Editore"s Note
Tilting at Windmills

Email Newsletter icon, E-mail Newsletter icon, Email List icon, E-mail List icon Sign up for Free News & Updates

March 8, 2004
By: Kevin Drum

MEMOGATE....So how did Republicans get access to those Democratic files on the Senate Judiciary Committee? The Pickle report is now available and makes everything clear. The full report is here (warning: large PDF file), but here's the geek summary.

Basically, every member of the Judiciary Committee has an account that includes a home directory on the committee's main server. Until August 2001 those accounts had strict permissions that enabled only the owner of the directory to access it. But then the committee got a new system administrator, Brian Wikner, who had, shall we say, geekitis:

Like some other Senate offices, the Judiciary Committee has historically been staffed with Systems Administrators who preferred to perform most computer-related tasks themselves. This has been true even if they had only minimal technical experience before becoming the Committee's System Administrator.

Yeah, been there, done that. Wikner, even though he was fresh out of college, declined to ask for help and apparently was sloppy with permissions. When he set up new accounts he just accepted the default "open" permission, which allows anyone access to the directory.

So that answers that: it was sloppiness on the part of the sysadmin. But did anyone ever warn Wikner that the new accounts he created both Democratic and Republican were vulnerable? The previous sysadmin says no:

Mr Davis does not recall ever notifying Mr. Wikner of the fact that he was able to access folders that should have been closed...."I could only have deemed him as being sloppy with some permissions and not some problem that of which others would take advantage. What I can remember is leaving him a message to call me about a concern and he didn't return my call."

And what happened the first time Republican staffer Jason Lundell figured out he could exploit this vulnerability? He found a bunch of files and gave them to his boss, Rena Comisac:

He printed approximately 100-200 pages of documents pertaining to Judge Pickering's nomination and gave them to Ms. Comisac in an attempt to get on good terms with her....He reported that two days later Mr. [Alex] Dahl and Ms. Comisac admonished him not to use the Democratic documents and Ms. Comisac shredded the materials he had given her.

It's also clear that Comisac didn't realize Lundell had free access to other people's files. She thought he had gotten the documents simply because he had inherited someone else's PC and the previous owner's documents hadn't been completely erased.

So here's the summary:

  • The pilfered documents were accessible due to sloppiness on the part of the sysadmin.

  • It wasn't just Democratic files. Every account created after August 2001 was wide open.

  • No one ever told the sysadmin about this problem.

  • The first time that Lundell showed some files to his Republican boss, she shredded the files and told him to knock it off. "This is not the way they do things here," she said.

I'll probably have more later after I've read the full report. In the meantime, Josh Marshall has a few pointed questions.

Kevin Drum 10:51 AM Permalink | Trackbacks

Bookmark and Share
 
Comments




 

 

Read Jonathan Rowe remembrance and articles
Email Newsletter icon, E-mail Newsletter icon, Email List icon, E-mail List icon Sign up for Free News & Updates

Advertise in WM



buy from Amazon and
support the Monthly