http://www.denverpost.com/Stories/0,1002,53%257E342624,00.html By Bill McAllister Denver Post Washington Bureau Chief Friday, January 18, 2002 WASHINGTON - Three months before a computer hacker broke into Indian trust records maintained on a Denver computer system, Interior Secretary Gale Norton was warned that her department's major computer system, also based in the Colorado capital, was vulnerable to outsiders. That warning, from the General Accounting Office, was greeted by promises to make quick changes - a promise that one Interior official has since conceded may have been incorrect. In recent court testimony, Bob Lamb, who was then an acting assistant secretary, said he had relied on information from a subordinate who assured him nothing was wrong with the computer system. Like the ineffective computer system that maintained the Indian trust records, Interior's National Business Center in Denver also is seriously flawed, the GAO told Norton in a report dated July 3. The report said that the system, which maintains the department's personnel and payroll records, property records and others financial accounts, lacked adequate security to prevent outsiders from breaking into the system and altering records. "These weaknesses placed sensitive NBC-Denver financial and personnel information at the risk of disclosure, critical financial operations at the risk of disruption and assets at the risk of loss," said the GAO, Congress's investigative agency. In addition, the report noted the problem could also affect the 30 other government agencies that the Denver center serves. Norton Specially, the GAO said, Denver officials did not have adequate controls over passwords and user identifications, dial-in access or had properly configured its network. In Interior's response, Lamb acknowledged the problems and declared that the department is moving "aggressively to correct all of the weaknesses identified." All, he said, would be resolved by Dec. 31. However, that response apparently did not cover the trust records. In September, a court-approved computer expert was able to hack into the Denver-based computer system - which maintains trust records for about 300,000 American Indians - and alter them without detection. That embarrassing episode is one of the major issues in a contempt of court trial Norton is currently facing in a Washington court. The link between the two Denver-based computer systems and their similar problems was disclosed Thursday by www.Indianz.com., a website on the Internet that has been closely following the Norton trial. Computer security has emerged as a key issue for the department and its employees, many of whose access to the Internet has been removed by a court order that U.S. District Judge Royce C. Lamberth issued in the Norton case. Citing the hacker, he told Interior officials to deny Internet access to any Interior computers that have access to trust records. The result has been that many Interior agencies no longer have websites open to the public, and many agency employees cannot use e-mail to respond to the public. The NBC-Denver computer system is directed by Norton's office. It links the department's 14 bureaus and offices with the computer mainframes in Colorado. At the time of the GAO report, it said there about 37,000 users with access to the Denver computers. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Sun Jan 20 2002 - 01:15:39 PST