Saturday, October 27, 2007

How Stupid Are Congressional Staffers? - Updated

Update: Apparently, the Capitolist's system is vulnerable to hackers, as evidenced by this series of posts (earliest post, a test, at bottom):
Q. Who can post on The Capitolist?
A. Anyone can post, as long as they have a Capitol Hill IP address.
Congressional staffers who aren't always at a Capitol Hill IP address
can gain access by obtaining a temporary access ticket (these can only be obtained when logged in from a Capitol Hill IP address).
yah right... give this thing a makeover and make it exclusive to capitol hill peeps. im not logged on a capitol hill ip address...

10/27/2007 - 1:25 am
im posting on the capitolist. this thing is a joke. for all we know, this is just a bunch of hooligans pretending to be staffers. trust me guys, im not a staffer and i can post on this site.

10/27/2007 - 1:22 am
but i couldn't do this at the school's computer though. weird huh? HEY DREAM BUDDIES! ONE OF YOURS IS POSTING ON THE CAPITOLIST!

10/27/2007 - 1:17 am
i thought that you need an capitolist ip number... im not even a staffer and i can post!

10/27/2007 - 1:17 am


10/27/2007 - 1:16 am
Update ends

Some are really, really stupid.

The Capitolist describes itself as " anonymous, uncensored message board for Hill staffers." Comments are only allowed from computers with Capitol Hill IP addresses, i.e., congressional offices. That means the staffers can't protect their identities by using an IP randomizer like Anonymouse.

Most of the comments are rather vicious complaints about constituents and DC tourists, but others are about policy issues, and how stupid the citizens contacting the offices are.

As any blogger can tell you, there's rarely such a thing as really "anonymous" on the intertubes. IP addresses are recorded by blog traffic and comment software, which allows the blogger to find information about the visitor or commenter using free "whois" tools websites. The same "whois" tools can be used to get information about websites: who registered, and thus, owns, the site their business address, etc.

Unless, of course, the web site uses an anonymous proxy company like to register the site. Then, no one can find out who owns the site without a court order.

One of the commenters at The Capitolist even acknowledges the danger:
Anyone ever make the mistake of doing something on their office computer and got caught? I did...sort of. A long time ago I stubbled upon a blog that had an entry that was critical and also false regarding my MoC. So...I couldn't resist. I responded in the comments (anoymously I thought) and debunked the whold thing. Next thing I know there is a response to my comment, but it's from the person who runs and posted the blog entry. He noticed the origin of my IP address and the name of another staff member who name was for some reason associated with it. He mentioned that he wasn't going to say anything and he didn't really care...he just didn't want me chasing away his regulars. I have to admit though...I felt a knot in the pit of my stomach when he posted that IP info in his response. Shit...

10/26/2007 - 1:14 pm
And, since The Capitolist uses, no one knows who runs the site, and has access to the IP records of all these comments. IP addresses that can identify the staffers' offices and who they work for.

Staffers: what if Karl Rove registered this site? What if George Soros is poring over your records? Gee, would that maybe expose you to blackmail or something?

Thanks to commenter allahkachew at The Jawa Report.