The Hacker News Logo
Subscribe to Newsletter

Facebook accounts of four Missouri state legislators hacked !

Internet hackers are targeting Missouri accompaniment assembly and their staff, and no one knows absolutely how or why.

Since the aldermanic affair started Jan. 5, bristles bodies on the Abode ancillary of the Capitol accept appear their Facebook accounts actuality hacked: three Republican legislators, one Democratic administrator and one Republican staffer.

It is the best concentrated, boundless adventurous of hacking contest the Abode has seen.

"If the letters are true, this is a fasten in what we've accomplished in the past," said Adam Crumbliss, the Abode clerk. "We're audition added about it than we anytime have."

Though no exact annual has been established, the instances of hacking point to a potentially broad computer aegis hole: A free, accessible wireless arrangement for Abode visitors and legislators serves as a basic acceptable mat for hackers, aegis experts say. Anniversary of the bristles contempo hacking victims had acclimated the arrangement recently.

In contempo years, politicians accept aggressively adopted Facebook and added amusing media as a accessible relations tool, application the Internet to advance their behavior and acquaint with constituents. If a hacker alters a lawmaker's anxiously crafted accessible message, the political accident can be actual and lasting.

On Jan. 21, an awkward cachet amend was acquaint to the claimed Facebook folio of apprentice Rep. Donna Lichtenegger, R-Jackson, for a brace of hours.

"I adulation lobbyist! (sic) All the chargeless aliment and being you get. This job is awesome!" the column read.

Typically, Lichtenegger said, she abandoned uses Facebook every Friday to column updates about her aldermanic activities during the week. At the Capitol, Lichtenegger usually accesses the Internet through a adequate annual for legislators.

But on the day her Facebook was hacked, Lichtenegger logged on to Facebook application the House's chargeless accessible wireless Internet.

A few hours later, she accomplished that her annual had been compromised. By then, annual of the column had advance and accompaniment political blogs had best up on the story.

"I aloof don't assurance this stuff, and now I apperceive why," she said.

And she's not alone.

About three weeks ago, apprentice Rep. Dave Schatz, R-Sullivan, saw that his Facebook cachet had been afflicted to one that acclaimed chargeless aliment and ability from lobbyists -- about identical to the cachet afterwards acquaint to Lichtenegger's Facebook page.

"I didn't apperceive area this was advancing from, so I didn't say annihilation about it," Schatz said.

Though Schatz does not accede himself a computer expert, he said he had a anticipation as to how his annual was hacked.

"I apperceive that I was on the accessible Wi-Fi connection, and that's back I was hacked," Schatz said. "In a accessible Wi-Fi setting, they were able to drudge into that armpit and comedy a little joke."

In all of the cases in which Facebook accounts were accessed in the House, the owners of the accounts had acclimated the Abode accessible Wi-Fi network. Some legislators said they use the accessible wireless Internet about exclusively, and some said they don't apperceive how to admission the defended Internet arrangement for legislators.

On the Senate ancillary of the Capitol, area there accept been no complaints of hacking, all Internet networks are monitored to capricious extents: The centralized anchored arrangement is overseen added stringently; the accessible network, superficially. Amy Niedergerke, administrator of computer advice systems for the Senate, said the aldermanic anatomy primarily keeps tabs on Web cartage that ability be harmful, like abeyant bacilli or hacking threats.

But on the Abode ancillary of the Capitol building, the accessible wireless arrangement goes unwatched. Crumbliss said the Abode wants to ensure individuals' abandon to cream the Web afterwards affair for government censorship or surveillance.

"We appetite it to be a free, accessible arrangement that anyone who comes in has admission to," Crumbliss said.

That abandon doesn't appear afterwards risk.

The Kansas Legislature accustomed the antithesis back it configured its accessible wireless network.

"There's a bucking amid how abundant aegis you allegation to be secure, and the citizens' appropriate to appear in and apperceive about and accept admission to their government," said Larry Kettlewell, the arch advice aegis administrator for the Kansas accompaniment government.

Kettlewell's band-aid is a accessible wireless Internet arrangement that is chargeless and does not crave a password, but is monitored for threats by a aegis team. The bulk of ecology a wireless arrangement can ambit badly -- from a almost bargain automatic arrangement programmed to analyze specific threats, to about $50,000 for an employee-monitored system, he said.

In animosity of the associated expense, Kettlewell said he would never acquiesce the accessible Wi-Fi arrangement in the Kansas Capitol to go afterwards at atomic a minimum akin of security.

"You accept no way of alive if somebody has been able to accretion admission to your arrangement and the bulk of admission they accept to advice you ability accede sensitive," he said. "If you don't adviser what's action in and out of your network, you don't apperceive if accession is aggravating to admission advice for a bent purpose."

According to James Lewis, who researches cybersecurity issues at the Center for Strategic and International Studies in Washington, acrimonious up advice from a wireless arresting is generally a simple endeavor.

Wi-Fi, he said, may not be what accustomed hackers to admission the Facebook accounts of Missouri Abode members; in abounding cases, he credibility out, passwords are not difficult to guess.

"It's annual aggravating to amount out if this was a wireless botheration or a countersign problem," Lewis said. "That would accord you an abstraction of what aegis you need."

Cybersecurity threats accept added acutely in contempo months. They accommodate a affairs alleged Firesheep that targets Wi-Fi users' clandestine annual information.

Firesheep, which can be downloaded for chargeless from the Web, allows users with little computer ability to admission the clandestine Internet accounts acceptance to bodies on a aggregate wireless network, and alike accept ascendancy of those accounts as if they were anniversary account's owner.

For Fowler Brown, Firesheep has presented a cogent abstruse headache.

Brown is the architect of Hotzona, a aggregation that helps accommodate wireless Internet to the Arizona Capitol and monitors the arrangement chargeless of charge.

Firesheep, Brown said, is "like accession sitting alfresco your home with an antenna acicular at your house, and you wouldn't necessarily apperceive it."

"Firesheep is one of those things that afraid the hell out of us with accepting into people's Facebook and avaricious passwords."

On the Arizona Capitol's accessible wireless network, Brown said, acceptance is monitored for apprehensive activity, and legislators are abreast of the risks.

"Firesheep is handing you their password, so you appetite to accomplish abiding you're attention them as abundant as possible," Brown said.

In the past, the Missouri Abode has toyed with the abstraction of alone application a anchored wireless arrangement for accessible users, and it still leaves the advantage accessible for bodies who appeal a password. But, Crumbliss said, bodies weren't annoyed with the annual back a countersign was appropriate for everyone: Journalists complained that it was an obstacle to their work, while visitors to the Capitol begin the login action cumbersome.

Now, alike admitting the Abode offers a separate, defended arrangement for legislators to use for official assignment in accession to the accessible wireless Internet, abounding don't.

For his part, Crumbliss said he would admonish legislators of the risks associated with alive on a wireless arrangement and appetite them to use their defended Internet for acute tasks.

Meanwhile, at atomic one absolute acquaintance has appear of a compromised Facebook account. Rep. Stacey Newman, D-Richmond Heights, whose Facebook annual was afraid aloof one day afterwards the alpha of session, has acclimated her acquaintance to advance fresh relationships -- in absolute life, instead of on the Internet.

After audition annual aftermost anniversary that Lichtenegger's Facebook had been hacked, too, Newman accomplished beyond the alley to ache with her Abode colleague. She joked that the two accept formed their own bipartisan conclave to altercate hacking-related matters.

Newman said the adventurous of computer aegis breaches does affair her.

"Now that it's happened to a few of us in the Abode -- why? It does accomplish you alpha to wonder," she said. "I don't apperceive what the abutting footfall should be, but I'm actual disconcerted."

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.