A DDoS attack is one of the oldest, simplest, and lamest ways to "hack" anything, but lost in the news of recent attacks on Gawker and Twitter has been this even lamer "hack" of Congressional websites.
Apparently, on August 1 and 2, a "hacker" "hacked" the websites of 20 members of congress, replacing all the text with "H4ck3d by 3n_byt3 @ Indonesia H4ck3rs." How did Indonesia H4ck3rs do it? Are they brilliant computer masterminds, like in the popular film Hackers?
Sort of! From Roll Call:
House officials say that the hacker accessed the site by guessing passwords assigned to Member offices by GovTrends, a Web design company that hosts the sites of about 100 Members. Some offices never changed the passwords, which GovTrends founder Ab Emam called "obvious" and easy to guess.
Ah, the old "guessing the easy-to-guess password" trick.
Rep. Spencer Bachus is pissed that no one told him that his website had been hacked for a couple hours. He wrote a letter about it and everything! He demands answers.
Bachus asked the CAO to provide copies of the Web logs and "evidence supporting GovTrends speculation" that the hacker simply guessed the password.
"Please provide an explanation of the vulnerability that allowed this situation to occur and what is being done to prevent it from happening again in the future," he wrote. "It is extremely important that my constituents can trust that information provided to my office is kept confidential and secure."
Well, Spencer, you could've changed your password. It was "password1," wasn't it? Admit it.