Skip to comments.Lax security left Senate files wide open (Memogate)
Posted on 03/08/2004 6:25:22 PM PST by GodGunsandGutsEdited on 03/08/2004 6:34:15 PM PST by Admin Moderator. [history]
GOP staff members of the Senate Judiciary Committee had free access to sensitive Democratic computer files because of what investigators termed a significant lack of security on the committees network.
A report by the Senate sergeant at arms has blamed the poor controls on the IT administrators inexperience and lack of training.
Forensic analysis indicated that a majority of the files and folders on the server were accessible to all users on the network, said the report, released yesterday. Any user on the network could read, create, modify or delete any of the files or folders.
The report made recommendations for improving the committees computer security, including setting minimal technical skill standards for administrators.
The problems came to light in a three-month investigation by Sergeant at Arms William H. Pickle about leaks of Democratic memos to the press late last year. The apparent intent was to embarrass Democrats by revealing political strategies in opposing conservative judicial nominations. But the investigation exposed partisan spying by several GOP staff members.
In what was described as an unprecedented investigation, the sergeant at arms hired an outside computer forensics firm to help in the investigation.
Republican and Democratic committee staffs share a single LAN, which until recently had a single administrator. Investigators found that user accounts established before August 2001 were generally created with strict access controls. Those established after that date, when a new administrator was hired, were open.
According to Pickles report, a committee clerk discovered he could access Democratic files in the fall of 2001 while he watched the systems administrator working. Improper access apparently continued until last spring, when the network hardware and software were upgraded. Although many accounts remained open, the directories no longer were visible to most users. A new administrator was hired last July.
Most of the investigations results came from interviews with staff members. Security practices were so inadequate that forensics specialists said they could learn little.
While there was extensive forensic analysis of servers and individual workstations, the results were limited due to the absence of proactive security auditing, the report said.
No record was kept of changes in access controls, and it was not possible to tell who was accessing what files.
The sergeant at arms concluded that the lapses were not the result of malicious behavior by the administrator, who was hired just out of college, but rather of lack of experience, training and oversight.
The problems found in the investigation were not limited to that period, or to the Judiciary Committee.
Like some other Senate offices, the Judiciary Committee has historically been staffed with systems administrators who preferred to perform most computer-related tasks themselves, the report said. This has been true even if they had only minimal technical experience.
Since the leak was discovered, the committees Republican and Democratic staffs have been put on separate LANs with separate administrators. Chairman Orrin Hatch (R-Utah) and ranking Democrat Patrick Leahy of Vermont requested a network security audit by the General Services Administration in February.
Although the report identified several possible ethics and criminal violations, it made no recommendation for legal action. It did, however, recommend these actions to improve IT security throughout the Senate:
(Excerpt) Read more at gcn.com ...
Of course, that was the same Democrat White House that had the West Wing phone banks reduced to less than state-of-the-art systems because they didn't want the ability to have phone calls traced to specific offices.
With the deviousness that they show everywhere else, one has to assume that everything they do has some kind of plausible deniability "out" in the plan.
But consider first just who allowed this to happen. And please consider first one Orrin Hatch who is the biggest of the Repub apologists. He FIRED a guy for looking at a memo that was not protected or passworded or kept out of the public domain in any fashion. Ole Orrin would let a Dem pee on his shoe, tell him it's raining, and apologize for not having larger shoes.
Instead of standing up and fighting like men, the Repubs were once again weak. They had political dynamite in those memos and they stood by and let the Dems turn it against them.
My fellow Freepers, stop all yer complaining. If this were a board game the Dems would have won handily due to excellent strategizing.
Only it's not a board game and if the Repubs don't grow a pair or get a clue, they are going to lose the election.
Simple as that.
"Here. Make these files accessible to Republicans. We can say they stole them, and pull off another Water Gate. Ahhhh , just like the good old days."
Suppose they suspected that their e-communications were potentially comprimised and that faxes were a non-starter uncontrolled hardcopy alternative.....
...how would Republicans get their talking points out?
I just offer this as a possible explanation as to partly why we see pitiful Pub reaction to the Dem lie machine, and why the only response we get is an old fashioned point-source response from the President, and nobody is prepared with talking points to back him up widely in the media.
Guess they all had administrative rights......
I'll say. Your average-level network user should understand the nature of protecting your file access....
In August 2001 weren't the Rats in charge and Leahy chairman?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.