The cover-up of Homeland Security’s virus infection

Last August a Windows virus infected over 1,300 computers which Customs and Border Protection uses to screen foreign travelers visiting the U.S. The bureau almost immediately tried to cover up the incident.

In “The Virus That Ate DHS,’ Wired reporter and former hacker Kevin Poulsen illustrates that the Department of Homeland Security’s grasp on computer security is tenuous at best.

The Zotob virus hit the US-VISIT computer network August 18, 2005, resulting in hours-long, snarled lines at airports and other ports of entry as Customs officials had to manually clear visitors. Though Microsoft had made a patch available before the worm hit, CBP officials had made the decision to patch most of its computers, but not the US-VISIT computers.

Poulsen has doggedly pursued the case from day one, filing Freedom of Information Act requests to get records related to the incident, and dealing with government bureaucrats stonewalling, covering up and even “losing’ his request.

His November 2 report chronicles the saga of trying to get information out of the government. When a court finally ordered DHS to comply, he found that the information that had been redacted for “security’ reasons because they “could compromise the confidentiality, integrity and availability of sensitive US-VISIT data’ were nothing of the sort.

And, as it turns out, the virus got onto the network in the first place through the Immigration and Customs Enforcement network, to which US-VISIT is connected. ICE, as it turns out, is responsible for security for the whole department. But DHS is transitioning to a new network architecture called OneNetwork, which CBP will run instead.

And while the documents released last week show that CBP learned its lesson unusually quickly, I suspect that this isn’t the last we’ll hear of viruses getting inside the Department of Homeland Security.