Contractor Investigated for Failing to Detect DHS Data Intrusions

A major IT firm, Unisys Corp., which has a contract with the Department of Homeland Security, is undergoing an FBI investigation because of its alleged failure in spotting a cyber intrusion in Website in Chinese language and for attempting to cover up its laxity, according to the congressional investigators.

On September 21, 2007, Bennie Thompson, D-Miss., Chairman of House Homeland Security Committee, requested DHS Inspector General Richard Skinner to start an investigation of his own.

The committee said that Unisys or the contractor allegedly issued a false certificate to show that the network was adequately protected, again to cover up its deficiencies. All through October last year (2006), hackers compromised 150 DHS computers among which one, belonged to the Office of Procurement Operations that manages contract data. The hackers then sent a huge quantity of data to a Website in Chinese language that apparently acted as host to hacking tools.

Also, during the assaults on the systems at DHS, hackers mostly compromised the computers in the late night hours or early morning, when they copied and transmitted information over long hours that once lasted for five hours, according to the evidences that the committee collected.

The intrusions in DHS computers are upsetting when one counts the number of attacks on the government systems connected to Chinese servers, said Thompson. Freenewmexican reported this on September 24, 2007. Since last year, hackers have been infiltrating e-mail and other online systems at the Commerce, State as well as Defense departments. Unisys wasn't facilitating information security services to those departments.

In 2002, Unisys Corp had won a contract to build, manage, and secure the IT networks for the DHS headquarters and the Transportation Security Administration.

As per the deal, Unisys was required to install detection devices for network intrusion on the computer systems of DHS headquarters and TSA, as well as monitor their functioning.

But from evidence that the House Homeland Security Committee gathered, it was clear that Unisys failed to carry out the appropriate installation or monitor those devices. This implied that DHS did not know about cyber intrusions for almost 3 months from June to August 2007.

Related article: Contract Killer Spam Scam

» SPAMfighter News - 10/9/2007