Chinese hackers crack Homeland Security computers
Chinese hackers broke into Department of Homeland Security computers and made off with “many megabytes” of data, and the contractor charged with securing the department’s networks attempted to cover up the breaches, according to Congressional investigators who have asked the department’s inspector general to investigate the computer security breaches.
The Federal Bureau of Investigation has launched a separate investigation into Unisys Corp., which for $1.75 billion was supposed to install and monitor network intrusion devices for the Transportation Security Administration and at DHS headquarters, but failed to install and monitor the devices properly, according to a letter (PDF) signed by House Homeland Security Committee chairman Bennie Thompson (D-Miss.) and Subcommittee on Emerging Threats, Cybersecurity, Science and Technology chairman James Langevin (D-R.I.) and sent to DHS inspector general Richard Skinner.
The FBI would not confirm whether it had launched an investigation.
The subcommittee has been investigating “hacking activity against Federal agencies” for several months, and the allegations against Unisys are the latest find. In April, the committee heard that Chinese hackers had infiltrated Department of Commerce computers and left “little evidence behind them” of who they were or what files they had copied, the letter said.
“The department is the victim not only of cyber attacks initiated by foreign entities, but of incompetent and possibly illegal activity by the contractor charged with maintaining security on its networks,” Thompson wrote in his letter, which included 27 pages of prior correspondence (PDF) with DHS chief information officer Scott Charbo.
A Unisys spokeswoman, Lisa Meyer, said that “no investigative body has notified us formally or informally of a criminal investigation” on the matter and added that she could not comment on specific security incidents.
She said that Unisys has provided DHS “with government-certified and accredited security programs and systems, which were in place throughout 2006 and remain so today.”
Among the security devices Unisys had been hired to install and monitor were seven “intrusion-detection systems,” which flag suspicious or unauthorized computer network activity that may indicate a break-in. The devices were purchased in 2004, but by June 2006 only three had been installed — and in such a way that they could not provide real-time alerts, according to the committee. The rest were gathering dust in DHS storage closets and under desks in their original packaging, the aide said. — Washington Post
I don’t know how your computer works, but mine doesn’t do anything while it’s still in the box it was shipped in.
Department of Homeland Security spokesman Russ Knocke declined to comment on allegations Unisys covered up evidence of hacking.
“We take cyber security very seriously and there have been major improvements since the administration’s cyber security strategy announced in 2003,” he said.
Knocke said DHS has responded to “malicious cyber activity directed at the U.S. government over the past few years,” and such activity is “growing more sophisticated and frequent.” — CNN
Meanwhile, DHS grows more bloated and incompetent, unable to protect its own networks, let alone the country’s critical infrastructure.
No comments:
Post a Comment