Group Claims Hack on Senate ComputersLulz Security Also Behind Attacks on Sony, PBS and Infragard
In a message posted on its website Monday, LulzSec says: "We don't like the U.S. government very much. Their boats are weak, their lulz are low and their sites aren't very secure. In an attempt to help them fix their issues, we've decided to donate additional lulz in the form of owning them some more! This is a small, just-for-kicks release of some internal data from Senate.gov - is this an act of war, gentlemen? Problem? - Lulz Security."
The message was followed by a list of files Lulz says came from Senate computers.
The Senate Sergeant at Arms Office confirmed that the Senate's website had been hacked this past weekend and that it has ordered a review of all Senate computer sites.
"The intruder did not gain access into the Senate computer network and was only able to read and determine the directory structure of the files placed on senate.gov," a statement issued by the Sergeant at Arms reads. "That server is for public access on the public side of the Senate's network firewall, and any files that individual Senate offices place there are intended for public consumption."
The Senate Sergeant at Arms Office said its staff traced the source of the access to a vulnerability in a portion of the website that is maintained by an individual Senate office, and immediately took steps to remove the vulnerability. Each Senate member and committee maintains its own presence on senate.gov and might not incorporate recommended security protocols. The Sergeant at Arms Office said its staff has configured the server to minimize the damage that can be caused by a vulnerability in any portion of the site. "Although this intrusion is inconvenient, it does not compromise the security of the Senate's network, its members or staff," the statement says. "Specifically, there is no individual user account information on the server supporting senate.gov that could have been compromised."
A Department of Homeland Security spokesman says the United States Computer Readiness Team, known as U.S.-CERT, is in close contact with the Senate and state government and law enforcement partners to provide analysis and mitigation solutions in response to the intrusion.
Lulz Security is known as a grey-hat computer hacker group that intrudes computers not necessarily for personal gain or malicious intent, but to make a political or social statement against the victim organization. Among the organizations Lulz Security claims to have attacked are Sony, weeks after the initial PlayStation breach (see Breach Gets Sony to Create CISO Post), PBS and the Atlanta chapter of InfraGard, a company affiliated with the FBI, among others targets.
It's unclear why Lulz Security hacked the Senate computers, but the phrase, "is this an act of war, gentlemen?" refers to the hack of InfraGard, when it said in a post: "NATO and our good friend Barrack Osama-Llama 24th-century Obama have recently upped the stakes with regard to hacking. They now treat hacking as an act of war."