The U.S. House of Representatives has ordered an investigation into the hacking incident of 49 websites belonging to its members and committees.
The hackers posted a vulgar one-line comment on the websites right after President Barack Obama’s State of the Union address Wednesday night. The Red Eye Crew, Brazil’s notorious hacker organization, took credit for the anti-Obama tirade.
Some of the websites were immediately pulled down following the defacement, and some of them remained down until the following day. As of Thursday morning, some of the websites were still down for maintenance, including those belonging to Reps. Mike Honda (D-Calif.), Joe Wilson (R-S.C.), Harry Mitchell (D-Ariz.), Duncan Hunter (R-Calif.), Spencer Bachus (R-Ala.), Jesse Jackson Jr. (D-Ill.), and Brian Baird (D-Wash.)
The incident prompted House Speaker Nancy Pelosi and Minority Leader John Boehner to request Chief Administrative Officer (CAO) Daniel Beard to give a full report as to how the hackers were able to access and deface the websites.
“We request that you initiate an immediate and comprehensive assessment of how hackers were able to deface the websites of nearly fifty House Members and Committees last night. In the past, we jointly requested that your office review and tighten cybersecurity protections designed to ensure that congressional offices and committees are safeguarded from unauthorized intrusions,” the letter read.
In the letter, Pelosi and Boehner recalled “previous security failures” by GovTrends, the Alexandria-based web service provider which maintains the sites. In August 2009, some 18 House websites managed by the same vendor were hacked by Indonesian cracker 3n_byt3 reportedly because employees failed to change the default password. GovTrends maintains about 100 member sites.
Pelosi wrote that the incident “indicate(s) that further review of security procedures are needed. From initial reports, these intrusions appear to be related to one website vendor which has had previous security failures. While many Members have expressed satisfaction with the vendor in question, this is the second time in a year websites hosted and supported by this vendor have been compromised. We therefore request that your office work with the Committee on House Administration to review the security standards for House vendors and to assess whether this vendor, and others, have adhered to those standards. We also request that you take immediate action to protect against breaches of the House firewalls and to ensure website security of all House offices.”
The hacked websites were from within the domains of house.gov, most of which belonged to members of the House. Other affected sites were republicans.oversight.house.gov, gop.cha.house.gov, republicans.financialservices.house.gov, and resourcescommittee.house.gov, which are owned by House committees.
The CAO manages most of these websites, but private vendors such as GovTrends maintain around 40 percent of them. According to Jeff Ventura, spokesman for the House chief administrative officer, the CAO is considering a possible action against GovTrends.
According to Softpedia, web defacement records from Zone-H revealed that the Red Eye Crew was responsible for over 45,000 defacements in 2009 alone. Some of these websites belong to governments, military forces, and top business corporations.
{ 0 comments… add one now }