As we know, Conn. Democratic Senate candidate Ned Lamont has flatly and repeatedly denied allegations by Sen. Joe Lieberman’s (I-CT) camp that he or his campaign were in any way responsible for what Lieberman is calling a hacker attack on his Web site and email.
Yesterday, two experienced D.C. consultants spoke with me about questions some have raised about the professionalism of Lieberman’s technology consultants. The campaign hosted its site on a “shared” server with over 70 other sites, when it should have had its own machine, skeptical observers have charged; the level of traffic the site could receive was capped, so heavy traffic would allegedly shut it down; some said the software used by the consultants was nonstandard and indicitave of less-than-expert personnel; others faulted the campaign’s dependence on companies which were not large, established organizations.
Was Lieberman really hacked? There’s evidence that something happened to Lieberman’s internet services, but days later, it’s not clear what occurred or why. (Lieberman’s spokesman acknowledged to TPMCafe.com on Tuesday that, despite comments made by Lieberman’s campaign manager Sean Smith (who was fired yesterday), they had no evidence Lamont or his campaign was behind the troubles.)
Lieberman’s technicians stand by their original diagnosis: the campaign’s site, joe2006.com, and its email were interrupted because of malicious tampering by an outsider.
I spoke with senior executives from two of the top internet consulting firms in Washington, D.C. to get their opinions on Joe’s setup.
Todd Zeigler is senior vice president of the Bivings Group. His company has produced Web sites for such prominent GOP outfits as the Republican National Committee and the National Republican Senatorial Committee. (Both men said their firms have no involvement in the Connecticut U.S. Senate race.)
From the other side of the aisle, Justin Pinder is chief technology officer for EchoDitto, a Democratic firm which has handled high-profile internet campaigns for the likes of Sen. Barack Obama (D-IL), Michigan Gov. Jennifer Granholm (D), and Montana Democratic Senate candidate Jon Tester — though their most high-traffic site, by far, is Rosie O’Donnell’s blog.
Would you host a site for a campaign of this magnitude on a shared server?
Ziegler: For a site of this profile, we would always recommend a dedicated server. Having a secure server makes it much easier to protect yourself from these sorts of attacks, and respond effectively [if] an attack takes place.
Pinder: As EchoDitto’s best practice, we’d never host a campaign [site] — one so high-volume, especially a week before the primary — on a shared host like that. It doesn’t seem like a particularly grand idea.
Would you have an account that caps your usage at a certain level?
Zeigler: I don’t think this is an issue, assuming bandwidth is scaleable — you can pay more if you hit your monthly allotment. This is a common practice among most host providers.
Pinder: That’s a red flag. When you exceed a [cap] there’s often an automated setup, they just shut you off. . . For the attention this race has been getting, you run a pretty significant risk of hitting that.
(Ed. note: The hosting company has said it monitored the site’s traffic and would have allotted more bandwidth if it felt it was needed.)
The developers used the “Joomla” software package to manage the content and functions of the site. Some feel this is indicative that Lieberman’s consultant were not technical wizards. What do you think?
Zeigler: There is nothing inherently wrong with using Joomla as the content management system. If the developers and system administrators are diligent, we believe Joomla can be used securely. However, they could have opened themselves up to problems if they fell behind installing Joomla security patches. In addition, certain Joomla plugins are known to have security problems.
Pinder: We generally work with the best-of-the-breed software, and [Joomla] is not one that we use. That doesn’t preclude it from being a stable or professional platform.
What about “cpanel,” the software reportedly used by Lieberman’s hosting company to manage its servers?
Zeigler: Like Joomla, we believe cpanel can be used securely. It is just a question of staying current with security updates and being diligent.
Pinder: Cpanel is designed for self-management. . . it’s no replacement for a system administrator with [direct] access to the account. It’s pretty common software. I’m not particularly fond of it from a technical point of view. . . but I think it speaks to the hosting company and its approach, perhaps.
The Web hosting company has only two full-time employees — the company’s owners — and fewer than 10 servers, hosted at a remote location. Does your firm use Web hosts of this size?
Zeigler: If you are looking for a host provider for this kind of project, you would want [constant] monitoring and support in case there is a problem; a [contract] guaranteeing performance and security; an extremely secure physical environment; the ability to quickly scale up the level of service if needed; and system administration experience in defending hacking attacks. It is possible that a two-person shop could provide all that. [But] I would need to know more details about the company to give a better answer.
Pinder: Any time you’re not working with a company that has a fully-staffed support department that can answer requests on a timely basis, you’re going to run into a potential pitfall. A lot of these shared setups, they’re very automated, they have skeleton crews that operate behind them.
(Ed. note: The hosting company has said it relied on the personnel at ServerMatrix, its remote-site hosting company, to provide constant physical security and technical support.)
