http://www.nationaljournal.com/njmagazine/cs_20081220_6787.php By Shane Harris National Journal Magazine Dec. 20, 2008 On October 26, 2006, computer security personnel from across the legislative branch were informed that the Congressional Budget Office had been hit with a computer virus. The news might not have seemed extraordinary. Hackers had been trying for years to break into government computers in Congress and the executive branch, and some had succeeded, making off with loads of sensitive information ranging from codes for military aircraft schedules to design specifications for the space shuttle. Employees in the House of Representatives' Information Systems Security Office, which monitors the computers of all members, staffers, and committee offices, had learned to keep their guard up. Every year of late, they have fended off more than a million hacking attempts against the House and removed any computer viruses that made it through their safeguards. House computers relay sensitive information about members and constituents, and committee office machines are especially loaded with files pertaining to foreign policy, national security, and intelligence. The security office took the information from the CBO attack and scanned the House network to determine whether any machines had been compromised in a similar fashion. They found one. A computer in one member's office matched the profile of the CBO incident. The virus seemed to be contacting Internet addresses outside the House, probably other infected computers or servers, to download malicious files into the House system. According to a confidential briefing on the investigation prepared by the security office and obtained by National Journal, security employees contacted the member's office and directed staffers to disconnect the computer from the network. The briefing does not identify the member of Congress. Apparently worried that the virus could have already infected other machines, security personnel met with aides from the member's office and examined the computer. They confirmed that a virus had been placed on the machine. The member's office then called the FBI, which employs a team of cyber-forensic specialists to investigate hackings. The House security office made a copy of the hard drive and gave it to the bureau. Upon further analysis, the security office found more details about the nature and possible intent of the hack. The machine was infected with a file that sought out computers outside the House system to retrieve "malware," malicious or destructive programs designed to spy on the infected computer's user or to clandestinely remove files from the machine. This virus was designed to download programs that tracked what the computer user typed in e-mail and instant messages, and to remove documents from both the hard drive and a network drive shared by other House computers. As an example of the virus's damage, the security office briefing cited one House machine on which "multiple compressed files on multiple days were created and exported." An unknown source was stealing information from the computer, and the user never knew it. Armed with this information about how the virus worked, the security officers scanned the House network again. This time, they found more machines that seemed to match the profile -- they, too, were infected. Investigators found at least one infected computer in a member's district office, indicating that the virus had traveled through the House network and may have breached machines far away from Washington. [...] _______________________________________________ Help InfoSecNews.org with a donation! http://www.infosecnews.org/donate.htmlReceived on Mon Dec 22 2008 - 01:28:27 PST
This archive was generated by hypermail 2.2.0 : Mon Dec 22 2008 - 01:42:49 PST