Democrats' cyber-embarrassment offers lessons on IT security

The office of Senate Sergeant at Arms William Pickle is investigating the apparent unauthorized access to computer files of the Judiciary Committee Democratic staff, and hopes to present a report to the committee in three or four weeks, a source familiar with the investigation said.

The apparent compromise of Democratic files by Republican counterparts offers lessons to those assigned to safekeeping sensitive information.

'It appears to be a simple security policy issue,' said Chris Rouland, vice president of the X-Force research and development department of Internet Security Systems Inc. of Atlanta.

It appears to be a case of using default security settings in which passwords for new users were left blank or access permissions were left wide open, Rouland said. 'It looks like there was a lack of enforcement and auditing of policy.'

The Sergeant at Arms is investigating how Democratic memos got into Republican hands between spring 2002 and April 2003. The documents discussed Democratic strategies for responding to nominations to the federal bench. The breach appears to be the result of a mistake in configuring new Democratic user accounts on a shared server.

The quiet exploitation of this flaw for as long as a year reflects a growing trend in computer hacking, Rouland said. Rather than breaking into a system publicly for the bragging rights, hackers motivated by political or financial gain are taking advantage of vulnerabilities for as long as possible without calling attention to themselves.

Rouland said the compromise appears to be a classic case of an IT system that is crunchy on the outside but chewy on the inside'lacking internal security against insider threats.

'The exterior perimeter of Senate.gov is certainly hardened,' he said. Architecturally both Democratic and Republican staffs are insiders, but politically they are opponents with a need to keep data confidential. In any organization, internal security can be just as important as perimeter security.

About the Author

William Jackson is a Maryland-based freelance writer.

Featured

  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected