on Monday that someone from China or with connections to the nation was
responsible for a large amount of successful attacks on the U.S. Department of
Homeland Security (DHS).
Hackers compromised dozens of DHS computers, moving sensitive information to
Chinese-language websites. Congressional investigators made the
announcement Monday and called for a full-fledged Congressional investigation. The
FBI is concurrently conducting an investigation of the incidents.
Congress puts much of the blame on incompetence at security firm Unisys, who
the DHS contracted for security purposes. They feel Unisys's negligence
may even be criminal.
"The results of our [committee] investigation suggest that the department
is the victim not only of cyber attacks initiated by foreign entities, but of
incompetent and possibly illegal activity by the contractor charged with
maintaining security on its networks," said Democratic Reps. Bennie
Thompson of Mississippi and James Langevin of Rhode Island.
The attacks had gone unnoticed for months according to the Congressional
committee. How much information was stolen and how critical the stolen
documents were has not been ascertained, but the committee stated that the
attacks "took significant amounts of information."
"We know where it [the information] was taken from, but we don't know what
was taken. We only know how many megabytes was taken. Everything was on
the LAN A, which was an unclassified network. To the best of our knowledge
there was no classified information [taken]," said one DHS staffer.
The information was moved to a "web hosting service that connects to
Chinese Web sites."
Thompson and Langevin have written a letter demanding a full investigation and
have stated that "contractors provided inaccurate and misleading
information to Department of Homeland Security officials about the source of
these attacks and attempted to hide security gaps in their capabilities."
Thompson and Langevin's statements do not name the contractor involved, but the
Associated Press has learned that Unisys has a $1 billion contract to
safeguard DHS computers.
Unisys publicly disputed the allegations, which first broke Monday in a Washington Post article.
The Congressional committee stated that Unisys had been tasked to install
intrusion detection systems, which were not fully active at the time of the
attack. If the systems had been in place, the attack would likely have
been detected and dealt with.
Unisys did not directly respond to Congressional accusations, but instead chose
to respond to reports about the reports on the incident.
"Unisys vigorously disputes the allegations made in today's article,” said
the company in a statement. “Facts and documentation contradict the
claims described in the article, but federal security regulations preclude
public comment on specific incidents."
"We can state generally that the allegation that Unisys did not properly
install essential security systems is incorrect. In addition, we routinely
follow prescribed security protocols and have properly reported incidents to
the customer in accordance with those protocols."
DHS officials would not comment on these developments or Unisys's possible
They did make a statement that may indicate that they will be dumping Unisys
soon. DHS stated that they will be "re-competing" the Unisys
contract and other contracts "to integrate it into a single contract that
maximizes the tax payer's dollar."
Although Unisys can still compete for the contract, previous performance will
be weighed, said DHS spokesman Russ Knocke.DailyTech reported
in June on early results of this investigation, which cited reports of over 800
break-ins and over 7000 detected security flaws in the DHS's systems.
The possible Chinese connection also follows closely on the heels of the DailyTech
story that broke
earlier this month which reported on the Pentagon's claims that China's PLA
hacked into Pentagon computers. Reports indicated that the attack was the
largest and most disruptive attack on the Pentagon in their history.
As the U.S. government departments face numerous threats at home and abroad,
from malicious hackers to incompetent security firms, they must constantly
rethink and rebuild their defenses. It is not easy being one of the
world's largest cyber targets.
quote: Classified networks have no regular external connections and are extremely difficult to break into. Unclassified data is useful but not particularly important. I have 2 machines, one classified and one unclassified, they are on two completely separated networks. Basic internet is unavailable on the classified systems