Print 47 comment(s) - last by androticus.. on Sep 27 at 10:22 PM

Unisys receives some harsh criticism for Homeland Security intrusions

Investigators stated on Monday that someone from China or with connections to the nation was responsible for a large amount of successful attacks on the U.S. Department of Homeland Security (DHS).

Hackers compromised dozens of DHS computers, moving sensitive information to Chinese-language websites.  Congressional investigators made the announcement Monday and called for a full-fledged Congressional investigation. The FBI is concurrently conducting an investigation of the incidents.

Congress puts much of the blame on incompetence at security firm Unisys, who the DHS contracted for security purposes.  They feel Unisys's negligence may even be criminal.

"The results of our [committee] investigation suggest that the department is the victim not only of cyber attacks initiated by foreign entities, but of incompetent and possibly illegal activity by the contractor charged with maintaining security on its networks," said Democratic Reps. Bennie Thompson of Mississippi and James Langevin of Rhode Island.

The attacks had gone unnoticed for months according to the Congressional committee. How much information was stolen and how critical the stolen documents were has not been ascertained, but the committee stated that the attacks "took significant amounts of information."

"We know where it [the information] was taken from, but we don't know what was taken. We only know how many megabytes was taken.  Everything was on the LAN A, which was an unclassified network. To the best of our knowledge there was no classified information [taken]," said one DHS staffer.

The information was moved to a "web hosting service that connects to Chinese Web sites."
Thompson and Langevin have written a letter demanding a full investigation and have stated that "contractors provided inaccurate and misleading information to Department of Homeland Security officials about the source of these attacks and attempted to hide security gaps in their capabilities."

Thompson and Langevin's statements do not name the contractor involved, but the Associated Press has learned that Unisys has a $1 billion contract to safeguard DHS computers.

Unisys publicly disputed the allegations, which first broke Monday in a Washington Post article.

The Congressional committee stated that Unisys had been tasked to install intrusion detection systems, which were not fully active at the time of the attack.  If the systems had been in place, the attack would likely have been detected and dealt with.

Unisys did not directly respond to Congressional accusations, but instead chose to respond to reports about the reports on the incident.

"Unisys vigorously disputes the allegations made in today's article,” said the company in a statement.  “Facts and documentation contradict the claims described in the article, but federal security regulations preclude public comment on specific incidents."

"We can state generally that the allegation that Unisys did not properly install essential security systems is incorrect. In addition, we routinely follow prescribed security protocols and have properly reported incidents to the customer in accordance with those protocols."

DHS officials would not comment on these developments or Unisys's possible criminal negligence.

They did make a statement that may indicate that they will be dumping Unisys soon.  DHS stated that they will be "re-competing" the Unisys contract and other contracts "to integrate it into a single contract that maximizes the tax payer's dollar."

Although Unisys can still compete for the contract, previous performance will be weighed, said DHS spokesman Russ Knocke.

DailyTech reported in June on early results of this investigation, which cited reports of over 800 break-ins and over 7000 detected security flaws in the DHS's systems.

The possible Chinese connection also follows closely on the heels of the DailyTech story that broke earlier this month which reported on the Pentagon's claims that China's PLA hacked into Pentagon computers.  Reports indicated that the attack was the largest and most disruptive attack on the Pentagon in their history.

As the U.S. government departments face numerous threats at home and abroad, from malicious hackers to incompetent security firms, they must constantly rethink and rebuild their defenses.  It is not easy being one of the world's largest cyber targets.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Not bad actually
By Locutus465 on 9/26/2007 10:58:39 AM , Rating: 2
As we see, all it takes is once success though... Though frankly, despite the otherwise good track record, I think the main issue is the possibility that Unisys possibly lied to cover up their mistakes when this break in occured... Honesty is always the best policy, partiularly when it comes to investigating how a breakin like this happend. Sure it was all unclassified materials this time, but what could be taken next time around had the cover up been successful and no steps were taken to prevent this kind of thing from happening again in the future?

RE: Not bad actually
By Master Kenobi on 9/26/2007 11:32:54 AM , Rating: 2
Classified networks have no regular external connections and are extremely difficult to break into. Unclassified data is useful but not particularly important. I have 2 machines, one classified and one unclassified, they are on two completely separated networks. Basic internet is unavailable on the classified systems, and there are no Floppy/CD/USB drives/ports available to plug anything in either.

RE: Not bad actually
By Ringold on 9/26/2007 4:38:45 PM , Rating: 2
Classified networks have no regular external connections and are extremely difficult to break into. Unclassified data is useful but not particularly important. I have 2 machines, one classified and one unclassified, they are on two completely separated networks. Basic internet is unavailable on the classified systems

That's reassuring, and makes me think claims of Chinese capabilities to completely disable our critical communications networks isn't quite so serious. They can knock down Google, America can survive for perhaps 6 hours without Google (8 at the maximum), but at least it sounds like a first-strike that cripples the government is unlikely.

Satellites not included, of course. It's always mentioned how vulnerable they are, but I'd hope/assume we arent 100% reliant on them either.

RE: Not bad actually
By joker380 on 9/26/07, Rating: 0
RE: Not bad actually
By Master Kenobi on 9/26/2007 1:32:41 PM , Rating: 2
They will never agree of their mistake and also probably Bush knows this Unisys people that's why they must have gottent the contract in the first place.

Everytime there is a government or related to government screwup its all Bush's fault >.> Get over it guys. You are seriously overstating the power of the president. In the case of contracts its exclusively a Congressional matter usually with MITRE tacked in as well.

RE: Not bad actually
By vortmax on 9/26/2007 1:50:01 PM , Rating: 2
Totally agree here. The president doesn't have nearly as much power as people think, but the blame game is just too easy to play...

RE: Not bad actually
By Felofasofa on 9/26/2007 7:46:13 PM , Rating: 1
The president doesn't have nearly as much power as people think

Yeah Dick Cheneys got it all. They did have enough power to lead America into the absolute disaster that is Iraq. History will not be kind to these bastards and their ilk.

RE: Not bad actually
By 1078feba on 9/27/2007 11:03:20 AM , Rating: 2
Google this term:


You ought to fit right in, after all, tin foil hats are a full-on requirement...

RE: Not bad actually
By Felofasofa on 9/27/2007 5:58:53 PM , Rating: 2
Yeah right, the Iraqi adventure,will be seen as enlightened policy from an intellectually incapable President and his mendacious deputy.The Bush/Cheney presidency's moral capital is akin to that of a sub-prime mortagage. Neologistic? I doubt it.

"Vista runs on Atom ... It's just no one uses it". -- Intel CEO Paul Otellini
Related Articles

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki