Only hours after the State of the Union, hackers replaced the usual pages that congressmen and committees use with a profane attack on President Barack Obama. As of Thursday afternoon, many of the affected sites still appear to be down.

Hackers seem to have infiltrated the websites of at least 20 House members overnight. Photo: AP

Each of the pages is managed by GovTrends, an Alexandria-based provider of web services. House servers host sites for members of Congress, but all members are free to use outside vendors to manage and upgrade their pages. This practice appears to have allowed third parties access to the Web sites outside of congressional firewalls.

Jeff Ventura, a spokesman for the House chief administrative officer, said that the working theory is that the penetration happened during an upgrade that GovTrends was making to its own system. He said his office is working with the company to figure out how the breach occurred.

“We’re discussing our options,” Ventura said.

Problems have arisen with the same vendor in the past. In August, something similar happened to 18 House members who worked with GovTrends. Officials at the time said staffers on the Hill had not set challenging enough passwords to thwart the attackers. Many of the same offices appear to have been hit again.

GovTrends employees did not return multiple phone or email messages seeking comment.

The successful attacks comes despite the addition of security safeguards in recent years, said a Democratic leadership aide, and it's expected that a review will be ordered by Speaker Nancy Pelosi (D-Calif.).

This attack could increase the pressure by House officers to block GovTrends as a contractor or reconsider policies about using outside technology vendors, security experts say. The House administration manages and hosts about 60 percent of all sites, but members are reimbursed if they want to use outside firms.

On each of the hacked sites, the usual material was replaced by a white screen and the words: "F— OBAMA!! Red Eye CREW !!!!! O RESTO E HACKER !!! by HADES; m4V3RiCk; T4ph0d4 — FROM BRASIL."

Information technology experts at the Capitol are still trying to confirm the origin of the attack. The Praetorian Security Group, a New York-based firm that specializes in detecting computer intrusions, has fingered the Red Eye Crew, an anonymous group that has claimed credit for defacing thousands of web sites. It appears that the group is based in Brazil, and the same loose-knit crew also claimed credit for hacking into 453 government sites in Brazil last August,

The website for Republicans on the House Oversight and Government Reform Committee was hit, as were the home pages of Reps. Joe Wilson (R-S.C.), Peter Welch (D-Vt.), Duncan Hunter (R-Calif.), David Roe (R-Tenn.), Charlie Wilson (D-Ohio), John Tierney (D-Mass.), Charles Gonzales (D-Texas), Brian Baird (D-Wash.), John Barrow (D-Ga.), Mark Kirk (R-Ill.), John Boccieri (D-Ohio), John Olver (D-Mass.), Bobby Bright (D-Ohio), Mike Coffman (R-Colo.), Travis Childers (D-Miss.), Andre Carson (D-Ind.), John Campbell (R-Calif.), Suzanne Kosmas (D-Fla.), Zoe Lofgren (D-Calif.) and other members.

Representatives of several of these offices did not immediately return calls seeking comment.

The apparent attacks, first reported by Hotline's Erin McPike, come days after four men were arrested for attempting to tamper with the phone lines in Democratic Sen. Mary Landrieu's New Orleans office. But investigators say the two events are not linked. In October, a highly sensitive House ethics committee document became public after a staffer inadvertently made it accessible on a file sharing network.

Ventura said this week’s breach will likely lead to stronger enforcement of policies already in place.

“After this happened in August, there was a reiteration and a reaffirmation with all of our vendors,” he said. “You can say that you would like the standards at a certain level or you can insist on it. I think what you’re going to see going forward is an insistence to the adherence of policy, as opposed to just the suggestion that the policy standard has to be a certain level.”

Read more: http://www.politico.com/news/stories/0110/32145.html#ixzz0dwm8jTTr

www.politico.com/news/stories/0110/32145.html#ixzz0duzSOBDL