Laptops Desktops Monitors & LCDs Graphics Cards Handhelds Phones Software Networks Printers More »
search
AnchorDesk

Robert Vamosi
Security breach on Capitol Hill: It's criminal

Robert Vamosi
Senior Editor, Reviews
Monday, Jan. 26, 2004
TalkBack!Add your opinion
Let's say you happen to gain access to confidential information, either on a Web site or another individual's system. Do you report it? Do you read the confidential information yet not act on any of it? Or do you read the information and immediately use it to your own personal advantage?

It's question of ethics, really, one that speaks to the integrity of the individual involved and the security policy in place in a given environment.

IF YOU ARE a certain Republican staff member for the politically divisive U.S. Senate Judiciary Committee, apparently you choose that last option. According to the Boston Globe  and other news sources, GOP committee members gained access to computers used by their Democratic colleagues and, from the spring of 2002 well into 2003, both monitored communications and leaked info to the press.

The material obtained through this breach has already been used by columnists and talk show hosts, who offered their audiences unprecedented insight into the inner workings of the Democratic party.

This is as wrong as a criminal hacker breaking into a corporation's Web site. If these allegations hold up under investigation, those responsible should be punished just as a criminal would.

It could happen in the private sector as easily as in the public. Many corporate employees work on shared networks and systems that contain plenty of confidential materials, everything from corporate strategy to trade secrets. Can you imagine the financial losses and legal repercussions had this same thing happened between competing businesses?

What really amazes me is the way accused Senate staffers are defending themselves.

Manuel Miranda, legal counsel for Senate majority leader Bill Frist and one of those being investigated, claims, "there was no wrongdoing." He defends himself and others by saying, "The bottom line here is that the technology staff of the Democrats was negligent. They put these memos in a shared hard drive. It was like putting the memos on our desk."

Sounds to me just like a criminal hacker who's been caught stealing passwords or credit card information. According to the U.S. Patriot Act of 2001, criminal hacking is synonymous with international terrorism. Had this happened within Microsoft or some other large company, you can bet the Department of Homeland Security would be calling a press conference to announce an arrest.

Somehow I doubt we'll see that happening here.

NOT TO DEFEND the Republicans' action, but it is true that none of this would have happened if the government was more careful about computer security. Chris Rouland, vice president of Internet Security Systems's X-Force, told me that the Senate and many corporations put all their security money into protecting the perimeter and have given little thought to what's happening inside their firewalls. He calls it the "hard-candy shell with a soft chewy interior" approach.

Indeed, just last summer many companies were caught off-guard by the MSBlast worm outbreak, in which a single infected PC connected to a corporate network could compromise the other Windows 2000 and XP machines inside the business' firewall.

Rouland said this sort of breach could be eliminated through a layered approach to security. For example, the Senate Judiciary should have one server for each of the major political parties, separated by a firewall. On top of that, every account should be password-protected (something the Senate Judiciary system apparently lacked), every security event logged, and frequent audits run to expose any security compromises.

This breach is not as big a scandal as, say, Watergate, but it is serious. I'd like to see those investigating the case--the Senate sergeant-at-arms and the U.S. Secret Service--press charges. I'd like to see someone facing the same one- to ten-year prison sentence for illegal computer intrusion that criminal hackers face. I'd like to see the same laws written to police you and me applied to those in government. Only then would I feel the U.S. government is run by people of integrity who truly care about computer security.

What do you think should happen to those being investigated for the Senate Judiciary security breach? What do you think will happen? TalkBack to me below!

Previous Story  Next Story 

Special sponsor stores
advertisement
Click Here