Search This Blog

Friday, September 28, 2007


Don’t think the consumer is getting a reprieve on identity theft just because the hackers have decided to go after a larger jackpot. I am talking about the recent break-in to Department of Homeland Security (DHS) computers by a Web site in China. It seems that Unisys Corp. was hired by DHS for $1.7 billion to build and secure information technology networks for the Transportation Security Administration (TSA) and DHS headquarters, according to a piece in the Washington Post. Apparently it doesn’t work since for at least three months there were cyber-intrusions into 150 DHS computers, including one in the Office of Procurement Operations, which handles contract data. The national security community is up in arms because of their concern that the Chinese government’s intent is to steal military secrets. This would certainly go for a higher price around the world—say Iran?—than possibly the largest personal data breach we have seen or ever will see. I bring this all up to prove to you just how sophisticated these people are becoming, and just how much planning is going into the stealing of valuable information, be it individual sensitive data or national secrets. Unisys says no one has told them yet that anything is wrong with the system, but it is alleged by the House Homeland Security Committee that the contractor falsely certified all was good to cover up “lax oversight.” Am I the only one who sees a trend of incompetence in the handling of information by government agencies, contractors and data brokers; something that should be waking up the apathetic American public and a comatose Congress? Of course not, and someone else who is as concerned about this privacy issue as I am is William Morriss who runs the Ephemerrallaw blog. He is an attorney interested in information security and its relationship to data privacy. He is dedicated, and provides insight into the subject you won’t find elsewhere. Another concerned person is James Lewis, a fellow at the Center for Strategic and International Studies, who is “troubled” that DHS officials are indifferent to the matter. The House committee reports that, although no one knows how the hackers entered the DHS systems, they were able to crack account passwords, install malicious software, while temporarily keeping Unisys’ employees in the dark. All this when the $1.7 billion Unisys security devices had been designed to detect intrusions into DHS computers and flag suspicious activity. So much for quality oversight. According to the committee, Unisys tried to “hide gaps” from the government to play down the magnitude of the breaches, and even failed to disclose the fact that the data was going to a Chinese Web site. Now it’s obvious why the “cold war” ended. Our enemies don’t need spies on the ground to steal our secrets. They just have to get on their computers and start hacking.

No comments: