Saturday, January 14, 2017

Students at Cybersecurity Lab Report Congressional Data Breach

Today George E.E. Kilgore from Ronald Reagan High School told a press conference that school’s Cybersecurity Investigation (CSI) class had found large amounts of sensitive data on computers donated to the school by the office of Congresswoman Dana Miller. Kilgore explained that while he had been assured that all data had been removed from the computers prior to the donation, the students in his CSI class had used the tools and techniques that they had been studying for the last six months to do a deep dive into the memory of the six computers to find information that had been missed when the drives had been sanitized.

Dana Miller explained that the computers had been donated to the Ronald Reagan High School as part of a new program recently signed into law by the President. Miller had been one of the cosponsors of the bill that allowed Congressional offices to donate their used computers to primary and secondary schools. Miller told the press conference that she was proud of the abilities that the students demonstrated in finding the data. She also expressed some concern that the Congressional Data Protection Office (CDPO) had not been able to find the data before the computers were sent to the school.

Kilgore’s presentation at the press conference included a number of slides that showed what types of information were found. The information included:

Copies of documents found in various application directories;
Web browsing histories;
Email contact lists; and
Account information for the Congressional Cloud.

Kilgore explained that the data included in the account information allowed member of his class to access the accounts of Miller and her staff. Asked if the hacking of those accounts was illegal; Miller assured the audience that she had given her permission for the access and that she had confirmed with the local US Attorney that permission ensured that the students had not violated 18 USC 1030.

Also present at the press conference was Larry Ost from the CDPO. When asked why his office had not detected the data breach when they cleared the computers, he replied: “With just two computer technicians in the ten-person office, we only had enough time to check that the standard data files on the computers were erased before the computers were forwarded to the school.”

In apparently related news, Johnathan Quest from the Federal Bureau of Inquiry announced that the FBI had arrested Chester (Moe) Lester, a staffer in Miller’s Washington Office, on child pornography charges. Quest reported that an anonymous tipster had provided the FBI with links to child pornography stored on the Congressional Cloud in Lester’s account.

A statement issued in Washington by Rep. Miller’s office said that the allegations were deplorable and if proven to be true, the alleged behavior was reprehensible. Miller’s office promised full cooperation with the FBI investigation.