In 2006, hackers broke into Department of Homeland Security computers, copying and sending out data for hours at a time -- as long as five hours in one case. They cracked an administrator's password with privileges to modify files on thousands of DHS computers. And they began installing malware on dozens of computers, masking the intrusion and transferring files to a remote Chinese-language Web site.
According to a House committee investigation, DHS's security contractor, Unisys, failed to identify or stop these attacks -- and, to make matters far worse, tried to cover up its failures.
Unisys has a $1.7 billion contract to provide security for DHS networks.
"For the hundreds of millions of dollars that have been spent on building this system within Homeland, we should demand accountability by the contractor," House Homeland Security Committee Chair Bernie Thompson (D-Miss.) was quoted by the Washington Post as saying. "If, in fact, fraud can be proven, those individuals guilty of it should be prosecuted."
Failure and Cover-Up
Committee aides said the FBI is investigating Unisys for possible criminal fraud, but a bureau spokesperson declined to confirm the assertion.
According to a committee aide, in July 2006, a Unisys employee detected an intrusion but "downplayed it, and low-level DHS security managers ignored it." On September 27, 2006, DHS systems managers finally noticed that their machines had been accessed with hacking software. Then Unisys I.T. employees investigated and found the break-in dated back to June 13, affecting 150 computers.
Unisys was supposed to install seven intrusion-detection systems, the Post reported, but had only installed three by June 2006. It had failed to install them properly, so they were not providing real-time alerts, the committee found. A Unisys spokesperson was quoted by the Post as saying that "no investigative body has notified us formally or informally of a criminal investigation."
David Stephenson, principal of Stephenson Securities, a homeland security consultant, said in an e-mail that DHS shares some of the blame for the fiasco.
"Given the potential for serious security compromises, even a very short security breach, the contract with Unisys should have required a seamless process to immediately report the incident to higher-level DHS authorities," he said. The fact that the initial report only went to low-level employees is "an indication of a culture on both sides that tolerated lax reporting by the contractor and lack of attention by DHS personnel," he concluded.
Indeed, Thompson said he is "troubled" by DHS indifference to the problem.
A DHS spokesperson said the agency is complying with committee requests and is able to follow up on all security incidents. "We have today fully operational security operations capability. That means that every incident, no matter how small, is reported to our operations center," said spokesperson Russ Knocke.
The DHS hacks are part of an ongoing series of attacks that have hit the U.S. Defense, Commerce, and State departments, as well as installations in Europe, all involving Chinese-language computers.
Last year, Maj. Gen. William Lord, Director of Information Services and Integration in the Air Force Office of Warfighting Integration, said that China had transferred "10 to 20 terabytes of data" from the Pentagon's nonclassified network. "They are looking for your identity so they can get into the network as you. There is a nation-state threat by the Chinese."