Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • IT Management

    Unisys Denies Stonewalling DHS Officials

    By
    Roy Mark
    -
    September 24, 2007
    Share
    Facebook
    Twitter
    Linkedin

      Lawmakers are accusing government contractor Unisys of incompetence and possible illegal activity related to its handling of Department of Homeland Security network security and hacks originating in China.

      Unisys, based in Blue Bell, Pa., won a $1.7 billion contract with the DHS in 2002 to build, manage and protect the networks at the Transportation Security Administration and DHS headquarters. Since then, according to a report by the House Committee on Homeland Security, the systems have been hit by 844 cyber-security incidents in the 2005 to 2006 time period.

      “Dozens of DHS computers were compromised by hackers. These incidents were not noticed until months after the initial attacks,” Rep. Bennie Thompson (D-Miss.), chairman of the Committee on Homeland Security, wrote in a Sept. 21 letter to DHS Inspector General Richard L. Skinner.

      Thompson asked Skinner to initiate an immediate inquiry into the issue and, if necessary, refer the matter for criminal investigation. According to one news report, the FBI is investigating the matter, but an FBI spokesperson told eWEEK the agency would neither confirm nor deny the existence of an FBI probe.

      “These computers may still be compromised due to insufficient mitigation efforts by the contractor responsible for information technologies at [DHS],” Thompson wrote. “Hackers exfiltrated information out of DHS systems to a Web hosting service that connects to Chinese Web sites.”

      Unisys said in a statement that federal security regulations preclude public comment on specific incidents, but added, “We can state generally that the allegation that Unisys did not properly install essential security systems is incorrect. In addition, we routinely follow prescribed security protocols and have properly reported incidents to the customer in accordance with those protocols.”

      Thompsons committee became involved in the security of government networks after a series of 2006 hacking incidents that targeted the systems of the Departments of State and Commerce. Thompson said the attacks were “most likely” from China.

      “The testimony was disturbing,” Thompson wrote. “An official from the Department of Commerce discussed a cyber-attack against their systems, which was widely reported to have been launched by hackers operating through Chinese Internet servers.”

      China says its a victim, not villain, in the area of cyber-security. Click here to read more.

      Thompson said the hackers used a rootkit program that allows hackers to mask their presence while gaining privileged access to the system. “Although IT specialists discovered the incident in October 2006, they could not determine the date of the initial hack or the amount of information that was exfiltrated out of Commerce systems,” he wrote.

      The incident prompted the committee to investigate the security of DHS systems. Thompson said the panel was primarily interested in the similarity of attacks on DHS systems and the hacks at Commerce and State.

      At a June 20 hearing, Scott Charbo, CIO at DHS, told the panel, “You dont know what you dont know” when asked if DHS servers ever exfiltrated information to Chinese servers. Unsatisfied with Charbos response, the committee continued its investigation.

      By September, Thompson had obtained more DHS incident reports that described the placement of hacking tools, password dumping utilities and other malicious code on DHS systems.

      “Although DHS contracted for network intrusion detection systems … these systems were not fully deployed at the time of the initial incidents,” Thompson wrote. “If network security engineers were running these systems, the initial intrusions [might] have been detected and prevented.”

      Thompson further claims contractors provided “inaccurate and misleading” information to DHS officials about the source of the attacks and “attempted to hide security gaps in their capabilities.”

      Unisys said in its statement, “We believe that a proper investigation of this matter will conclude that Unisys acted in good faith to meet the customers security requirements.”

      Thompsons letter was sent on the same day that a General Accountability Office study found that approximately 227 federal IT projects involving $10.4 billion were either poorly planned or underperforming.

      Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.

      Roy Mark
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×