House Staffer Arrested for Doxing Senators

Cybersecurity capitol building

On September 27 during a hearing of the Senate Judiciary Committee for the nomination of Judge Brett Kavanaugh as Supreme Court Justice, three members of the committee saw their personal information added to their public-facing Wikipedia accounts. The information shared included the home addresses of the Senators Mike Lee of Utah, Orrin Hatch also of Utah, and Lindsey Graham of South Carolina. The following Monday similar information was shared on the Senate Majority Leader Mitch McConnell of Kentucky.

Capitol Police Arrest Ex-Senate Staffer Jackson Cosko

On October 3 Capitol Police announced they had arrested, Jackson Cosko, a 27-year old self-declared, ‘Democratic Political Professional.’ A review of congressional administrative files show he had worked for New Hampshire Senator Maggie Hassan from 2017-May 2018. Since May 2018 he had been working on the staff of Representative Sheila Jackson Lee (D-TX18), as evidenced by his electronic signature and email associated with a document which the Representative released on September 7, 2018.

Cosko was an insider who leveraged his privileged access to ostensibly punish members of the Senate. From an insider threat perspective, it would be egregious if he was able to retain his Senate staff credentials and access once his work with Senator Hassan was terminated in May 2018.

Yet, according to the Capitol Police announcement, it would appear that he made some sort of unauthorized access to the Senate system, as he is being charged with 18 USC § 119 Making Public Restricted Personal Information; 18 USC § 1512(b)(3) (Witness Tampering); 18 USC § 875(d) (Threats in Interstate Communications); 18 USC §1030(a)(3) (Unauthorized Access of a Government Computer); 18 USC § 1028(a)(7) (Identity Theft); DC Code § 22-801(b) (Second Degree Burglary), and DC Code §22-3302 (b) (Unlawful Entry).

According to Slate, Congresswoman Jackson Lee’s office is being fully cooperative with the Capitol Police and noted that he was “an unpaid intern” who “no longer works there.” No date was provided to indicate when Cosko’s work concluded for the representative; it could have been September 8, or when she learned that Cosko was to be arrested.

Cosko’s access to Senate databases should have set off alarm bells

Should it be found that Cosko’s access to Senate databases continued beyond his termination in May, then the off-boarding process needs a revamp within the Senate. An overhaul of this system must include terminating access to the Senate network upon termination of employment.

Furthermore, the internal identity management system and data loss prevention capabilities of the Senate should have set off an alert when Cosko accessed those portions of the system to which he had no need for continued access- like home addresses and telephone numbers of elected officials.

In sum, insiders need privileged access when they conduct their responsibilities. When that “need to know” has dissipated, then their privileged access should be terminated. Clearly transition from one house (Senate) to the other (House of Representatives) is less complicated than bringing in an individual from outside of the Congressional footprint. But, that is no exception for lack of attention to detail, which would include network access, for all departing insiders.

Christopher Burgess (@burgessct) is an author and speaker on the topic of security strategy. Christopher, served 30+ years within the Central Intelligence Agency. He lived and worked in South Asia, Southeast Asia, the Middle East, Central Europe, and Latin America. Upon his retirement, the CIA awarded him the Career Distinguished Intelligence Medal, the highest level of career recognition. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century” (Syngress, March 2008).

More in Cybersecurity