http://judiciary.senate.gov/testimony.cfm?id=1085&wit_id=2514

03-06-2004

http://judiciary.senate.gov/testimon...85&wit_id=2514

Some excerpts:

"Mr. _____ began working for the majority in the Nominations Unit of the
Judiciary Committee on September 19, 2001. He was interviewed and hired by
Mr. _____, the Republican Staff Director for the Committee at that time. Mr.
_____'s responsibilities involved the handling and processing of nominations
paperwork. Later he was given additional responsibilities, including
researching for the Committee's attorneys and speaking with the Department
of Justice's Legislative Affairs and Legal Policy representatives. He stated
that he worked for Ms. _____ and Mr. _____.
According to Mr. _____, he became aware that he could access the files of
Democratic staff some time in October or November of 2001. He made this
discovery after watching the Committee's Systems Administrator, Mr. _____,
perform some work on his computer. An admittedly curious person, Mr. _____
attempted to duplicate what the System Administrator had done after Mr.
_____ left his workspace. According to Mr. _____, he accessed "My Network
Places/Entire Network/Judak." In so doing, he was able to observe all of the
users' home directories. He then clicked on different folders to see which
ones he could access; he was able to access some folders, but not others.
The folders that he could access, he stated, belonged to both Republican and
Democratic staff.
....
The fact that not all security events were audited significantly inhibited
this investigation because permission changes could not be analyzed on any
computer. When a user account is created, the System Administrator assigns
that user access to certain privileges and resources on the network. If the
system is not properly configured, users may be able to change their level
of access and privileges. Because the System Administrators were not
auditing permission changes, the forensic review was unable to produce a
history of who had access to the files containing the Democratic documents
at issue. This trend of not fully logging security events began before the
the Committee's server upgrade in April of 2003. When the Committee migrated
from Windows NT to Windows 2000 in April 2003, the same log settings were
preserved and, as a result, the logging continued to be inadequate for a
comprehensive security audit.
....
Our investigation revealed that some user home directories were set to
"open" permissions and other home directories were set to "strict"
permission. This appears to be a result of the Judiciary Committee Network
having two System Administrators during the time frame in question. One
System Administrator had very strict account policies in place and the other
did not.
....
In conversations I've had with Mr. _____ since we spoke, it has come to
light that I was not instructed to set such user permissions on each folder
under the old system. This was an oversight in teaching me how to set up the
accounts. My assumption was that these permissions were restricted by some
other means, and as I was taking over an already functioning system, I did
not think to double check this area of security."