Kim Zetter
Security

FBI Investigates DHS Contractor for Failing to Protect Gov't Computers

The FBI is said to be investigating Unisys for criminal fraud for failing to protect DHS computers from intrusions that were traced to a Chinese-language site for hackers, according to the Washington Post. The House Homeland Security Committee uncovered evidence that Unisys, which was awarded a $1.7 billion contract with the Department of Homeland Security […]

dhs logoThe FBI is said to be investigating Unisys for criminal fraud for failing to protect DHS computers from intrusions that were traced to a Chinese-language site for hackers, according to the Washington Post.

The House Homeland Security Committee uncovered evidence that Unisys, which was awarded a $1.7 billion contract with the Department of Homeland Security in 2002 to secure and manage the IT network for DHS and the Transportation Security Administration, failed to properly install and manage intrusion detection systems on the networks.

As a result, the company failed to detect intrusions to the network for three months beginning in June 2006. The intrusions, on 150 computers, were traced to a Chinese-language web site for hackers. The hackers cracked the password of a network administrator "who had privileges to modify key system files on thousands of computers on the DHS network" and were stealing data and sending it to the Chinese site all the while that Unisys was certifying to the government that its network was secured.

From the Post story:

In July 2006, a Unisys employee detected a possible intrusion but "downplayed it and low-level DHS security managers ignored it," the committee aide said.

It was not until Sept. 27, 2006, that two DHS systems managers noticed that their machines had been accessed with a hacking tool.

Unisys information technology employees began a probe and determined that the break-in affected more computers. They discovered that it reached back as far as June 13 that year and had continued through at least Oct. 1, eventually reaching 150 computers.

Among the security devices Unisys had been hired to install and monitor were seven "intrusion-detection systems," which flag suspicious or unauthorized computer network activity that may indicate a break-in. The devices were purchased in 2004, but by June 2006 only three had been installed -- and in such a way that they could not provide real-time alerts, according to the committee. The rest were gathering dust in DHS storage closets and under desks in their original packaging, the aide said.

Although the hackers lifted data from unclassified systems, Paul Kurtz, a former White House cyber-security adviser, said that even unclassified data, if stolen in large enough quantities, could provide important clues about U.S. military and corporate trade secrets.

"Clearly there's cause for concern as to how Unisys has conducted itself and the security it has provided," committee member Rep. Jim Langevin (D-R.I.) said in an interview. "There were some basic things that should have been done -- installation of these intrusion-detection devices -- that very well would have given us a strong indication and an alert that our systems were penetrated."

Unisys spokeswoman Meyer disputed the committee's version of events. She said that Unisys had installed five network-intrusion devices and added a sixth in September 2006. Moreover, she said, under the follow-on contract, "DHS, citing lack of funding, elected to stop paying for security monitoring services," but that the firm continued to provide the monitoring anyway.

See Also: