Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Lax security left Senate files wide open (Memogate)
www.gcn.com ^ | 3/5/2004 | William Jackson

Posted on 03/08/2004 6:25:22 PM PST by GodGunsandGuts

Edited on 03/08/2004 6:34:15 PM PST by Admin Moderator. [history]

GOP staff members of the Senate Judiciary Committee had free access to sensitive Democratic computer files because of what investigators termed a “significant lack of security” on the committee’s network.

A report by the Senate sergeant at arms has blamed the poor controls on the IT administrator’s inexperience and lack of training.

“Forensic analysis indicated that a majority of the files and folders on the server were accessible to all users on the network,” said the report, released yesterday. “Any user on the network could read, create, modify or delete any of the files or folders.”

The report made recommendations for improving the committee’s computer security, including setting minimal technical skill standards for administrators.

The problems came to light in a three-month investigation by Sergeant at Arms William H. Pickle about leaks of Democratic memos to the press late last year. The apparent intent was to embarrass Democrats by revealing political strategies in opposing conservative judicial nominations. But the investigation exposed partisan spying by several GOP staff members.

In what was described as an unprecedented investigation, the sergeant at arms hired an outside computer forensics firm to help in the investigation.

Republican and Democratic committee staffs share a single LAN, which until recently had a single administrator. Investigators found that user accounts established before August 2001 were generally created with strict access controls. Those established after that date, when a new administrator was hired, were open.

According to Pickle’s report, a committee clerk discovered he could access Democratic files in the fall of 2001 while he watched the systems administrator working. Improper access apparently continued until last spring, when the network hardware and software were upgraded. Although many accounts remained open, the directories no longer were visible to most users. A new administrator was hired last July.

Most of the investigation’s results came from interviews with staff members. Security practices were so inadequate that forensics specialists said they could learn little.

“While there was extensive forensic analysis of servers and individual workstations, the results were limited due to the absence of proactive security auditing,” the report said.

No record was kept of changes in access controls, and it was not possible to tell who was accessing what files.

The sergeant at arms concluded that the lapses were not the result of malicious behavior by the administrator, who was hired just out of college, but rather of lack of experience, training and oversight.

The problems found in the investigation were not limited to that period, or to the Judiciary Committee.

“Like some other Senate offices, the Judiciary Committee has historically been staffed with systems administrators who preferred to perform most computer-related tasks themselves,” the report said. “This has been true even if they had only minimal technical experience.”

Since the leak was discovered, the committee’s Republican and Democratic staffs have been put on separate LANs with separate administrators. Chairman Orrin Hatch (R-Utah) and ranking Democrat Patrick Leahy of Vermont requested a network security audit by the General Services Administration in February.

Although the report identified several possible ethics and criminal violations, it made no recommendation for legal action. It did, however, recommend these actions to improve IT security throughout the Senate:


(Excerpt) Read more at gcn.com ...


TOPICS: Breaking News; Government; News/Current Events; Technical
KEYWORDS: collusionmemos; computer; memo; memogate; senate; servers
hmmm....I figured as much but here is the official finding. I can tell you my keester would be in the soup line if I did this. Also interesting that the whole infrastructure was taken care of by one admin.
1 posted on 03/08/2004 6:25:22 PM PST by GodGunsandGuts
[ Post Reply | Private Reply | View Replies]

To: GodGunsandGuts
I assume the firings are over.
2 posted on 03/08/2004 6:28:09 PM PST by Spruce (Pres. J.F.Kerry would be an absolute disaster for western civilization.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: GodGunsandGuts
Hey democrats, we are sorry about filegate...we are sorry you found out and put a password on your publically acessible files. Sorry, you put the information out there, you don't take the proper security procedures so that they can be read without any security invasion (double click!) and it is your fault.

miserable failure miserable failure miserable failure miserable failure war criminal

3 posted on 03/08/2004 6:28:12 PM PST by Fun Bob
[ Post Reply | Private Reply | To 1 | View Replies]

To: GodGunsandGuts
THE DIMS ARE GETTING DIMMER.
4 posted on 03/08/2004 6:29:43 PM PST by jocko12
[ Post Reply | Private Reply | To 1 | View Replies]

To: Miss Marple; Howlin; PhiKapMom; Mo1; onyx


Lax security left Senate files wide open

By William Jackson
GCN Staff


GOP staff members of the Senate Judiciary Committee had free access to sensitive Democratic computer files because of what investigators termed a “significant lack of security” on the committee’s network.

A report by the Senate sergeant at arms has blamed the poor controls on the IT administrator’s inexperience and lack of training.

“Forensic analysis indicated that a majority of the files and folders on the server were accessible to all users on the network,” said the report, released yesterday. “Any user on the network could read, create, modify or delete any of the files or folders.”

The report made recommendations for improving the committee’s computer security, including setting minimal technical skill standards for administrators.

The problems came to light in a three-month investigation by Sergeant at Arms William H. Pickle about leaks of Democratic memos to the press late last year. The apparent intent was to embarrass Democrats by revealing political strategies in opposing conservative judicial nominations. But the investigation exposed partisan spying by several GOP staff members.

In what was described as an unprecedented investigation, the sergeant at arms hired an outside computer forensics firm to help in the investigation.

Republican and Democratic committee staffs share a single LAN, which until recently had a single administrator. Investigators found that user accounts established before August 2001 were generally created with strict access controls. Those established after that date, when a new administrator was hired, were open.

According to Pickle’s report, a committee clerk discovered he could access Democratic files in the fall of 2001 while he watched the systems administrator working. Improper access apparently continued until last spring, when the network hardware and software were upgraded. Although many accounts remained open, the directories no longer were visible to most users. A new administrator was hired last July.

Most of the investigation’s results came from interviews with staff members. Security practices were so inadequate that forensics specialists said they could learn little.

“While there was extensive forensic analysis of servers and individual workstations, the results were limited due to the absence of proactive security auditing,” the report said.

No record was kept of changes in access controls, and it was not possible to tell who was accessing what files.

The sergeant at arms concluded that the lapses were not the result of malicious behavior by the administrator, who was hired just out of college, but rather of lack of experience, training and oversight.

The problems found in the investigation were not limited to that period, or to the Judiciary Committee.

“Like some other Senate offices, the Judiciary Committee has historically been staffed with systems administrators who preferred to perform most computer-related tasks themselves,” the report said. “This has been true even if they had only minimal technical experience.”

Since the leak was discovered, the committee’s Republican and Democratic staffs have been put on separate LANs with separate administrators. Chairman Orrin Hatch (R-Utah) and ranking Democrat Patrick Leahy of Vermont requested a network security audit by the General Services Administration in February.

Although the report identified several possible ethics and criminal violations, it made no recommendation for legal action. It did, however, recommend these actions to improve IT security throughout the Senate:

  • Establish technical skills assessment, certification and continuing education requirements for system administrators
  • Set minimum qualifications for administrators
  • Create a best-practices manual for computer security
  • Require ethics and computer security training for all new employees.


5 posted on 03/08/2004 6:32:01 PM PST by deport (For Sale: Iraqi rifle, never fired, dropped once)
[ Post Reply | Private Reply | To 4 | View Replies]

To: GodGunsandGuts
If the GOP staff members had access, than others must have also. Maybe it WASN'T a GOP staff member who "leaked" the information.

I smell a RAT. First you leave the information accessible, then you "leak" it and blame your opponent.....Sounds like a set up to me.
6 posted on 03/08/2004 6:32:04 PM PST by hoosiermama (Ask Kerry to list the major pieces of enacted legislation he has authored in his career.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: hoosiermama
The Republicans should censure themselves
and then give the Democrats an award for stealing (and using ) the FBI files.
7 posted on 03/08/2004 6:39:18 PM PST by Diogenesis (If you mess with one of us, you mess with all of us)
[ Post Reply | Private Reply | To 6 | View Replies]

To: GodGunsandGuts
Miranda, the Repub staffer who resigned(?), was on with Cal Thomas of Fox News, and stated that many of the Dem memos are not legally protected documents. So, why have these memos not been made public? Why isn't Sen. Frist talking about the content of the memos? This should have been the primary issue....but the Dems are good at manipulating the media. Frist should replace Hatch as Chair of Judicial Committee.
8 posted on 03/08/2004 6:42:01 PM PST by 4integrity (AJ)
[ Post Reply | Private Reply | To 1 | View Replies]

To: GodGunsandGuts
I rescind my comment in post #2.

This is not about computer security. It's about the treason words spoken and recorded.
9 posted on 03/08/2004 6:42:23 PM PST by Spruce (Pres. J.F.Kerry would be an absolute disaster for western civilization.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: hoosiermama
No, sounds like typical RINO rollover.
Shoot the messenger, and forget all about the message.
Judge the style, not the substance.
Nail a man for tax evasion, and forget all about actual murders and victims.
We must set priorities in investigating political crimes! /sarcasm//.


10 posted on 03/08/2004 6:44:21 PM PST by sarasmom ("I'm a redneck and Charles Bronson was a sissy".(Permission to use as tag granted by The Toll)
[ Post Reply | Private Reply | To 6 | View Replies]

To: Fun Bob
Always remember to leave those "Democrat" and "Republican" shares open to Everyone. It's too much of a headache to use group profiles. And never turn on auditing. Someone might yell at you if you question their activities on the network.
11 posted on 03/08/2004 6:55:16 PM PST by angkor
[ Post Reply | Private Reply | To 3 | View Replies]

To: hoosiermama
smell a RAT. First you leave the information accessible, then you "leak" it and blame your opponent

"No record was kept of changes in access controls, and it was not possible to tell who was accessing what files."

12 posted on 03/08/2004 6:58:03 PM PST by angkor
[ Post Reply | Private Reply | To 6 | View Replies]

To: Diogenesis
Right on! Mrs. Clinton's stealing of over 900 FBI files vs. some stupid computer glitch merits far more investigation.
13 posted on 03/08/2004 6:59:16 PM PST by harpo11 (Give 'em Hell Team Bush! The Right Didn't Start the Fire! We're Fightin' to Put It Out!)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Fun Bob
miserable failure miserable failure miserable failure miserable failure war criminal
(worth repeating)
14 posted on 03/08/2004 7:03:08 PM PST by Cultural Jihad
[ Post Reply | Private Reply | To 3 | View Replies]

To: harpo11
That wasn't a computer glitch -- they were provided to her (via Livingstone, I believe) by the FBI.
15 posted on 03/08/2004 7:09:35 PM PST by expatpat
[ Post Reply | Private Reply | To 13 | View Replies]

To: hoosiermama
Miranda should get his job back. He has been vindicated by this report. He is one of the good guys and deserves our support.
16 posted on 03/08/2004 7:17:46 PM PST by savedbygrace
[ Post Reply | Private Reply | To 6 | View Replies]

To: savedbygrace
Answer this one. If the RATs can't keep their own files secure, how would they ever keep our country secure?

17 posted on 03/08/2004 7:33:09 PM PST by Loyal Buckeye
[ Post Reply | Private Reply | To 16 | View Replies]

To: GodGunsandGuts
What portion of this computer server does the DNC own? We know that the DNC illegally used government computers during the Clinton administration.

How are these memos "Democrat" or "Democratic" files? They are files. I do not read that any falsification of identity was needed to become "super user" and to have access to the files. There was no "theft" because there was no security.

Teddy Kennedy has compared this to Watergate but the DNC does not own this space. When I worked at Compaq we commonly shared files across the network. Secure drives containing confidential information required password access.

Miguel Miranda is a whistelblower into possibly illegal corruption between 501c3 charities (like the NAACP) and senators who were trying to manipulate court decisions by withholding judicial nominees.

The Rats are just upset that a paper trail remains.

18 posted on 03/08/2004 7:35:39 PM PST by weegee ('...Kerry is like that or so a crack sausage.')
[ Post Reply | Private Reply | To 1 | View Replies]

To: Loyal Buckeye
You're asking the wrong person. I mean, I know the right answer (they can't), but I'm not the one you need to ask.
19 posted on 03/08/2004 7:37:32 PM PST by savedbygrace
[ Post Reply | Private Reply | To 17 | View Replies]

To: GodGunsandGuts
Can't everyone wake up? The RATS set the system up. They "snooped" from the start. So what, if they were exposed on anything? They could count on the media to run cover, which it has. (Have the chicom $$$$$$$ arrived yet?) That's what set of the "CFR" farce,remember?
20 posted on 03/08/2004 7:39:05 PM PST by Waco
[ Post Reply | Private Reply | To 1 | View Replies]

To: GodGunsandGuts
And .. what I find very interesting is that 2 years ago when someone from the repub offices alerted the dems of the security lapse, they DID NOTHING .. why?? Maybe because the dems liked being able to have access to all the repub memos.

I'm thinking that way because of the way the dems reacted to the disclosure of the nasty dem memo, and accused the repubs of "hacking", "burglary", "stealing", etc. - as soon as I heard that, the first thing that came to mind was, "me thinks thou protesteth too much".
21 posted on 03/08/2004 7:43:03 PM PST by The Final Harvest (The 2004 Election is for the SOUL of AMERICA)
[ Post Reply | Private Reply | To 1 | View Replies]

To: hoosiermama
See my #21
22 posted on 03/08/2004 7:45:34 PM PST by The Final Harvest (The 2004 Election is for the SOUL of AMERICA)
[ Post Reply | Private Reply | To 6 | View Replies]

To: weegee
I think it was Greg Jarrett the other day on Fox - he was hot and came very close to calling the guest a liar over the "stolen" memo issue. He was especially upset over the collusion between a senator and the NAACP. He also brought up the comment in the memo which says they can't have Estrada because he's Latino! Greg was livid!!
23 posted on 03/08/2004 7:54:18 PM PST by The Final Harvest (The 2004 Election is for the SOUL of AMERICA)
[ Post Reply | Private Reply | To 18 | View Replies]

To: GodGunsandGuts
There was no leak. The Democraps treat their political heavy handedness the same as they treat matters of National Security. Didn't Billy Clintoooooon arrange for the encryption coding of our satellite communications to go to the Chinese - LORAL or something like that?
24 posted on 03/08/2004 7:55:44 PM PST by leprechaun9 (Beware of little expenses because a small leak will sink a great ship!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: GodGunsandGuts
Let's not forget that we're talking about the same Democrat party that somehow failed to archive all the White House emails during the Clinton years because the server name was "mail" instead of "Mail", at least that was the excuse given by the crack IT staff when they found that all the email backup tapes were blank.

Of course, that was the same Democrat White House that had the West Wing phone banks reduced to less than state-of-the-art systems because they didn't want the ability to have phone calls traced to specific offices.

With the deviousness that they show everywhere else, one has to assume that everything they do has some kind of plausible deniability "out" in the plan.

-PJ

25 posted on 03/08/2004 8:28:37 PM PST by Political Junkie Too (It's not safe yet to vote Democrat.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: deport

Thank you.
26 posted on 03/08/2004 9:05:36 PM PST by onyx (Kerry' s a Veteran, but so were Lee Harvey Oswald, Timothy McVeigh and Benedict Arnold.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: GodGunsandGuts
You know, I kind of admire how the Dems handled this. It's amazing how they turned what could have been a PR nightmare around and made it into an attack on the Repubs. Of course it's unfair and of course it takes gall.

But consider first just who allowed this to happen. And please consider first one Orrin Hatch who is the biggest of the Repub apologists. He FIRED a guy for looking at a memo that was not protected or passworded or kept out of the public domain in any fashion. Ole Orrin would let a Dem pee on his shoe, tell him it's raining, and apologize for not having larger shoes.

Instead of standing up and fighting like men, the Repubs were once again weak. They had political dynamite in those memos and they stood by and let the Dems turn it against them.

My fellow Freepers, stop all yer complaining. If this were a board game the Dems would have won handily due to excellent strategizing.

Only it's not a board game and if the Repubs don't grow a pair or get a clue, they are going to lose the election.

Simple as that.

27 posted on 03/08/2004 9:25:34 PM PST by Fishtalk (Once a liberal and victim of all the spin. Ask me to interpret.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: GodGunsandGuts
GOP staff members of the Senate Judiciary Committee had free access to sensitive Democratic computer files because of what investigators termed a “significant lack of security” on the committee’s network.

"Here. Make these files accessible to Republicans. We can say they stole them, and pull off another Water Gate. Ahhhh , just like the good old days."

28 posted on 03/08/2004 9:27:59 PM PST by concerned about politics ( Liberals are still stuck at the bottom of Maslow's Hierarchy)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Fun Bob
eeeewh! There was no warning on your link!
29 posted on 03/08/2004 9:50:39 PM PST by Libertina
[ Post Reply | Private Reply | To 3 | View Replies]

To: GodGunsandGuts
Checkout MoveOn.org's earlier take on this. They must have sent out lots of press releases to every nickel and dime paper in the country. This one bought their propaganda:

Hatch caught in embarrassing online tryst with publisher of stolen RAT documents (FR mentioned)

30 posted on 03/08/2004 10:45:25 PM PST by CedarDave (A lie from your opponent left unanswered becomes the truth in the eye of a typical "swing" voter.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: All
http://www.freerepublic.com/focus/f-news/1015980/posts
MemoGate- sedition, slander-- or something worse?
Various FR links | 11-06-03 | The Heavy Equipment Guy


 

31 posted on 03/09/2004 12:12:02 AM PST by backhoe (--30--)
[ Post Reply | Private Reply | To 30 | View Replies]

To: GodGunsandGuts; 4integrity
Anybody wonder if the tenderfootedness of Frist Repubs etal about attacking the Dems on this (and other recent things) is because the Pubs are still nervous about their own strategic info security?

Suppose they suspected that their e-communications were potentially comprimised and that faxes were a non-starter uncontrolled hardcopy alternative.....

...how would Republicans get their talking points out?

I just offer this as a possible explanation as to partly why we see pitiful Pub reaction to the Dem lie machine, and why the only response we get is an old fashioned point-source response from the President, and nobody is prepared with talking points to back him up widely in the media.

32 posted on 03/09/2004 6:36:31 AM PST by sam_paine (X .................................)
[ Post Reply | Private Reply | To 1 | View Replies]

To: CyberAnt
Maybe there is a "bigger fish" to catch on this one?....Another "follow the money" perhaps? OTOH it may just be stupidity.
33 posted on 03/09/2004 6:54:25 AM PST by hoosiermama (Ask Kerry to list the major pieces of enacted legislation he has authored in his career.)
[ Post Reply | Private Reply | To 22 | View Replies]

To: GodGunsandGuts
Any user on the network could read, create, modify or delete any of the files or folders

Guess they all had administrative rights......

34 posted on 03/09/2004 7:30:35 AM PST by b4its2late (If you think no one cares about you, try missing a couple of payments.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: GodGunsandGuts
And since they all had administrative rights, what information did the demorat staffers get, hmmm?
35 posted on 03/09/2004 7:31:48 AM PST by b4its2late (If you think no one cares about you, try missing a couple of payments.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: sam_paine
Sam, I, too, wonder if the Senate Repubs are keeping quiet on the Dem memos cause of their own "dirty laundry".
36 posted on 03/09/2004 9:03:42 AM PST by 4integrity (AJ)
[ Post Reply | Private Reply | To 32 | View Replies]

To: hoosiermama
Well .. I think the dems are in deep doo-doo on this issue. These open files means they had just as much access as the repubs did .. and I'll NEVER be convinced the dems didn't take advantage of it.

I agree there may be bigger fish to fry. I sure hope they refer this to the DOJ - no matter how loudly the dems howl. These memos are disgraceful and the dems need to be held accountable.
37 posted on 03/09/2004 2:57:37 PM PST by The Final Harvest (The 2004 Election is for the SOUL of AMERICA)
[ Post Reply | Private Reply | To 33 | View Replies]

To: GodGunsandGuts
No doubt hired because the admin was somebody's buddy, not for their qualifications.
38 posted on 03/09/2004 10:38:59 PM PST by jospehm20
[ Post Reply | Private Reply | To 1 | View Replies]

To: GodGunsandGuts
A report by the Senate sergeant at arms has blamed the poor controls on the IT administrator’s inexperience and lack of training.

I'll say. Your average-level network user should understand the nature of protecting your file access....

39 posted on 03/11/2004 7:01:39 AM PST by atomicpossum (Fun pics in my profile)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Waco

In August 2001 weren't the Rats in charge and Leahy chairman?


40 posted on 07/26/2004 8:09:02 PM PDT by pieces of time
[ Post Reply | Private Reply | To 20 | View Replies]

To: pieces of time
VT Senator Pat 'Leaky' Leahy
41 posted on 07/27/2004 12:12:35 PM PDT by Fixit (www.cafeshops.com/W2004)
[ Post Reply | Private Reply | To 40 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson