Re: [ISN] State Department's warns visa-checking system crippled by computer virus

From: InfoSec News (isn@private)
Date: Thu Sep 25 2003 - 02:00:47 PDT

  • Next message: InfoSec News: "[ISN] FBI steps up pursuit of cybercrime"

    Forwarded from: matthew patton <pattonme@private>
    
    oh this is choice and has several mistakes. see in-line.
    
    --- InfoSec News <isn@private> wrote:
    http://www.signonsandiego.com/news/nation/20030923-1844-state-computervirus.html
    > 
    
    > WASHINGTON - The State Department's electronic system for checking
    > every visa applicant for terrorist or criminal history failed
    > worldwide late Tuesday because of a computer virus, leaving the U.S.
    
    > government unable to issue visas.
    > 
    > The virus crippled the department's Consular Lookout and Support
    > System, known as CLASS, which contains more than 12.8 million records
    > from the FBI, State Department and U.S. immigration, drug-enforcement
    > and intelligence agencies. Among the names are those of at least
    > 78,000 suspected terrorists.
    
    CLASS runs on a mainframe. Excuse me but what virus released recently
    infects a mainframe? And they've got at least 2 of them. One here in
    DC and the other in the mountains of WVa. infected the end-user
    terminals I would definately conceed since those are windoze PC's
    running various home-grown application to access said database. And
    desktop security was quite pathetic.
    
    > In an internal message sent late Tuesday to embassies and consular
    > offices worldwide, officials cautioned that "CLASS is down due to a
    > virus found in the system." There was no backup system immediately
    > available, and officials could not predict how long the outage might
    > last.
    
    Say what? BNS (Backup Name Service) has been deployed nearly
    world-wide by now I should think. I "left" the project last September
    and they were doing installs at 3 critical regional centers back then
    with an aggressive roll-out schedule. Even accounting for slips in
    software delivery all of the processing is done essentially in batch
    mode so the claim to not be able to check names is questionable.
    Bigger delays, sure. The BNS distributed database is synced multiple
    times a day with the mainframe and we even had means of updating all
    regional data-sources should connectivity be problematic.
    
    > Such an outage would represent the most serious disruption in years
    > to U.S. government computers from an Internet infection.
    
    I hardly believe that. But then again as the sole security engineer
    for BNS assigned naturally WAY late in the game, coupled with DoS'
    legendary disregard for security measures and penchant to do their own
    thing (they have their own notion of system accredidation), computer
    security was more of a wave of the hand than of any real substance. My
    strident insistance on even a modicum of security engineering given
    the critical nature of the system, it's tangible value to miscreants,
    and hostile operating environment became a political football because
    sysadmins, database admins, and programmers had apparently never had
    their bluff called before. Embarrasing questions raised in government
    circles have an uncanny way of getting the questioner removed to
    predictable effect.
    
    > Every visa applicant is checked against the names in the CLASS
    > database. The State Department's automated systems are designed not
    > even to print a visa until such a check is completed.
    
    I'm not sure I'd put much faith in that description. It's largely the
    call of the consular agent to determine if the computer-proposed
    matches are indeed worthy of consideration. I'm no expert on all
    facets of CLASS software, however.
    
    Seems the author likes to repeat the numbers of persons held in the
    database. There is another category which amounts to VIP's who get
    expedited treatment be they visiting sports competitors, heads of
    state and their staffs, or foreign political campaign donors, etc.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Sep 25 2003 - 04:41:19 PDT