January 28, 2010, 8:10 PM — Two lawmakers criticized the Web services company that may have enabled the hacking of almost 50 government Web sites on Wednesday.
In a letter, House Speaker Nancy Pelosi, a California Democrat, and U.S. Representative John Boehner, an Ohio Republican, asked the U.S. House of Representatives’ Chief Administration Officer to immediately assess how hackers managed to deface the Web sites of nearly 50 house members and committees.
The attack seemed to predominantly target Democrats and occurred around the same time that President Barack Obama gave his first State of the Union address. The hackers removed the regular content on the sites, replacing it with rude comments toward the president.
Pelosi and Boehner referred to a previous request to the CAO to review and tighten cybersecurity on the sites. “However, last night’s actions indicate that further review of security procedures are needed,” the letter reads.
Initial reports indicate that the security shortfall may have stemmed from a vendor that offers hosting and support services. “While many Members have expressed satisfaction with the vendor in question, this is the second time in a year websites hosted and supported by this vendor have been compromised,” according to the letter.
While the lawmakers did not identify the vendor, the Associated Press quotes a CAO spokesman identifying it as GovTrends. That’s the same company that supports U.S. Representative Spencer Bacus’ Web site, which was hacked in August. The GovTrends Web site does not list the names of the sites that it supports, but it does feature U.S. Representative Michael Honda’s site, which is still unavailable, possibly due to Wednesday’s hack.
GovTrends did not immediately return a call seeking comment Thursday.
The letter from Pelosi and Boehner asks the CAO to review the security standards for such vendors and figure out if this vendor is adhering to those standards. “We also request that you take immediate action to protect against breaches of the House firewalls and to ensure website security of all House offices,” it reads.