Democrats' cyber-embarrassment offers lessons on IT security

The office of Senate Sergeant at Arms William Pickle is investigating the apparent unauthorized access to computer files of the Judiciary Committee Democratic staff, and hopes to present a report to the committee in three or four weeks, a source familiar with the investigation said.

The apparent compromise of Democratic files by Republican counterparts offers lessons to those assigned to safekeeping sensitive information.

'It appears to be a simple security policy issue,' said Chris Rouland, vice president of the X-Force research and development department of Internet Security Systems Inc. of Atlanta.

It appears to be a case of using default security settings in which passwords for new users were left blank or access permissions were left wide open, Rouland said. 'It looks like there was a lack of enforcement and auditing of policy.'

The Sergeant at Arms is investigating how Democratic memos got into Republican hands between spring 2002 and April 2003. The documents discussed Democratic strategies for responding to nominations to the federal bench. The breach appears to be the result of a mistake in configuring new Democratic user accounts on a shared server.

The quiet exploitation of this flaw for as long as a year reflects a growing trend in computer hacking, Rouland said. Rather than breaking into a system publicly for the bragging rights, hackers motivated by political or financial gain are taking advantage of vulnerabilities for as long as possible without calling attention to themselves.

Rouland said the compromise appears to be a classic case of an IT system that is crunchy on the outside but chewy on the inside'lacking internal security against insider threats.

'The exterior perimeter of is certainly hardened,' he said. Architecturally both Democratic and Republican staffs are insiders, but politically they are opponents with a need to keep data confidential. In any organization, internal security can be just as important as perimeter security.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.