Chinese hackers?
Thursday, July 10th, 2008 by Harry LewisPolitico reports today on Congressional efforts at data security. The story is prompted by claims from Rep. Frank R. Wolf (R-Va.) and Rep. Chris Smith (R-N.J.) that computers used by their staffers had been “hacked” by the Chinese government because the good congressmen supported the speech rights of Chinese citizens.
Unfortunately, as far as I could tell, the congressmen did not provide any forensic evidence about what the “hack” was or where it came from. These are not trivial matters; even if an attack looks like it is coming from China, that could be a spoof — the actual attacker might be half a world away.
More importantly, I suspect this incident reveals more about the sloppiness of congressional offices than about the sophistication of Chinese hackers. I don’t doubt that the Chinese are sophisticated, but even sophisticated criminals prefer soft targets to hard ones. Was it necessary for multiple staffers to have sensitive data, unencrypted, on their computers? Had any of the staffers opened any questionable attachments or gone to any virus-infected sites lately? Note that Supreme Court Justice Stephen Breyer’s recent identity theft happened because a staffer at an investment firm used the same computer for client records and music file sharing. Share one file, share ’em all.
The bad guys are out there, for sure, but when a Congressmen starts creating an international incident out of something that happened two years ago and won’t disclose the details, remember Pogo’s profundity, which I quote in the Politico article: “We have met the enemy and he is us.”