Thursday, November 02, 2006

Department of Homeland Insecurity?

Interesting story by Kevin Poulsen in Wired about the deliberate decision by the DHS's Bureau of Customs and Border Protection not to protect the critical US-VISIT computers against the Zotob worm.
A Morocco-born computer virus that crashed the Department of Homeland Security's US-VISIT border screening system last year first passed though the backbone network of the Immigrations and Customs Enforcement bureau, according to newly released documents on the incident.

The documents were released by court order, following a yearlong battle by Wired News to obtain the pages under the Freedom of Information Act. They provide the first official acknowledgement that DHS erred by deliberately leaving more than 1,300 sensitive US-VISIT workstations vulnerable to attack, even as it mounted an all-out effort to patch routine desktop computers against the virulent Zotob worm.

US-VISIT is a hodgepodge of older databases maintained by various government agencies, tied to a national network of workstations with biometric readers installed at airports and other U.S. points of entry. The $400 million program was launched in January 2004 in an effort to secure the border from terrorists by thoroughly screening visiting foreign nationals against scores of government watch lists...

By that time, Zotob was already flooding DHS compartments like water filling a sinking battleship. Four CBP Border Patrol stations in Texas were "experiencing issues related to this worm," reads one report. More ominously, the virus had made itself at home on the network of an interconnected DHS agency -- the Immigrations and Customs Enforcement bureau, or ICE. The ICE network serves as the hub for traffic between the US-VISIT workstations and sensitive law enforcement and intelligence databases, and US-VISIT visibly slowed as traffic slogged over ICE's compromised backbone...

At international airports in Los Angeles, San Francisco, Miami and elsewhere, long lines formed while CBP screeners processed foreign visitors by hand, or in some cases used backup computers...

While DHS and its agencies are taciturn about discussing security issues, they couldn't hide the travelers stranded on the wrong side of Customs at airports across the country. The day after the infection, DHS publicly acknowledged a worm was responsible. But by December, a different story emerged; a department spokesman speaking to CNET claimed there was no evidence that a virus caused the August incident. Instead, the problem was merely one of the routine "computer glitches" one expects in any complex system, he said...

After we sued, CBP released three internal documents, totaling five pages, and a copy of Microsoft's security bulletin on the plug-and-play vulnerability. Though heavily redacted, the documents were enough to establish that Zotob had infiltrated US-VISIT after CBP made the strategic decision to leave the workstations unpatched. Virtually every other detail was blacked out. In the ensuing court proceedings, CBP claimed the redactions were necessary to protect the security of its computers, and acknowledged it had an additional 12 documents, totaling hundreds of pages, which it withheld entirely on the same grounds.

Labels: ,


Post a Comment