Customs system left open to virus threat

Last August, Customs and Border Protection computers responsible for processing international travelers entering the U.S. failed for several hours due to a Windows computer virus, resulting in long delays in processing visitors. Now it comes out that the Department of Homeland Security could have prevented it, but decided to let it happen.

The Zotob virus attacked computers worldwide last August, causing failures for many news organizations, corporations and government agencies. One of the affected networks was the US-VISIT network, responsible for screening visitors to the U.S., which uses Windows 2000 workstations. On the evening of August 18, 2005, the system failed, and was restored in about six hours. Many thousands of visitors were delayed at airports and land crossings.

And the reason it failed, according to heavily redacted CBP documents (PDF) released under the Freedom of Information Act, was that the Department of Homeland Security deliberately held back the Microsoft software patch which would have protected the computers from the Zotob virus.

The disturbing part is that somehow that network is connected to the Internet, and if it could be infected with a virus propagating on the Internet, it may be open to hackers as well.

“That machine was reachable from some network, that was connected to some other network, that was connected to the internet,” says Tim Mullen, a Windows security expert and CIO of security firm AnchorIS. “There was some series of connections that manifested itself in those machines getting compromised.”

A September report by the DHS inspector general found computer security at CBP wanting. In a scan of 368 devices on CBP networks, investigators identified 906 security vulnerabilities rated as medium or high risk. They criticized CBP for failing to implement a comprehensive security testing program, among other issues.

“Our vulnerability assessments identified security concerns resulting from inadequate password controls, missing critical patches, vulnerable network devices and weaknesses in configuration management,” the report concludes. “These security concerns provide increased potential for unauthorized access to CBP resources and data.” — Wired News

Network security for the Department of Homeland Security is currently handled by Immigration and Customs Enforcement, but the department plans to transfer control of network security to CBP.