US Senators say it shouldn’t be a secret when they’ve been hacked

Take a look at the security headlines and you’ll see report after report of businesses and large organisations being hacked.

Sensitive databases are accessed, passwords are stolen, email archives are plundered, innocent people are put at risk, and corporations get a kick up the backside that they need to take security more seriously.

But what you don’t tend to hear about are hacks of computer systems belonging to the US Congress.

In fact, aside from the LulzSec hacking gang’s defacement of the Senate’s website in 2011, the last time a breach of congressional computers was publicly disclosed was in March 2009, when then-Senator Bill Nelson revealed computers in his office had been attacked three times in the previous month, and that one of his office’s PCs was “talking to a computer in some international arena.”

Federal agencies and companies are required by law to disclose breaches, but Congress is under no such obligation – meaning that the public may have no idea that their political representatives have been hit. This is despite an admission at a hearing in 2017 that “the Senate is considered a prime target for cybersecurity breaches.”

Now, two senators – Democrat Ron Wyden and Republican Tom Cotton – think it’s time for the secrecy to end.

Wyden and Cotton, both members of the US Senate Intelligence Committee, make their case for transparency in an open letter:

“During the last decade, hackers have successfully infiltrated U.S. government agencies including the Office of Personnel Management, health care firms such as Anthem, and technology giants like Google. Hackers continue to target all manner of government entities, and there is little doubt that Congress is squarely in their sights.”

“We believe that the lack of data regarding successful cyber attacks against the Congress (Read more...)