By Jordy Yager - 01/28/10 10:55 PM EST
House leaders called for additional steps to safeguard the lawmakers' websites from cyber attacks, like the ones that that struck nearly 50 members' sites on Thursday.
The House is investigating how a Brazilian-based hacking group known as “Red Eye Crew” was able to infiltrate 49 lawmakers' websites and leave its moniker along with a profane denouncement of President Barack Obama.
Speaker Nancy Pelosi (D-Calif.) and Minority Leader John Boehner (R-Ohio), in a letter sent to Chief Administrative Officer (CAO) Dan Beard, made the calls for heightened cyber security in the face of recent actions taken by Beard to strengthen House firewalls and Blackberry security.
Pelosi and Boehner also pointed to the House’s use of outside vendors such as GovTrends, which maintains the websites affected by the hackers, and called on Beard to assess whether further security protocols need to be implemented for them. More than a dozen websites maintained by GovTrends were attacked in August as well.
“From initial reports, these intrusions appear to be related to one website vendor which has had previous security failures,” Pelosi and Boehner said in the letter. “While many Members have expressed satisfaction with the vendor in question, this is the second time in a year websites hosted and supported by this vendor have been compromised.”
Pelosi and Boehner called on the House Administration Committee to work with the CAO to “review the security standards for House vendors and to assess whether this vendor, and others, have adhered to those standards.”
Committee Chairman Rep. Robert Brady (D-Penn.) said the attacks would “not be tolerated and transcend any political ideology or party affiliation.” Brady said he has directed his committee staff to “develop and implement the appropriate protective measures.”
The ranking Republican on the committee, Rep. Dan Lungren (Calif.)
called the cyber attacks "extremely troubling" and promised to work
with Brady towards a resolution.
The office of the CAO said it anticipated the affected sites from Thursday’s attack would be up and running within the next 24 hours.
A spokesman said that there were ongoing discussions among House officials as to the next course of action, particularly surrounding the strengthening of security as it pertains to outside vendors like GovTrends.
And Rep. Spencer Bachus (R-Ala.) asked House officials to release more specifics regarding the attacks.
In a letter to the CAO, Bachus requested the House investigate whether the findings regarding an August attack on his website could have prevented Thursday's attack.
The office of the CAO said that it was too soon to answer the question of how, or if, the two attacks are related and whether the findings of the August attack could have helped prevent Thursday's attacks.
"We are still doing a comparative analysis of both situations and right now we're dealing with the present situation and the comparative analysis of what happened in August versus what happened now will probably come later," said Jeff Ventura, a spokesman for the CAO.
In the August cyber attack on Bachus’s and other lawmakers’ websites, GovTrends said the sites were hacked because the offices were still using the weak generic passwords they had initially been given.
Now, Bachus wants to know if there were any other reasons, other than the weak password, for the August incident and if all of the “safeguards” recommended by the CAO after its investigation were implemented. Bachus also asked the CAO if a third party vendor, such as GovTrends, has ever been prohibited from doing business with members because it failed to provide adequate security protections.
Bachus’s office has been in communication about both cyber attacks with Gary Warner, the director of research in computer forensics at the University of Alabama at Birmingham.
The hacker responsible for the August attacks goes by the name “3n_byt3” and has gone on to infiltrate more than 300 organizations, including the websites of foreign governments, according to an e-mail Warner sent to Bachus’ chief of staff and was obtained by The Hill. Authorities should have pursued the investigation in August and attempted to prosecute the hacker, Warner said.
“Assuming that the password was changed back in August, the fact that the website was re-hacked today is further proof that the vulnerabilities that should have been identified in August have never been properly investigated,” Warner said in the e-mail.
The group has been hacking the areas of the federal government since 2002 or before, including the Department of Transportation, NASA, and the Agriculture Department, according to Warner.
GovTrends did not return calls requesting comment.
-- This article was originally posted at 5:05 p.m.