Hackers Attack Senate Web Site
Jun. 12, 1999
WASHINGTON (AP) _ Computer hackers successfully attacked the U.S. Senate's main Web site Friday, the second such electronic assault on the high-profile Internet page in just over two weeks.
The hackers hijacked visitors to the site, www.senate.gov, and subtly misdirected them to another computer on the Internet with a defaced version of the Senate's Web page, said Tom Meenan of the Senate's Sergeant at Arms Office, which operates the Senate site.
``We are trying to identify exactly what the loophole was'' that allowed the hackers to redirect visitors to the other computer, Meenan said late Friday night.
The Associated Press traced the computer hosting the false Senate site to a real estate company in Jacksonville, Fla. Meenan said the FBI was investigating, but noted it was possible that the hackers took control of the Florida company's computers without its knowledge.
``It's a site they may have hacked elsewhere on the Internet,'' Meenan said. ``We don't know the details. We've been in touch with the FBI.''
A telephone message said the offices of the Florida company were closed late Friday night.
The altered site looked similar to the Senate's normal pages. For example, it included a link to a ``today in history'' feature but substituted news that ``Senator Robert F. Kennedy, D-N.Y., was assassinated.''
In an obvious taunt directed at the FBI _ which is conducting a national crackdown on computer hackers _ they wrote on part of the page: ``You can stop one, but you cannot stop all.''
They also left messages supporting infamous hacker Kevin Mitnick, who will be sentenced Monday in Los Angeles to 46 months in prison for computer fraud, and for Eric Burns, 19, who was indicted last month in northern Virginia on three counts of computer intrusion.
Meenan said the Senate's computers were fixed about one hour after the attack, but the repaired address information for the Senate could take days to propagate through the thousands of Internet providers worldwide.
The FBI already was investigating a May 27 attack on the Web site, spokeswoman Debbie Weierman said. ``This current (attack), I can't give you a reason why it happened.''
The FBI made its own Internet site inaccessible last month after hackers overwhelmed its Internet computers using a denial of service attack, a relatively common technique to overload a site.
One computer security expert said the second electronic assault on the Senate site doesn't inspire confidence in Internet security.
``If the FBI and the Senate can be so easily hacked, what does that say for the nation, in the public and private sectors?'' asked James Adams, chief executive officer of Infrastructure Defense Inc., which works to protect companies against hackers.
``What we have at the moment is a quite remarkable lack of knowledge about what's out there and how to defend against it,'' Adams said. ``Until it's addressed, you're going to see this again and again.''
The hackers in the latest assault on the Senate site claimed to belong to the relatively unknown ``Varna Hacking Group.'' The same group claimed responsibility in November 1998 for an attack on a commercial Web site that had been altered with a plea to ``Please help Bulgarian children.'' Varna is a province in Bulgaria.
Earlier this month, Deputy Attorney General Eric Holder promised that anyone attacking a government Web site ``will be prosecuted in a very serious way.''
``We tend to think of these hackers as kind of little cherubs, these little 16- and 15-year-olds who are going around fooling around with their computers,'' Holder said. ``And the reality is, regardless of their age, what they're doing has a very serious impact on the ability of these various agencies to get information out to the public.''
Sherry Little, a spokeswoman for the Senate's technical staff, said after the May 27 attack that technical experts planned to meet with the FBI to put security measures in place.
An obscene message left briefly on the Senate's Web site May 27 said that attack was carried out because of what it said was the FBI's harassment of specific hacker groups, including the group that boasted of earlier breaking into the White House Web site.