[Infowarrior] - DHS Acknowledges Own Computer Break-Ins

Wed Jun 20 19:28:38 UTC 2007

http://www.washingtonpost.com/wp-dyn/content/article/2007/06/20/AR2007062000
181.html

DHS Acknowledges Own Computer Break-Ins

By TED BRIDIS
The Associated Press
Wednesday, June 20, 2007; 6:34 AM

WASHINGTON -- The Homeland Security Department, the lead U.S. agency
for fighting cyber threats, suffered more than 800 hacker break-ins,
virus outbreaks and other computer security problems over two years,
senior officials acknowledged to Congress.

In one instance, hacker tools for stealing passwords and other files
were found on two internal Homeland Security computer systems. The
agency's headquarters sought forensic help from the department's own
Security Operations Center and the U.S. Computer Emergency Readiness
Team it operates with Carnegie Mellon University.

In other cases, computer workstations in the Coast Guard and the
Transportation Security Administration were infected with malicious
software detected trying to communicate with outsiders; laptops were
discovered missing; and agency Web sites suffered break-ins.

The chairman of the House Homeland Security Committee, Rep. Bennie
Thompson, D-Miss., said such problems undermine the government's
efforts to encourage companies and private organizations to improve
cyber security.

"What the department is doing on its own networks speaks so loudly
that the message is not getting across," Thompson said.

Congressional investigators, expected to testify Wednesday during an
oversight hearing about the department's security lapses, determined
that persistent weaknesses "threaten the confidentiality, integrity
and availability of key DHS information and information systems,"
according to a new report from the Government Accountability Office
being released later in June.

The Homeland Security Department's chief information officer, Scott
Charbo, assured lawmakers his organization was working to prevent
such problems.

"We need to increase our vigilance to ensure that such incidents do
not happen again," Charbo wrote in testimony prepared for Wednesday's
hearing. "The department takes these incidents very seriously and
will work diligently to ensure they do not recur."

The computer problems disclosed to the House Homeland Security
subcommittee occurred during fiscal 2005 and fiscal 2006, and
occurred at DHS headquarters and many of the department's agencies,
including TSA, the Coast Guard, Federal Emergency Management Agency,
Customs and Border Protection and others.

The subcommittee's chairman, Rep. Jim Langevin, D-R.I., said
break-ins to government computer networks and theft of information
are "one of the most critical issues confronting our nation, and we
must deal with this threat immediately."

All the problems involved the department's unclassified computer
networks, although DHS officials also have acknowledged to lawmakers
dozens of incidents they described as "classified spillage," in which
secret information was improperly transmitted or discussed over
nonsecure e-mail systems.