, SecurityFocus 2007-09-25
A contractor may have allowed dozens of computers at the U.S. Department of Homeland Security to become infected with a password keylogger and other malicious software, according to an investigation by the House Committee on Homeland Security made public on Monday.
The committee's investigation into the incident discovered that the attackers, working through a hosting service provider connected to several Chinese Web sites, had stolen sensitive information, including data from the Office of Procurement Operations. In a letter to the DHS Inspector General dated Friday, the Committee stated that the contractor responsible for such systems failed to fully deploy network intrusion detection systems at the time of the incidents. The Committee stated that if the DHS had been misled by the contractor, criminal charges should be sought.
"Contractors provided inaccurate and misleading information to the Department of Homeland Security officials about the source of these attacks and attempted to hide security gaps in their capabilities," the letter stated, concluding, "If your investigation determines that violations of Federal law may have occurred, we expect that you will provide this information to the appropriate officials at the U.S. Department of Justice."
While the letter did not specifically mention the name of the contractor, Unisys currently manages information-systems support at the Department of Homeland Security, after winning a $1 billion Information Technology Managed Services (ITMS)contract in 2002 and an extension in 2005 for $750 million.
Unisys disputed the committee's findings, and the reporting of those findings in an article by the Washington Post published on Monday.
"Facts and documentation contradict the claims described in the article, but federal security regulations preclude public comment on specific incidents," the company said in a statement posted to its Web site. "We can state generally that the allegation that Unisys did not properly install essential security systems is incorrect. In addition, we routinely follow prescribed security protocols and have properly reported incidents to the customer in accordance with those protocols."
The allegations come as the Committee on Homeland Security continues to investigate network breaches at at large federal agencies, including the U.S. Departments of Commerce, Defense, Energy, Homeland Security, and State. Officials within some of the departments have blamed hackers operating from computers in China for many of the attacks.
The committee took the DHS to task for not including information about the incident in its June briefing before the House Subcommittee on Emerging Threats, Cybersecurity, Science and Technology.
"We are disappointed by the Department's misleading responses to the Committee's requests for information, and request that you determine whether the intent of these misstatements was to obstruct the Committee's investigation," Committee Chairman Bennie Thompson and Subcommittee Chairman James Langevin stated in the letter.