Hackers Attempt to Hold Capitol Hill Data for Ransom

The House's network is partly locked down after hackers tried to infiltrate congressional computers, encrypt their contents, and demand ransom.

Photo: Andrew Harnik/AP

The House is under attack by hackers hoping to infiltrate congressional computers, encrypt their contents, and then force users to pay a ransom to get their access back.

“In the past 48 hours, the House Information Security Office has seen an increase of attacks on the House Network using third party, web-based mail applications such as YahooMail, Gmail,” the House’s Technology Service Desk wrote in an email to House staffers on April 30.

According to the email, obtained by The Intercept, the hacked emails impersonate familiar people and invite staffers to download an attachment laced with malware — what’s known as a “phishing” attack.

“When a user clicks on the link in the attack email, the malware encrypts all files on that computer, including shared files, making them unusable until a ‘ransom’ is paid,” the email said.

But House administrative offices refused to say how many, if any, attacks have been successful, what sort of data may have been affected, or how much has been paid in ransom, if anything.

“The potential for ransomware attacks the House faces is similar to any large organization,” a spokesperson for the chief administrative officer of the House wrote in a statement to The Intercept. “The House recognizes the importance of taking steps to employ a cybersecurity plan to protect our infrastructure, and we constantly work to improve training and education for all House users.”

A lockdown on parts of the House internet network — from Wi-Fi to Ethernet — remains ongoing.

Access to both YahooMail and Google Cloud services hosted by Google’s appspot.com appear to be completely blocked on the House’s network, according to Ted Henderson, a former Hill staffer and founder of two social-network applications designed for Capitol Hill communication: Cloakroom and Capitol Bells. It’s unclear if both blockages, not just Yahoo’s, are related to the ransomware attacks.

Henderson says his several thousand users cannot post to the social networks inside the House office buildings. The way Cloakroom works, you’re normally able to log in either anonymously simply by using Capitol Hill Wi-Fi or with your staff email address. The Senate office buildings don’t appear to be affected.

“This is the first time I’ve seen this happen at a scale like this in five years,” Henderson wrote The Intercept in an email.

In recent months, several lawmakers have penned letters asking the Obama administration how it’s dealing with the problem of ransomware — a type of attack more than two dozen government agencies have admitted to confronting in the past as well.

Now that Congress itself is the target, security researchers are hopeful the issue will draw more national attention. “What you’re seeing in Congress is just part of what’s happening,” Markus Jakobsson, founder of ZapFraud, a scam email detection service, and an expert on phishing attacks, told The Intercept. “This will hopefully bring some awareness to decision makers. … Once they start [going after Congress], there will be changes.”

Ransomware attacks take many forms. Some hackers have managed to infect entire websites with malware.

It’s not clear whether the current spate of attacks on the House network was targeted, or whether House users just happened to find themselves among the ever-growing number of victims.

Ransomware is a major and growing threat to security. Just the day before the House emailed its staff about the attacks, the FBI published a press release titled “Incidents of Ransomware on the Rise,” warning that “hospitals, school districts, state and local governments, law enforcement agencies, small businesses, large businesses” are all under increasing threat of being hacked and ransomed.

Nonprofit health care organization Health Information Trust Alliance warned in April that more than half of 30 hospitals it surveyed were infected with malware — most of it ransomware. Los Angeles hospital Hollywood Presbyterian paid $17,000 to recover its data in March.

Police departments have also been victims of ransomware attacks, sometimes forced to pay up to recover everything. One police chief compared the extortion to “what felt like terrorist threats.”

It’s not at all clear how to solve the problem, though researchers have come up with some solutions and recommendations. “This is something that the technical community is still struggling with getting a firm grip on,” Jakobsson said.

He suggests Congress install several levels of filters to detect possible spam and scams, back up their data, and launch awareness campaigns to alert people to the reality of the problem. “The problem of social engineering is so vast that you can’t just do one and hope that’s enough,” he said.

Join The Conversation