WASHINGTON (The Blaze/AP) — A band of computer hackers who pride themselves on attacking vulnerable networks for fun accessed a Senate server that supports the chamber’s public website but did not breach other files, a Capitol Hill law enforcement official said Monday. The hackers said the release was a “just for kicks” attempt to help the government “fix their issues.”
“Although this intrusion is inconvenient, it does not compromise the security of the Senate’s network, its members or staff,” Senate Deputy Sergeant-at-Arms Martina Bradford said in a statement.
A hacking cooperative that goes by Lulz Security claimed that it had added a Senate file to its list of successful, high-profile intrusions at a time when governments and corporations are on high guard for cyber intrusions.
The group has claimed credit for hacking into the systems of Sony and Nintendo and for defacing the PBS website after the public television broadcaster aired a documentary seen as critical of WikiLeaks founder Julian Assange.
Lulz is a reference to Internet-speak for “laugh out loud.”
Earlier Monday, Lulz posted on its website an email that listed one of Senate Sergeant-At-Arms Terry Gainer’s staffers as the administrator.
“We don’t like the US government very much,” the website wrote atop the file. “Their sites aren’t very secure.
“In an attempt to help them fix their issues … this is a small, just-for-kicks release of some internal data from Senate.gov,” the site added. “Is this an act of war, gentlemen? Problem?”
Bradford said the Senate’s technology security staff became aware of the unauthorized access to the Senate’s public web site, Senate.gov, over the weekend. The intruder, she said, was only able to read and determine the “directory structure” of the files on that site. Any files that individual Senate offices post on the site breached by Lulz are intended for public consumption, she said.
However, the site Zero Hedge wonders if Lulz was able to get usernames and passwords:
A cursory investigation does not reveal the exposition of any sensitive data…. This time. Yet one thing LulzSec most certainly acquired was the user/pass combinations of all individuals affiliated with the Senate, and are likely currently actively downloading all their emails. We continue to wonder just how safe the Fed’s email server is…
The vulnerability was traced to a part of the Senate site that is maintained by an individual Senate office, which Bradford did not name. Each senator and committee maintains its own presence on Senate.gov and may not adequately protect the site, she said.
Gainer’s office is reviewing all the sites hosted on Senate.gov and urging the chamber’s technology chiefs to do the same, Bradford said.