it to a third party to publish. And I'm betting some poor SA takes the blame at some point.

As for the Opinion Journalist's question about why no one is paying attention to the 'bigger question' of the memos? It's not that big a deal. The fact that a Democratic staffer might have stated "most of Bush's nominees are nazis" is not great news, though it's tacky. (One does wonder if the staffer who wrote that will get similar castigation to Trent Lott.) The memos themselves are a pretty damning indication that Washington politics are crass, and delaying a nomination in order to specifically affect the outcome of a court case doesn't pass the stink test. But I don't think there's anything in the memos that surprises me. (For what it's worth, you can find the memos here.)

But then again, if the 'hacking' amounts to someone cutting and pasting files off a badly-secured server, I doubt this goes down in the annals of the great leaks of the Senate, either.

Posted by Anthony on December 5, 2003 8:25 PM |

Comments

check out http://www.opinionjournal.com/editorial/feature.html?id=110004370

Posted by: sdfgh | December 5, 2003 8:47 PM

First off, my guess is that 'firewall' should actually be read as permissions, and that the writer simply does not understand the finer distinctions of computer terminology Secondly, I don't really have time to do actual research (and shame on you A. for blogging when you should be studying, although since we are in the same class, feel free to keep doing it :-), but, this does seem illegal to me. This statute seems like one that might apply. Whoever (2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains-- (B) information from any department or agency of the United States; and (e)(6) the term "exceeds authorized access" means to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter; So it seems to come down to what the definition of 'entitled' is.

Posted by: Josh | December 6, 2003 3:54 PM

It might be a crime (indeed, I think it is): but it's not hacking. ;) All I was saying. And yeah, I think you're likely right that she means 'permissions,' but I figured I ought to point out the possibility.

Posted by: A. Rickey | December 6, 2003 4:04 PM

A. Rickey, you're more of a dork than i am, and i'm in the engineering school

Posted by: gideon | December 7, 2003 1:21 PM

how do i hack msn display pictures?

Posted by: Adam | September 27, 2005 5:51 PM

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

NOTICE TO SPAMMERS, COMMENT ROBOTS, TRACKBACK SPAMMERS AND OTHER NON-HUMAN VISITORS: No comment or trackback left via a robot is ever welcome at Three Years of Hell. Your interference imposes significant costs upon me and my legitimate users. The owner, user or affiliate who advertises using non-human visitors and leaves a comment or trackback on this site therefore agrees to the following: (a) they will pay fifty cents (US$0.50) to Anthony Rickey (hereinafter, the "Host") for every spam trackback or comment processed through any blogs hosted on threeyearsofhell.com, morgrave.com or housevirgo.com, irrespective of whether that comment or trackback is actually posted on the publicly-accessible site, such fees to cover Host's costs of hosting and bandwidth, time in tending to your comment or trackback and costs of enforcement; (b) if such comment or trackback is published on the publicly-accessible site, an additional fee of one dollar (US$1.00) per day per URL included in the comment or trackback for every day the comment or trackback remains publicly available, such fee to represent the value of publicity and search-engine placement advantages.

Giving The Devil His Due

And like that... he is gone (8)
Bateleur wrote: I tip my hat to you - not only for ... [more]

Law Firm Technology (5)
Len Cleavelin wrote: I find it extremely difficult to be... [more]

Post Exam Rant (9)
Tony the Pony wrote: Humbug. Allowing computers already... [more]

Symbols, Shame, and A Number of Reasons that Billy Idol is Wrong (11)
Adam wrote: Well, here's a spin on the theory o... [more]

I've Always Wanted to Say This: What Do You Want? (14)
gcr wrote: a nice cozy victorian in west phill... [more]

Search


Choose Stylesheet

What I'm Reading

cover
D.C. Noir
My city. But darker.
 cover
A Clockwork Orange
About time I read this...

Shopping

The 3YoH Store

Projects I've Been Involved With

A Round-the-World Travel Blog: Devil May Care (A new round-the-world travel blog, co-written with my wife)
Parents for Inclusive Education (From my Clinic)

Syndicated from other sites

The Columbia Continuum
Other Blogs by CLS students