A band of computer hackers who pride themselves on attacking vulnerable networks for fun accessed a Senate server that supports the chamber's public website but did not breach other files, a Capitol Hill law enforcement official said Monday. The hackers said the release was a "just for kicks" attempt to help the government "fix their issues."
"Although this intrusion is inconvenient, it does not compromise the security of the Senate's network, its members or staff," Senate Deputy Sergeant-at-Arms Martina Bradford said in a statement.
A hacking cooperative that goes by Lulz Security claimed that it had added a Senate file to its list of successful, high-profile intrusions at a time when governments and corporations are on high guard for cyber intrusions.
"We don't like the US government very much," the website wrote atop the file. "Their sites aren't very secure. "In an attempt to help them fix their issues ... this is a small, just-for-kicks release of some internal data from Senate.gov," the site added.
Bradford said the Senate's technology security staff became aware of the unauthorized access to the Senate's public web site, Senate.gov, over the weekend. The intruder, she said, was only able to read and determine the "directory structure" of the files on that site. Any files that individual Senate offices post on the site breached by Lulz are intended for public consumption, she said.
The vulnerability was traced to a part of the Senate site that is maintained by an individual Senate office, which Bradford did not name. Each senator and committee maintains its own presence on Senate.gov and may not adequately protect the site, she said.
Gainer's office is reviewing all the sites hosted on Senate.gov and urging the chamber's technology chiefs to do the same, Bradford said.