Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

DHS insider hacking case reveals serious network security vulnerabilities

From: InfoSec News <alerts () infosecnews org>
Date: Tue, 13 Sep 2011 09:36:33 -0500 (CDT)
http://www.nextgov.com/nextgov/ng_20110912_7347.php

Nextgov
09/12/2011
Recent interviews with current and former personnel involved in a 2008 federal investigation into hacking and other network abuse at an immigration application processing center in Texas portray an out-of-control information technology office at a key Homeland Security Department agency. The vulnerabilities exposed by the year-long probe raise troubling questions about the agency's ability to police insider threats and employee and contractor access to critical government networks.
Poor supervision and an unqualified workforce at the U.S. Citizenship and Immigration Services facility fostered an environment that allowed gross security vulnerabilities and workplace bullying, current and former staff said. The Texas Service Center is one of four regional facilities that handle immigration-related petitions and applications for USCIS, an agency that has been prone to insider attacks. The sensitive data the office manages is particularly attractive to identity thieves who traffic in false documents; the data's compromise could create opportunities for human smugglers, terrorists and other criminals.
In 2008, the DHS inspector general found that skilled staffers knowingly created vulnerabilities, although their motives are not entirely clear from the documents obtained. Today, some employees contend network weaknesses and unqualified or incompetent technicians remain a problem.
While probing the Texas Service Center's computers to find the origins of an illicit email, agency IT analysts documented unrelated misconduct as well as more serious compromises of system security that prompted the departmental IG investigation, the officials said. Former USCIS personnel believe that among the violations a small number of center specialists read management-level emails by cracking into systems. 

[...]


_____________________________________________________________
Register now for the #HITB2011KUL - Asia's premier
deep-knowledge network security event now in it's 9th year!
http://conference.hitb.org/hitbsecconf2011kul/
Previous By Date Next
Previous By Thread Next

Current thread: