[ISN] Border Computers Vulnerable to Attack

From: InfoSec News (alerts@private)
Date: Thu Aug 09 2007 - 00:08:04 PDT


http://www.washingtonpost.com/wp-dyn/content/article/2007/08/02/AR2007080202260.html

By Spencer S. Hsu
Washington Post Staff Writer
August 3, 2007

The U.S. government's main border control system is plagued by computer 
security weaknesses, increasing the risk of computer attacks, data 
thefts, and manipulation of millions of identity records including 
passport, visa and Social Security numbers and the world's largest 
fingerprint database, officials said.

U.S. officials have called the US-VISIT system a cornerstone of the 
nation's efforts to stop terrorists at the borders and stanch the flow 
of illegal immigrants. It automates the collection of fingerprints and 
digital photographs, and links border control officers to FBI, border 
enforcement, immigration and State Department watch lists and databases.

Congress has allocated $1.7 billion for the system since 2002. But in a 
congressional report to be released today and obtained by The Washington 
Post, Homeland Security officials said that many vulnerabilities exist 
throughout the network and the computer stations used at 400 airports, 
seaports and land crossings. These vulnerabilities could, in turn, 
spread the risk of cyber-attacks or data losses to some of the 
government's most sensitive security databases, the officials said.

"Weaknesses existed in all control areas and computing device types 
reviewed," the Government Accountability Office reported. It called on 
DHS to "immediately address" problems to avert potentially crippling 
disruptions or the misidentification of drug smugglers, terrorists and 
felons trying to enter the country.

"These weaknesses collectively increase the risk that unauthorized 
individuals could read, copy, delete, add, and modify sensitive 
information," investigators said.

In a statement, Joseph I. Lieberman (I-Conn.), chairman of the Senate 
Homeland Security Committee, said the computer vulnerabilities may make 
Americans less secure, not more. "DHS is spending $1.7 billion of 
taxpayer money on a program to detect potential terrorists crossing our 
borders," he said, "yet it isn't taking the most basic precautions to 
keep them from hacking into and changing or deleting sensitive 
information."

The report raises the latest red flag over the Bush administration's 
efforts to secure the borders, already heavily criticized by Congress 
and conservative critics. It also adds to a growing list of warnings 
about the vulnerability of key government computer networks.

In May, the Transportation Security Administration reported the loss of 
a hard drive loaded with personal payroll information on 100,000 
workers, including federal air marshals. A computer virus halted 
processing of international travelers at U.S. airports for several hours 
in August 2005. And a computer failure in December knocked out for two 
hours the national computer network used at all 400 customs sites.

U.S. authorities expressed concern over a dramatic increase in computer 
attacks and warned that they could become more destructive as hackers 
grow more sophisticated, pointing to a rise in incidents aimed at 
Pentagon information systems.

US-VISIT Director Robert A. Mocny acknowledged concerns but said that 
security fixes are underway and that the report raised many hypothetical 
problems and overstated others, because few outsiders can gain access to 
the system's computers.

"There have been no attacks on the US-VISIT system," Mocny said. Still, 
he conceded increased risks as sensitive databases are added. "When you 
connect more systems, which [DHS] wants to do, you do have the risk of 
the 'weakest link,' " he said.

US-VISIT has compiled digital facial images and fingerprints of 90 
million individuals and is used to vet 54 million border crossings each 
year. But Marc Rotenberg, executive director of the Electronic Privacy 
Information Center, said the government has not taken adequate steps to 
safeguard the privacy of millions of people whose citizenship, 
immigration, law enforcement and national security records are used in 
the customs checks.

Staff researcher Madonna Lebling contributed to this report.


____________________________________
Visit the InfoSec News book store!
http://www.shopinfosecnews.org



This archive was generated by hypermail 2.1.3 : Thu Aug 09 2007 - 00:24:21 PDT