public-release.txt


       United States Senate Internet Services - An update

       The following message was sent to all Senate offices on Friday,
June E 1999 at 6:34 pm:

       A security incident involving the Senate's presence on the Internet
took place late Friday afternoon, June 11. Despite initial press reports
that the Senate's web server was hacked, the site itself was not touched
in this incident.

       What did happen is that for a brief period Friday evening, Internet
users were temporarily routed to a non-government server posing as
www.senate.gov, which was located elsewhere on the Internet when they
tried to connect to the Senate web server. The Senate's server was not
hacked in the incident and remains available to the general public.

       "The incident this afternoon involved an unauthorized alteration of
the Senate's external domain name server (DNS), which is used to route
Internet traffic to the Senate web server. Although the Senate web server
was not altered, hackers did succeed in changing an entry in the DNS
server", according to Tom Meenan of the Senate Sergeant at Arms office.

       This unauthorized change on the Senate DNS server resulted in
Internet users being temporarily directed to a server other than the
Senate's web server when they attempted to connect to www.senate.gov.
Although this had the net effect of making it appear that the Senate web
site had been "hacked,' what was actually occurring was that for a short
period of time late Friday afternoon and early evening, another web server
on the Internet was temporarily identified as "www.senate.gov".

       Although this comprises a security breach, the Senate server itself
was not "hacked" in this incident The Sergeant at Arms office is again
working with law enforcement authornies in response to this incident At
this time, the Senate web site remains fully operational.

	United States Senate Internet Services - An update

	The following message was sent to all Senate offices on Friday,
	June E 1999 at 6:34 pm:

	A security incident involving the Senate's presence on the Internet
	took place late Friday afternoon, June 11. Despite initial press reports
	that the Senate's web server was hacked, the site itself was not touched
	in this incident.

	What did happen is that for a brief period Friday evening, Internet
	users were temporarily routed to a non-government server posing as
	www.senate.gov, which was located elsewhere on the Internet when they
	tried to connect to the Senate web server. The Senate's server was not
	hacked in the incident and remains available to the general public.

	"The incident this afternoon involved an unauthorized alteration of
	the Senate's external domain name server (DNS), which is used to route
	Internet traffic to the Senate web server. Although the Senate web server
	was not altered, hackers did succeed in changing an entry in the DNS
	server", according to Tom Meenan of the Senate Sergeant at Arms office.

	This unauthorized change on the Senate DNS server resulted in
	Internet users being temporarily directed to a server other than the
	Senate's web server when they attempted to connect to www.senate.gov.
	Although this had the net effect of making it appear that the Senate web
	site had been "hacked,' what was actually occurring was that for a short
	period of time late Friday afternoon and early evening, another web server
	on the Internet was temporarily identified as "www.senate.gov".

	Although this comprises a security breach, the Senate server itself
	was not "hacked" in this incident The Sergeant at Arms office is again
	working with law enforcement authornies in response to this incident At
	this time, the Senate web site remains fully operational.