Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Unisys Denies Stonewalling DHS Officials



 By: Roy Mark
2007-09-24
Article Rating:starstarstarstarstar / 1


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
DHS and TSA systems run by Unisys were hit by 844 cyber-security incidents between 2005 and 2006, says a congressional probe.

Lawmakers are accusing government contractor Unisys of incompetence and possible illegal activity related to its handling of Department of Homeland Security network security and hacks originating in China.

Unisys, based in Blue Bell, Pa., won a $1.7 billion contract with the DHS in 2002 to build, manage and protect the networks at the Transportation Security Administration and DHS headquarters. Since then, according to a report by the House Committee on Homeland Security, the systems have been hit by 844 cyber-security incidents in the 2005 to 2006 time period.

"Dozens of DHS computers were compromised by hackers. These incidents were not noticed until months after the initial attacks," Rep. Bennie Thompson (D-Miss.), chairman of the Committee on Homeland Security, wrote in a Sept. 21 letter to DHS Inspector General Richard L. Skinner.

Thompson asked Skinner to initiate an immediate inquiry into the issue and, if necessary, refer the matter for criminal investigation. According to one news report, the FBI is investigating the matter, but an FBI spokesperson told eWEEK the agency would neither confirm nor deny the existence of an FBI probe.

"These computers may still be compromised due to insufficient mitigation efforts by the contractor responsible for information technologies at [DHS]," Thompson wrote. "Hackers exfiltrated information out of DHS systems to a Web hosting service that connects to Chinese Web sites."

Resource Library:
Unisys said in a statement that federal security regulations preclude public comment on specific incidents, but added, "We can state generally that the allegation that Unisys did not properly install essential security systems is incorrect. In addition, we routinely follow prescribed security protocols and have properly reported incidents to the customer in accordance with those protocols."

Thompsons committee became involved in the security of government networks after a series of 2006 hacking incidents that targeted the systems of the Departments of State and Commerce. Thompson said the attacks were "most likely" from China.

"The testimony was disturbing," Thompson wrote. "An official from the Department of Commerce discussed a cyber-attack against their systems, which was widely reported to have been launched by hackers operating through Chinese Internet servers."

China says its a victim, not villain, in the area of cyber-security. Click here to read more.

Thompson said the hackers used a rootkit program that allows hackers to mask their presence while gaining privileged access to the system. "Although IT specialists discovered the incident in October 2006, they could not determine the date of the initial hack or the amount of information that was exfiltrated out of Commerce systems," he wrote.

The incident prompted the committee to investigate the security of DHS systems. Thompson said the panel was primarily interested in the similarity of attacks on DHS systems and the hacks at Commerce and State.

At a June 20 hearing, Scott Charbo, CIO at DHS, told the panel, "You dont know what you dont know" when asked if DHS servers ever exfiltrated information to Chinese servers. Unsatisfied with Charbos response, the committee continued its investigation.

By September, Thompson had obtained more DHS incident reports that described the placement of hacking tools, password dumping utilities and other malicious code on DHS systems.

"Although DHS contracted for network intrusion detection systems … these systems were not fully deployed at the time of the initial incidents," Thompson wrote. "If network security engineers were running these systems, the initial intrusions [might] have been detected and prevented."

Thompson further claims contractors provided "inaccurate and misleading" information to DHS officials about the source of the attacks and "attempted to hide security gaps in their capabilities."

Unisys said in its statement, "We believe that a proper investigation of this matter will conclude that Unisys acted in good faith to meet the customers security requirements."

Thompsons letter was sent on the same day that a General Accountability Office study found that approximately 227 federal IT projects involving $10.4 billion were either poorly planned or underperforming.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.



  Reader Comments: Unisys Denies Stonewalling DHS Officials
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Roy Mark
 


x}r㶲s\@♵MR-b[^fI*EBc")ۚeoВ/㩱%lݍFλ$i9cr3ݩkj΢.w߽ ![f8iTE[ ]ߤ~Am;t =4mFNHB~}@~sfwD%x_'Щѩ&€wɄZIКؕ>}~qlv .hvLIlG5tuGpnFA|QCѺQQy$pm<$Q}# L Cw*Nul9 Q)+X^DP~FDM:ǎ-4rwN̚0/PcwҴdh-vu=yͨ /B1r!f-{4ɟM*- Dƞ4IC d#̒JK^`:tm3G^C]õ]Z.R͌eCwt=PzOMҳB($g >v?$Q Ig%KaW+)Kk0~b[4I܃N8CEnOU[۾twgy@ffrt˜HJo~cn!LjZE&>5 ؗY͢`F3l˸-:4 PS+}(Z+{1كS wh[\(Uu7ںs m%k%ms|uO}~N6ox9vtx/o;YHM~c/DJ V4D-āY^:G5=(ǭ~㖯[%MR?4,fϷ 3+i3*,GQD~6/NM㳣Nl,aV4*2V]鮘FȏwAժsyҽ59i{ ܙOtHM Wh:s0N/z 6O{uH0kh`cR^ٗ ?td[W;Ǥ MXO'׳90N`mYn_H!-T|Y|ԛE34 i[2)ߖI@w[)@ +:YK7BS_f]p a4F@Lt&h)5?&9gMab&DJH?є6-`i˫ TE嗋mESq>]Q4{3Bɝ`g@ɋ BD4?CzC0!pl/\~_L.΃QwWڲ9Q[ kK\M흙ǘ\z댛Vu.~hzmxD18,]evb`\77Zu?1ß}52+r%(NLf[ԑplPòǔIGz=< 6aO>lꎓz>:AGAtišh4ϬP7&h`C:}ҍ;LZa^i1[W <ۋJ!pIxZSx&ztH۠h&rkI7.[A0? ; O`p]&; xk = `Dy+wCPbL{TM`@#@X]7$> (@+9=PlmNl}h`1 >5g%N\IQo ' dSJJds 4.gH)AH =[h ]99 ŊHݑvZ)JPl=!ԑt݁Zdu nN-˘ R g?f0-qڛuV<ۢfa* ,q[rׁfX8ȣ=p TfЬ||=厬m[4@>T*|zS.z:ԍ$r%5kb$T`CL q /*l|2ː 7q'JkX"lM M=t%<42.|O\V,'0sgеSҝa|ia;m/ eKKYQ>Om V!҇DD+ه0`,E=_GMR^ z0iTW+JIUӤck@Lf2,rGmAu،;s<}Zj\X,>9R>5 < đOT׃RUaT(j];< 1cXe[;pMbA >FS-cB_O;$!O_'%Ex>5ᚉ 1ǁ$o+:!#HE~H \RZr>j +"X8:T:4ݦ6W݂:,Cd5f>O{M{c>4Ye n,E@z"RKz-85VjeVfG=>YP2~2j&8x_8M85hN?)zC?SMK\s>'<\VaQƖ]4FXXH]-'L͎GO}RIS_4dP.Q9ufj[EpdEN]pCy!+pDZ\PO]\Cc+>LuO##cYe:@ݐ늦 uzVE@ GzCxؽNHuҚ n:+@%lr ?֊N`έ(D a43Sb_@7T_/=4xEs‡1ክ54f;Nw6Jh)XS!RW dĞe~g׆gQyϤ͋h#|5 |l3HNqGL+ s0RsIl x@̬} w0m94c~('cjZ% d,fqNg0cp&vN{֡,)3?t\:ktx{Wz&[wtv'Z qLϡRB7PU ōfπiNdž m}  m_ۯ `EOwDF3۝>S"K8$*L3)㦧RQu VI^Aұg.@C׳@g.lLQXGRUe@5yJ1k % =EZЋvcSLJ.]ITY)(q g@Vf2U+WkU"m=,N =X Z=4~ z|IcEi\kxk_(OU?2:i1RʵRM()CoED\vOJ9 ^M lZKqXCKkp= -2j=uR/̖ K%4e%3E/-9@Xe!eO.lWJ_0]HX9H(P+ YGۻBlpI75 ),&L{~;Atf; {Hڝg8 ^x;^j\#-0MC~:'_H'R&Fø@o9)P K1CE1>dt߫]=+coZ''5a=;oF"^9 us)d}=^xsٖҽNWs5A DH䄬W!yۭFS̠o2XGz0<㥑a3+"APK}͙b9ki.Dz=t_5g0T p- ۵cg#s}uYLPH:>X!aPHR ~tIwu .V_d@Anp+z!NU HE*e4ДKe=:)K<;iw[) 5[E_ѫſ}YVST t6~OWK0fAba+F+=ǭN:I|I NAN:os_,ĨC9r 7{KP -Mu?So2MĜykNEm {6-~=`rvGP2)bz&IZ[Ũ ݖ:`<5 :)Oz.Op|Nik'i^VӲQ6T$4%44QLNC]F+dC7g һj]nNpVHpo6_xvImK$h dgKe֊2 pkP q<+ b >ϣ#+y-EY-Vyғ;q9z])yLU9 gEuX.9Uk۾N+ttO$Zȍڑq eީӊNf|mu+ɅNo=W3kyR̵j s2fucBNj=095kѧ@ǂ n A] j9GqXx,u|S5L`]EE<.%g-;-QL.I߾&O3P +=Ƃy }G7om\=eNd>HАYc=ty9#-[^:ݷ͆ؓ{Jǻoc Ǯv'ۻw}Zw[q*ApC<-L?Gfc: M"IQU֭UdU)I=Y)GG8Lb`@L6#Oځ{-3(#F-߸2{K#7Kx=*AO͏4v4 ]ekw}B%umJ+z%nwQZhr;Tʂ%%դy(IQ)"{"F%{twoo14m*z>-3'Kmx9bv}}Q˻b۲mr&c_S Ṃ0V 2U<۵9RIkJ}w/LĞ>.t8a~A` X^|wNÝvc"P2ގCmũEnj5XR1f}=tR7bl<+…L#ZS*}j>8?n/[4^kg=P`@ DAv}uQ/ꙍnLA/jFi ԥaJ4 lKxMz$}]:ts ';fcCIRU*عҒzDAX` ,E(5w5#A+A"lvs mATURߦ尒R/z2$ IQ5n\*Aݲ{KR\*``"@$ @Ŋ| Wb/IXu>ͧ=jMٰlx ޽Q p #G]RVmҹ޺PK\t廁TUi'ԃ FHd t j~R |eldDy.9S$ec~8?S {[9u>-Cz[UM-0a p8$Ck[!m*[K٥5u칤jO(7lzsK k.a 4j"ȇb=쒁u1ѓ(h>mY$) jOg5r-ab^A6o 34?t[SJw_`Nİb`:I' ug$ksG_T% ؀3p팧yxY)(^e\>諗&~d[p`OzVCwfÖZc/IJ}ay<T DC$0$w}065T2٫+E'S7g8h4(+MB+QzDU/W- L^ze2DXysMbя)!q-1ZEL/ǮG<m8bX )(-}I辻i]X_$/A{5_ Ԇ|ZyzF<;}p}Ęwh1|xr3U,0KjxTY6%Dimg]]_cf9L9L9L9LUU_4k]`z`nVpHS&՞ j3{TD3 OAKGn{67^,)˳ӏxX0WiA֏>3_oy.EX/튌qOV 8#{`qE]K5U{qC<pHA{{ZĞmqonƗvYf/A}~,lo`Th &U~,1Ǯh?w {q|OJ^JhF>X*qԄ@ed1̿9:;e_!?Q2czk+ƧPgJz(RE=tkxX$E`A0F0"}} )h4ZS#:Uw: i5N˫=ދAU2cW+`_g ^Gpʹ cC=mOk")DŽF_\'3ey)vszuP!iygf5Nm8dy6.ZxM_ o&`J ljV3*8U#y=Uֿ忍}:Rny,徯YΎ.`S#z6ꅠdehh֒_fXj*j%M"q0M+┉faeO%3_wI5pDDS`uKפ{ |:Ϡ)8weQ|ׂ=^_Fƒ G\ݷ${5XG̫Y꿓$}j1X/P,C$&Hm9( dh51][97 N^pFʼnܳExHkS`܀C*ZWIY{3s/9g`[?I#$:a)PAgXt~D)Lc{4+13\0k`꤯ 7v}6FkOLL&QX#J:*5\?ԝZSTC䉯MYH&o"D#ঐ_~x UM:@ $=e7|#b~U13ʉmO`x OMq`8BXOx{$MoqCvIrzذ0j~rmw;> '8E)=6i[;q4>(C^P"^]’{M}1Ir9bMl@ע~QNZ O]c)i+#ۏAE!Lj+{ h#8࿬lqn/:\93͒EˉntMSc%5ST)j~Az)XZbYE-c 2^X!tOHk˜x{n<vlNz ԣ:BMgŷPTU"j%gx!#-5נPm<)fF<@ƏLvh;b7d=VںRq)y,y -J"AdR~D0ǖC0%n4,qBrtPȇ Hwxo/5!I{m >8bIә:u_ai;t]kt+ 3>нg3B;w$E뛫u +KP-^a9Ud[h, ¨AJO`sr;c{xrA|t G Ki~RJ?o$:*}+s`6ވ۳j'TP!L~7ijJGh-;Q25&ivL!1E \ЍB9ϪͲ;IoP}sY?e=a ' 2u?|{qBJ=Lm~##dM-ã{|U:k|%w҅n,MCh%17mۤ`(8NA|xUk{VyKb?{r} ̋(HKt4*:7z>m;A=~zLLROg\NL_ _߰,VIm{d72[ $}?Z,D19% q}n꜓M﷯{aG32W`#'BeVQhat~ 'lI=RI % œ 5"  B-N n#BLk43DDc^r {fĔy^r1^G>v;WLQXj*!b3wȧX,/ ټI*RY )vqY@y#LL͂zĂ![C P/5DF·:Es3;%̔,0 @uA"\2,Gza~2?y :RL!zy 6t(QS=1U&R[7eiE^~|LR ] 4Bq0hp6@:߰|cm|? &1B`p3W VjMDO"ӁRs]j%u]]o)AuLT4q)UH+^@0Q3:%bŸ=`fڟ`IZWWiuMzzם~{I<5m[4z?V9|:^}:\;Ba&hL湾,Ǜ,# rzٺh3;eFq(M1B*rKxu< /%Lqx&=IwPJTٌ/!jb\թ2M؂W?Uz [''^O˧VRk!?=BVՉt.sX_~)4:;'f$g:9NNr?A<>v͋/ry9\"?/?/re2ˏP1 r)r˜̑K˜B9.n~+x*k{/>_?B?}ᯏP1G@M^9M@79_zy[9rֺ…۩QNy*P/nvs ث:WK?sz9^}JNF&oIz]!,.5PW[k /YSݲI 6 pbOCvHu>jol(O>*8z:S w}Y&@Y8'}(hعkjzGrt5pÅ͹H|3v1X90l H͆RiejRߑNM0kG ;JMjJ]Nlժ~\,)g /(@#غ7M{%}C7":fȳRLq u+J!'\Cx'+!Rɫ2fdof2EaSOp^Wv"H@0~Y8P&`!؞.F^͆$|zg``>&\ʠaCao/XbKZ;cp\;l=2 gj Y(}`y0\9Khwm&V=ȁF=C-cx uY<71NuOЫȅ`" 9oє^\gCb ΅*˗ X֭2uq0Kl|2:~ kf:aKƘS DMKIn_!x@5Ī"9<;${UF(V >t^`iB0HsI{׿$0y.6J -doǜ>H?30e4.^ŒkR8A m?em :o1I55~ɑ ( V kDF(l#byCܞ0۰ܱL -f!),D-~ӳNWm$bU]ݎ;33i"d` Nk&g^/xolB-ݑ?\vRi feF`O]WvBaI3rfծ Mx*$""H "s{B|%؄ZsJdB2,'KY܇Д2\2oX;SVT#cE \1SzA۹"=מ X?(ق!نIf[W1^{ #E3dƨz< LOt(E,Ma-ăW v,='IDπjUM$f@gQl(VxRDN]szlo()y+J9*نxZ*Hvx*DغlQF޺%qm.;+C&bz:SAW (9|d@loM%H\c *|?OGe Lt8͡o0kn>7q$LsizQڃ`+L\}0uGĦrCR4mLepwR K?93N|Znȑ( l}i͜GK@0mѕhOɬq7V0Y c/1+$~Il=bu{-Wrcd+xf:PEXl+R+Kei$Vi)>n)ZF#,c6޳Z|@ xS a Jʶ)E=b농\ ѨipKTVD'n3^m'oymDmE>m+Ѝ5O1igNbkcb@xV=f_qxFN|L/X}vxur!}đYX&7$V /OىBׅѰ0 L;,lyED%e2JACb 0F c:p2 19,O)xI1%h3l䃈mAb ?ʵ-caG?,ɀ~'[]r*gA-Z12Mo,/`kV"Kͮ0ON= zBk|FXK]s&&tĵa}ar8Lt4QS|J)Km)胇Ƚoz^j}XXC`*F"e31C7Dn0BrwH d[H_مuv3\j/YH~1 <99.@OI"cXM1}aŀ]^3Ðy6xL -2VjwV㛾VtƦI:1qz륍.yQ'b(56lS24K_hj*JlTʩI7v6̈́ В]&ŮMvbesQ*)