The hackers who broke into the Senate’s public web server over the week-end gained access through a security hole on an unidentified senator’s web site, said the Senate sergeant at arms on Tuesday.
The shadowy group, which calls itself Lulz Security, didn’t break through the senate’s firewall and gain access to its internal computer system. Instead, it just accessed senate.gov’s file directory.
Nevertheless, the sergeant at arms’ office on Tuesday issued a statement saying that the group was able to do this because of a security vulnerability on a senator’s web site. The office said that it doesn’t maintain sites for individual senators, but that it closed the security hole after it was discovered.
“As always, we continue to work with our federal cyber security and law enforcement partners to enhance the security of federal government websites,” the office said in a statement issued to the press.
“We are also initiating a review of all the sites hosted on senate.gov, urging the individuals responsible for those sites to conduct their own review, and continuing to take other actions to safeguard the Senate’s public Web presence.”
Along with the poached server logs, Lulz Security posted a note on its web site with the following message:
Greetings friends,
We don’t like the US government very much. Their boats are
weak, their lulz are low, and their sites aren’t very secure.
In an attempt to help them fix their issues, we’ve decided
to donate additional lulz in the form of owning them some more!
This is a small, just-for-kicks release of some internal data
from Senate.gov – is this an act of war, gentlemen? Problem?
– Lulz Security
The week-end prank was one of the latest of a rash of high-profile break-ins that the group has conducted over the past month.
The group has broken into a television talent show’s system in the United Kingdom to expose its database of 250,000 contestants — some of whom are minors, and whose names, dates of birth, phone numbers and e-mail addresses are now openly available on the web.
Lulz Security’s other targets over the past month include Fox.com, Sony, a database connected to a an ATM somewhere in the U.K., PBS, Nintendo, the F.B.I. various gaming companies and Infraguard, a body run by the F.B.I. that works in partnership with the private sector to secure networks.
The group actually announces its targets on Twitter and maintains a phone line, where it encourages people to leave messages at 614-LULZSEC, where a message tells callers “We are not available right now, as we are too busy raping the internets!”
Sen. Susan Collins, R-Maine said in a press statement on Tuesday that “the computer systems of the Executive Branch agencies and the Congress were probed or attacked an average of 1.8 billion times per month last year.”
From TalkingPointsMemo’s IdeaLab at: http://idealab.talkingpointsmemo.com/2011/06/post.php#more