backtop

Print E-mail del.icio.us 41 comment(s) - last by Emryse.. on Jun 25 at 5:53 PM
The Department of Homeland Security continues to have major security issues

A group of hackers successfully penetrated Department of Homeland Security computer systems over a series of hundreds of attacks, according to a congressional panel.  Congress admitted the branch suffered at least 844 hacker break-ins, virus and trojan outbreaks and other security issues over a period of two years -- many of which resulted in rootkits, backdoors and key loggers.

"It was a shock and a disappointment to learn that the Department of Homeland Security -- the agency charged with being the lead in our national cybersecurity -- has suffered so many significant security problems on its networks," said Representative James Langevin during the hearing.

Homeland Security CIO Scott Charbo sat on the hot seat while trying to defend his job during last week's panel.  Chairman of the House Homeland Security Committee, Rep. Bennie Thompson, D-Miss., claimed the reoccurring computer issues are a serious problem which must be fixed as soon as possible.     

Charbo told Congress the department planned to spend as much as $332 million on computer security throughout 2007.

Computers used by the U.S. Coast Guard, Federal Emergency Management Agency (FEMA) and Transportation Security Administration (TSA) also were identified as infected.  In perhaps the most egregious offense, the TSA lost a hard drive containing sensitive information of its employee database.

Scarbo promises the department is working to limit future computer security problems.  Scarbo's largest plan, dubbed OneNet, consolidates all of the wide-area and virtual-private networks currently in use.  The consolidation will eliminate the spaghetti infrastructure currently used for some of America's most sensitive civil data.

Other major amalgamations will follow OneNet, including database and email centralizations. Scarbo claims that in 2007 alone, the department corrected 7,000 security weaknesses in its infrastructure.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
What exactly does Homeland security do?
By ZimZum on 6/22/2007 10:13:46 AM , Rating: 1
What do they do that the NSA, FBI and CIA don't do? Aside from those oh so useful color coded, mood ring "Terror Alerts". It just seems like its sole existence is to give the illusion to the populace that something is actually being done to "protect" them from the boogeymen.




RE: What exactly does Homeland security do?
By FITCamaro on 6/22/2007 10:18:53 AM , Rating: 1
They're more focused on border security, port security, and airport security than the other government branches.


RE: What exactly does Homeland security do?
By Christopher1 on 6/22/2007 3:13:13 PM , Rating: 2
Which isn't much more focused on them than those other government branches. Really.... we didn't need the Homeland Security department. What we needed was for the government to get on the FBI, CIA, and other organizations asses for not sharing info, especially once it came out that 9/11 could have been prevented had they done that.


By AntDX316 on 6/25/2007 12:26:10 AM , Rating: 1
most of the stuff happening is due to the fact of people my age learning new programming tactics and most likely hacking tactics that make the people who work in the FBI CIA obselete they need to continueally rehigher or rebrain people that would for see every situtation that could happen before it happens


RE: What exactly does Homeland security do?
By AntiM on 6/22/2007 10:33:14 AM , Rating: 5
I knew that creating such an organization was a mistake when idiot Bush first proposed it. Rather than fixing the Offices already responsible for national security, he creates a new bureaucratic money funnel that doesn't do anything but make things worse.


By James Holden on 6/22/2007 10:40:55 AM , Rating: 4
bureaucracy has a solution: we just create a department of homeland security security.


RE: What exactly does Homeland security do?
By TheDoc9 on 6/22/2007 10:49:44 AM , Rating: 1
I think you guys might be blowing this out of proportion. These 'attacks' included things like trojans and key loggers, all of which are easy to get on the web. If just one employee out of 50 doesn't know the net very well and does something stupid then they can get infected no matter what security measures are in place. Also I don't know what they do but if it's there job to check out questionable sites then they may be exposed to this stuff constantly. I know there's a counter argument for everything I just mentioned but you have to admit; The story doesn't go on to say how successful that these attacks were. Basically there's no real information to make an informed decision and form a proper opinion about any of this, it's media sensationalism.

Shame on DT.


By othercents on 6/22/2007 10:59:31 AM , Rating: 5
Anytime your doing tests on questionable sites you should be doing it on a computer or computers that are connected to a secure network without access to your primary servers. There is no excuse for trojans and key loggers to be on the primary network.

Other


By KristopherKubicki (blog) on 6/22/2007 11:02:26 AM , Rating: 5
quote:
If just one employee out of 50 doesn't know the net very well and does something stupid then they can get infected no matter what security measures are in place.

The DHS spends 320 mil per anum to combat things like that.

quote:
The story doesn't go on to say how successful that these attacks were.

On the contrary, it says exactly how successful these guys were: 844 times. If you think any department is going to tell you the extent of damage done by said attacks, you're grossly wrong. The only reason they even stated how many times the hackers were successful is because it was a government inquiry.

I'm not really sure what you were expecting, but this is one of the few cases where all the information is very cleanly laid out.


By Samus on 6/22/2007 2:56:38 PM , Rating: 3
pwned.


RE: What exactly does Homeland security do?
By NaughtyGeek on 6/22/2007 11:33:10 AM , Rating: 2
quote:
The Defense Department took as many as 1,500 computers off line because of a cyber-attack, Pentagon officials said Thursday.


http://www.navytimes.com/news/2007/06/ap_pentagonc...

I suppose this is media sensationalism as well?


By tacorly on 6/22/2007 1:46:04 PM , Rating: 2
It sounds like they just freaked out and shutdown when a message popped up to some admin saying there was an intrusion. Look at what Gates said, "I don't do email." If you don't do email, Gates, why are you responding on this tech related incident? Why are all the people in Washington making tech and internet related decisions old men who didn't grow up in this era and never got taught to use anything but MSWord?


By Tiberiusdecimus on 6/22/2007 11:06:09 AM , Rating: 2
Well, Bush was against the creation of Homeland Security as a department. Nancy Pelosi, I believe was one of the ones pushing for it.

Never let it be said that a problem didn't arise where Bush doesn't get blamed by some ignoramus or that a politician can't find a way to create even larger, ineffective government agencies to consume tax dollars.


RE: What exactly does Homeland security do?
By Moishe on 6/22/2007 11:56:04 AM , Rating: 2
wow, you're a real genius...
Do you even remember why the DHS was created? It was created because the government offices were not using the same systems and were acting like rivals. The general idea is that they are all on the same team and there should be very few walls between departments that would prevent critical information from flowing. And by the way, if you honestly think that Bush is to blame for your representative's vote then you're fairly out of touch. It's nice to pull out one person to blame out of thousands, but it's a bit absurd.

The concept and idea of the DHS is sound, the implementation is flawed certainly. It takes time to turn a large boat. By the way, this is the perfect example of why liberatarians generally believe that bigger government is worse. Bigger government is more wasteful, less agile, less secure, and more prone to abuse the citizens.

ON TOPIC: It looks to me like this Charbo guy has the right idea. The idea that there are 844 holes in at least 844 networks is not really that surprising to me. What is stupid is that there are actually more than 1-2 main government networks. Security is easier if you have a clearly defined set of walls and rules are enforced. It must be a nightmare for Charbo to take blame for the failure of some lazy office sysadmin in some little office somewhere.


RE: What exactly does Homeland security do?
By AntiM on 6/22/2007 12:38:51 PM , Rating: 2
"Do you even remember why the DHS was created? It was created because the government offices were not using the same systems and were acting like rivals."

You think we need an entire Cabinet-level Department to fix this? NO. Just proper leadership.

If you think Bush isn't squarely to blame for the creation of this Cabinet and it's subsequent ineffectiveness, then you're the one out of touch.


By Treckin on 6/23/2007 2:31:20 AM , Rating: 2
it was actually created at the cabinet level so that the president has direct authority over its leadership. The president could not simply remove civil servants the way he could a cabinet member... there are very specific rules regarding the removal of civil servants.... these were expanded upon in the Hatch act, created partly in the defense of servants from political pressure...


By NaughtyGeek on 6/22/2007 11:25:26 AM , Rating: 3
quote:
its sole existence is to give the illusion to the populace that something is actually being done to "protect" them from the boogeymen.


Ding, ding, ding, ding, ding, we have a winner! Most all "security" measures put in place since 9/11 serve that purpose alone. The infrastructure and precedents are being set in motion to turn those resources inward on the American people. Now, go back to sleep sheeple, nothing to see here.


By wrekd on 6/22/2007 2:45:09 PM , Rating: 2
Question: What does Homeland Security do?

Answer: The Department of Homeland Security allowed the Federal Government to create a new pool of budgetary funds out of thin air.


Are they the only federal agency getting hacked?
By Polynikes on 6/22/2007 1:21:43 PM , Rating: 2
I swear, I don't think I've EVER heard about the FBI, CIA or NSA getting hacked. (Though I'm sure I'll see a few links after I post this.) Perhaps Homeland Security should ask the other branches for help. :P




By Deekity on 6/22/2007 1:26:21 PM , Rating: 2
those homeland guys should quit DL'ing porn.


By Christopher1 on 6/22/2007 3:16:15 PM , Rating: 2
That's funny, because that is 99% of the ways that people get their machines infected, by downloading pornography of all kinds.


By darkpaw on 6/22/2007 2:45:42 PM , Rating: 2
I probably wouldn't be asking the FBI for security tips

http://www.gao.gov/new.items/d07368.pdf


By Haltech on 6/22/2007 5:16:11 PM , Rating: 2
haha first sentence "Certain information security controls...were ineffective in protecting the confidentiality, integrity, and availability of information and information resources"


Nice Icon
By Tiamat on 6/22/2007 10:03:20 AM , Rating: 2
I am only posting because I LOL'd at the use of The Hacker's icon.




RE: Nice Icon
By sixth on 6/22/2007 10:06:46 AM , Rating: 2
haha i just noticed that. classic.

and on another note...

They uninstalled Norton and moved to Mcaffee solutions..along with a new D link router/firewall.


RE: Nice Icon
By FITCamaro on 6/22/2007 10:17:17 AM , Rating: 1
ITS GOT A 33MHz PROCESSOR AND 8MB OF MEMORY!

God I loved that movie.


RE: Nice Icon
By spindoc on 6/22/2007 1:37:35 PM , Rating: 2
I think you are talking about Acid Burn's new laptop which had a P6 chip and a 28.8BPS modem. :) And apparently used RISC architecture.

Zerocool: "RISC(risk) is good."


RE: Nice Icon
By Marlowe on 6/23/2007 1:14:03 PM , Rating: 2
I wonder if OneNet will eventually take the path of SkyNet and become self-aware.


More wasted money IMO ...
By Boney on 6/22/2007 10:02:01 AM , Rating: 4
"Charbo told Congress the department planned to spend as much as $332 million on computer security throughout 2007."

Spending $322 million on more NortnSecuritySuite installs or whatever other lame software our "oh so perfect government" is going to waste our tax money on is really going to do some good.

Not.




RE: More wasted money IMO ...
By amehbah on 6/22/2007 10:54:50 AM , Rating: 2
Probably some lobby group funded by the software industry convinced the brain trust that two licenses of Norton per desktop would double security...


RE: More wasted money IMO ...
By Boney on 6/22/2007 1:13:46 PM , Rating: 2
Thanks for the laugh I just let out at work .... because I was actually asked that a few weeks ago by an employee.

*sigh* the fun of an IT department.


Security threats
By microchip on 6/22/2007 3:17:24 PM , Rating: 3
I think they should put some restrictions to web access. There are many webpages out there infected with malicious code, trojans, worms and keyloggers. The only way to secure that is to allow users access only to webpages for their work and nothing more, all the rest urls blocked.
Some hack tools can give access to hackers over the internet. So maybe the email should be monitored. They have to block html on emails. And the user never opens suspicious attachments.




RE: Security threats
By Durrr on 6/22/2007 5:55:51 PM , Rating: 1
I know on our DoD lans and VPNs, everything is monitored and very few things are allowed, not to mention there are huge amounts security in place, and these are for the unclassified computers. The ones with important information are kept off networks.


Great... more consolidation
By Shadowself on 6/22/2007 2:26:30 PM , Rating: 2
"Scarbo promises the department is working to limit future computer security problems. Scarbo's largest plan, dubbed OneNet, consolidates all of the wide-area and virtual-private networks currently in use. The consolidation will eliminate the spaghetti infrastructure currently used for some of America's most sensitive civil data."

DHS dictated that all it's sub agencies would move to MS Windows based systems from a diverse set. THEN it's security went to hell.

Now to fix this it is dictating further consolidation.

Sounds to me like, "Take a this poison and you'll feel better. Oh, you feel worse? Here, take more of the poison. Trust me, you'll feel better!"




RE: Great... more consolidation
By peternelson on 6/25/2007 12:40:59 AM , Rating: 1
Sounds like a great plan:

ONENET to connect them all.

Response: One hack to own them all.

Much simpler than attacking different networks using different techniques; once you're in, you're in.

And what a great botnet those systems would make. If targetted at say Syria or North Korea, I think those countries would be very upset about the US cyber-attacking them.

Of course I wouldn't like to be the hacker guys when the feds come knocking on their door; they will likely ship you to Guantanamo. And while such resources are expended catching the hackers, the real terrorists roam free.

Seriously given the way the USA is hated in some parts of the world, and DHS represents its borders, it's hardly surprising that Al-Quaida and wannabe cyber terrorists will throw every script kiddie's arsenal at DHS systems.

They should anticipate this and be prepared. However there is no way it should cost a third of a billion dollars to do so.

If it wasn't for government waste, we could have a moonbase by now.


Not acceptable.
By ethana2 on 6/23/2007 1:44:09 PM , Rating: 2
They're wasting our tax money on Windows?!?

"Oh, hey, look- the security on this os is crap. That's wierd."

It's to be expected. They're incompetent.




RE: Not acceptable.
By leexgx on 6/23/2007 6:11:43 PM , Rating: 1
no companys (as thay are)like CIA FBI and so on sould not use be useing windows computer for trusting the securty of data and very inportant data

i not saying thay should be useing linux but its alot harder to brake into or at most thay mite crash the OS or just have watch dogs to make sure the OS not running programs that should not run for Windows or linux based OS


By S3anister on 6/25/2007 12:40:06 AM , Rating: 2
and that's the only penetration they'll ever get.




By Emryse on 6/25/2007 5:53:24 PM , Rating: 2
If only the general populace actually knew the extent of divergent processes so incompatibly enacted to acquire the technology that the US government uses!

There are so many posts that so wonderfully enhance the flavor of what I think indicated the general sentiments of this forum; unfortunately for the government it doesn’t seem like we have any public officials represented here within our midst. We’ve clearly indicated our current technological status as existing somewhere between the last time the Police played live together as a band on stage (prior to this year) and where most corporate entities were at the end of the Cold War.

With regards to the current issues at hand:

1.) I can’t imagine less than 90% of all current US government activity being anything more than psychological deterrent with no “teeth” to back it up (a generous estimate).
2.) At least 85% of that psychological deterrent is actually just the administrative support to facilitate the remaining 15% of actual “deterrence” yielded.
3.) Remaining 10% US government activity = CNN Iraq news reports

As for my “MasterCard commercial” on how the $332 M budget for FY07 will be spent:

1.) “Administrative overhead” = $200 M
2.) “Appropriate subject matter expertise consultation and analysis” = $100 M
3.) “Personnel travel, lodging, conference reservations, food, misc.” = $30 M
4.) “Using budget remainder to address actual security concerns” = priceless
5.) “Senate inquiry as to use of $2 M budget remainder” = mysteriously disappeared
6.) “For everything else, there’s FY08 Federal spending budget”




Who is protecting who !
By crystal clear on 6/23/2007 4:38:00 AM , Rating: 1
quote:
Department of Homeland Security -- the agency charged with being the lead in our national cybersecurity --

quote:
Homeland Security CIO Scott Charbo sat on the hot seat while trying to defend his job during last week's panel. Chairman of the House Homeland Security Committee,


If they are so preoccupied protecting themselves, then how do you expect them to protect you & the United States.

Just everybody from the Chairman to the CIO & the Dept itself,are all very occupied protecting themselves.

Then do they have the resources left to protect YOU !
(By resources I mean the Time,Technologies,& Imputs.)

Do they have the capabilites to protect you when they cannot basically protect themselves

quote:
Charbo told Congress the department planned to spend as much as $332 million on computer security throughout 2007


Is that so simple ! spending more money will it solve the problems it is facing?.

Answer- NO

Get some help from a friend-Israel-maybe they could teach them a few "How Tos"-"Dos & Donts"-"Workarounds"-"Tips & Suggestions"-Hot Fixes & Patches-Security Updates etc.

They(Israel) could do to you what they did to Intel !

What are friends for !

Warning-Dont turn this comment into a Pro or ANTI Israel issue ! NO Politics please !
{Hey is the D.T. site undergoing maintaince ! I cannot post this comment or the Homeland Security is blocking me(joke)-
Hello anybody there?}




"Nowadays you can buy a CPU cheaper than the CPU fan." -- Unnamed AMD executive

DailyTech Poll
Which web browser do you use on your primary personal machine? 






44 Comments









botimage
Copyright 2009 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki