14 DAY TRIAL // The official websites of at least eighteen U.S. Representatives were defaced this month by an Indonesian hacker who sprayed e-graffiti over them. The Chief Administrative Officer for the House of Representatives blames a web design company, which issued weak administrative passwords.
Each Representative in the U.S. Congress has their own website hosted at house.gov, the domain used by the House of Representatives. These sites contain their biographies, news about their activity, methods of contact, the committees they serve on and other such public information.
The Zone-H Web defacement archive records and mirrors fourteen of these incidents, which occurred on August 4 and 5. The defacements are attributed to a hacker calling himself 3n_byt3, whose stats reveal a total of 797 similar attacks dating back to March 2008. The [rep_name].house.gov attack is considered a mass defacement one as it was hosted at the same IP address. The hacker seems to be good at this, as so far, he has 366 mass defacements under his belt.
According to The Washington Post, a spokesperson for Rep. Harry Mitchell, whose website was amongst those victimized, said that the compromise occurred by brute forcing the password. The Web pages have since been cleaned from the rogue "H4ck3d by 3n_byt3 @ Indonesia H4ck3rs" messages posted all over the place and a stronger password has been chosen.
The Office of the Chief Administrative Officer (CAO) for the House of Representatives has been investigating the incidents and determined that they were the result of inadequate security practices on behalf of the company contracted to host and design a number of the websites.
"The defacements were the digital version of graffiti and did not result in the theft or loss of any sensitive data or materials. Over the last year the House has continued aggressively fortifying its security systems. These improvements to our systems resulted in the swift identification of the site defacements, which were fixed within hours of being detected," Jeff Ventura, spokesman for CAO, commented for Security Fix.
The firm that the chief administrative officer holds responsible is called GovTrends and describes itself as “a trusted web solutions vendor for commercial and government clients, including the United States Congress.” The company defended itself by saying that those were default passwords, meant to be changed by the Representatives' offices. It has since started to enforce the use of stronger passwords.