Senate says hackers didn’t break through firewall
Earlier today, TechPresident reported that hackers LulzSec had broken into the Senate's website, Senate.gov. LulzSec posted what appears to be directories of files already posted in various Senate websites.
Martina Bradford, Deputy Sergeant-at-Arms of the Senate, told the Reporting Group that while hackers had accessed the server supporting the public website, they hadn't gained access to internal Senate files like mail servers or the Senate intranet. "There are always people coming at us, and we do a pretty good job of staying many steps ahead of them," she said.
TechPresident noted that when LulzSec hacks a site, they usually deface it; the Senate sites appear to be normal.
Bradford said the hackers exploited a weakness in one office's website, which has now been rectified.
Her full statement is below:
"This past weekend Senate IT security staff became aware of unauthorized access to the server supporting the Senate’s public Web presence, senate.gov. The intruder did not gain access into the Senate computer network and was only able to read and determine the directory structure of the files placed on senate.gov. That server is for public access on the public side of the Senate’s network firewall, and any files that individual Senate offices place there are intended for public consumption. Senate Sergeant at Arms staff traced the source of the access to a vulnerability in a portion of the website that is maintained by an individual Senate office, and immediately took steps to remove the vulnerability. Because each Senate member and committee maintains its own presence onsenate.gov and may not always incorporate recommended security protocols, Sergeant at Arms staff has configured the server to minimize the damage that can be caused by a vulnerability in any portion of the site. Although this intrusion is inconvenient, it does not compromise the security of the Senate’s network, its members or staff. Specifically, there is no individual user account information on the server supporting senate.gov that could have been compromised.
"As always, we continue to work with our federal cyber security and law enforcement partners to enhance the security of federal government websites. We are also initiating a review of all the sites hosted on senate.gov, urging the individuals responsible for those sites to conduct their own review, and continuing to take other actions to safeguard the Senate’s public Web presence."