Re: State Department's warns visa-checking system crippled by computer virus

[InfoSec News <isn () c4i org>]

Forwarded from: matthew patton <pattonme () yahoo com>

oh this is choice and has several mistakes. see in-line.

--- InfoSec News <isn () c4i org> wrote:
http://www.signonsandiego.com/news/nation/20030923-1844-state-computervirus.html
>

> WASHINGTON - The State Department's electronic system for checking
> every visa applicant for terrorist or criminal history failed
> worldwide late Tuesday because of a computer virus, leaving the U.S.

> government unable to issue visas.
>
> The virus crippled the department's Consular Lookout and Support
> System, known as CLASS, which contains more than 12.8 million records
> from the FBI, State Department and U.S. immigration, drug-enforcement
> and intelligence agencies. Among the names are those of at least
> 78,000 suspected terrorists.

CLASS runs on a mainframe. Excuse me but what virus released recently
infects a mainframe? And they've got at least 2 of them. One here in
DC and the other in the mountains of WVa. infected the end-user
terminals I would definately conceed since those are windoze PC's
running various home-grown application to access said database. And
desktop security was quite pathetic.

> In an internal message sent late Tuesday to embassies and consular
> offices worldwide, officials cautioned that "CLASS is down due to a
> virus found in the system." There was no backup system immediately
> available, and officials could not predict how long the outage might
> last.

Say what? BNS (Backup Name Service) has been deployed nearly
world-wide by now I should think. I "left" the project last September
and they were doing installs at 3 critical regional centers back then
with an aggressive roll-out schedule. Even accounting for slips in
software delivery all of the processing is done essentially in batch
mode so the claim to not be able to check names is questionable.
Bigger delays, sure. The BNS distributed database is synced multiple
times a day with the mainframe and we even had means of updating all
regional data-sources should connectivity be problematic.

> Such an outage would represent the most serious disruption in years
> to U.S. government computers from an Internet infection.

I hardly believe that. But then again as the sole security engineer
for BNS assigned naturally WAY late in the game, coupled with DoS'
legendary disregard for security measures and penchant to do their own
thing (they have their own notion of system accredidation), computer
security was more of a wave of the hand than of any real substance. My
strident insistance on even a modicum of security engineering given
the critical nature of the system, it's tangible value to miscreants,
and hostile operating environment became a political football because
sysadmins, database admins, and programmers had apparently never had
their bluff called before. Embarrasing questions raised in government
circles have an uncanny way of getting the questioner removed to
predictable effect.

> Every visa applicant is checked against the names in the CLASS
> database. The State Department's automated systems are designed not
> even to print a visa until such a check is completed.

I'm not sure I'd put much faith in that description. It's largely the
call of the consular agent to determine if the computer-proposed
matches are indeed worthy of consideration. I'm no expert on all
facets of CLASS software, however.

Seems the author likes to repeat the numbers of persons held in the
database. There is another category which amounts to VIP's who get
expedited treatment be they visiting sports competitors, heads of
state and their staffs, or foreign political campaign donors, etc.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.