Slashdot Mirror

← Back to Stories (view on slashdot.org)

800 Break-ins at Dept. of Homeland Security

Posted by CmdrTaco on from the well-i-feel-safer-already dept.

WrongSizeGlass writes "Yahoo is reporting about the computer security nightmare going on at the Department of Homeland Security. Senior DHS officials admitted to Congress that over a two year period there were 800 hacker break-ins, virus outbreaks and in one instance, hacker tools for stealing passwords and other files were found on two internal Homeland Security computer systems. I guess it's true what they say ... a mechanic's car is always the last to get fixed."

17 of 276 comments (clear)

  1. I'll only say... by damn_registrars · · Score: 5, Insightful
    That ending line is far too kind.

    "a mechanic's car is always the last to get fixed" Assumes that the DHS is somehow competent to fix anything at all.
    --
    Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
    1. Re:I'll only say... by Intron · · Score: 5, Insightful

      Never mind competent. What exactly do they do? I can understand the purpose of the FBI, CIA, NSA, Treasury, FDA, FAA and SEC in law enforcement. What does DHS do that isn't covered already? The only thing I can find is publishing the threat level (currently Yellow = Run and Hide, except the airline industry is at Orange = Don't Bring Juice). Does anyone pay attention to that?

      Do we really need a whole beurocracy to make the various departments share information and cooperate with each other? Aren't they run by grownups?

      --
      Intron: the portion of DNA which expresses nothing useful.
    2. Re:I'll only say... by statusbar · · Score: 4, Insightful

      Homeland Security = Homeland Insecurity

      What they DO is they bring insecurity to every sector of government and society that they touch, in the name of "Security"

      It is all about optics... It doesn't matter that their computers are insecure... obviously the problem is that the fact that their computers are insecure should be a top-secret fact. It is not something that they feel needs to be fixed. They are only there for the illusion.

      --jeffk++

      --
      ipv6 is my vpn
    3. Re:I'll only say... by hachete · · Score: 4, Insightful

      At times of great political crisis for the Republican Party, the threat level goes up.

      Troll or humour, I don't know meself.

      --
      Patriotism is a virtue of the vicious
  2. Big assumption by Tony · · Score: 5, Insightful

    I guess it's true what they say ... a mechanic's car is always the last to get fixed.

    That's very true.

    Especially when the mechanic is incompetent, and more interested in throwing around political weight than actually trying to accomplish anything useful.

    --
    Microsoft is to software what Budweiser is to beer.
    1. Re:Big assumption by misanthrope101 · · Score: 3, Insightful

      Not only that, but the car would be made of incompatible parts that the auto makers coughed up when they were directed to hand over parts to a competing agency--i.e. the parts that the company found least useful and valuable. There aren't many bosses who, when told to give up people, wouldn't use it as an excuse to jettison all the incompetents, whiners, bullies, and troublemakers they couldn't manage to fire earlier. So the DHS is comprised of rejects, and has no discernable mission, and has to deal with bureaucratic infighting.

  3. One thing is for sure. by AltGrendel · · Score: 5, Insightful

    The people that are smart enough to really do this IT stuff properly for the DHS are smart enough to earn more money elsewhere.

    --
    The simple truth is that interstellar distances will not fit into the human imagination

    - Douglas Adams

    1. Re:One thing is for sure. by Guppy06 · · Score: 4, Insightful

      "The people that are smart enough to really do this IT stuff properly for the DHS are smart enough to earn more money elsewhere."

      And even if the pay was the same, there's still the many months and ungodly amount of paperwork involved in trying to get a government job. Are you going to go for the offering that's available next month or next year?

    2. Re:One thing is for sure. by jofny · · Score: 4, Insightful

      And lo! Slashdot accidentally discovers the reason for the lucrative concept of "government contracting". Of course the government cant compete with pay - they also cant hire or fire in any reasonable manner, so most of the staff consists of long term contractors...which partially negates the "blame X on government employee salaries" habit in a lot of these conversations.

  4. 800 is a lot compared to who? by jofny · · Score: 5, Insightful

    Point 1: Considering the complete inability of standard technical solutions to security problems to prevent a significant number of attacks/infections from being successful, this is not like the mechanics car getting fixed last. It's called "the security industry and standard methodologies continue their long history of consistent failure at organizations, both public and private"

    Point 2: Those numbers are a completely meaningless abstraction without tying them back to type of attack, actual damage, importance of the data on those systems or their roles in launching further attacks, what kind of infections occurred and their damage potential, and finally what those numbers look like compared to other orgs of the same size.

    Point 3: Homeland Security is comprised of multiple mostly-independant sub orgs (like Coast Guard, TSA, etc)....so..saying DHS had so many attacks is misleading without clarification

    Point 4: Not saying theyre not making mistakes, just that those "facts" dont tell you either way what the actual state of things is.

  5. Out of Context by WarpSnotTheDark · · Score: 3, Insightful

    Look at any government agency or corporate IT infrastructure - 800 break-ins is not a big number. I have been conducting information security analyses for many years for corporate networks and government entities and 800 is not a high figure. What you have to find out before considering this a valid story is; was integrity, confidentiality or availability of their infrastructure effected by these break-ins or was it just dorks poking their nose through the DMZ to see what they could find.

  6. Re:When you are a primary target by Critical+Facilities · · Score: 3, Insightful

    Most other businesses might not even survive the onslaught faced by the DHS and other government sites.
    I agree with you that DHS is a "juicier" target than some businesses, I'm willing to bet that the attacks (and the frequency of them) against Bank of America, Citibank, Equifax, etc, are just as bad if not worse.
  7. My brief experience in DHS by erroneus · · Score: 3, Insightful

    This is no exaggeration. As with virtually any other government employment, the DHS is filled with people who just want titles and a paycheck. Most morons know how to install windows and office and a few of those can even install a server and exchange email. Whether they know anything useful or not, they don't really care about doing more than the bare minimum to keep their paychecks flowing. I blame the way government pays and oversees people for this. There is not much in the way of pay or advancement by merit in government employ. Everyone's too afraid of descrimination suits and the like. So the only measured basis one can use safely is time in service really. Other than that, the culture is to keep your head down and do the bare minimum.

    And if you think the creation of DHS was a carefully planned and well-thought-out move, I think the historical evidence speaks to the contrary.

    The only solution is for detailed requirements for security and data handling. It would be more effective than not having any... they really don't have much in place now. How secure can they be with Microsoft everything running their offices?

  8. Re:This was predicted by Timesprout · · Score: 3, Insightful

    Never mind predicted, this is desirable for the DHS, it's further 'proof' there are bazillions of terrorists out there hell bent on destroying the US.

    --
    Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
    What truth?
    There is no dupe
  9. Re:Homeland Security != Information Security by eln · · Score: 5, Insightful

    DHS was created in response to the 9/11 attacks as a purely political move to make it look like we were serious about fighting terrorism. It created a huge bureaucracy, gave it an impossibly broad mandate, and made it more difficult for existing agencies (that were moved under DHS because they were at least tangentially related to protecting the country against various things) to do their jobs. As a result, the government is far less capable of intelligently defending against attack than it was before. It is only capable of wildly overreacting to perceived threats (like someone slipping through airport security with 4 ounces of hand soap rather than the mandated maximum of 3), again so it can appear as if it is on top of things.

    DHS was a bad idea that was implemented poorly out of a panicked need to do *something* following the attacks.

  10. My computer is always the FIRST to get fixed. by khasim · · Score: 5, Insightful

    Gotta agree with that. If they were competent, they'd have their own house in order.

    Just as anyone here who's competent with a computer has their systems up-to-date and tuned.

  11. FUD Article by Evil+W1zard · · Score: 4, Insightful

    Ok so here is the deal. DHS' network is a mesh of multiple other networks that were already in existence. This is problematic in itself as it involves a heavy amount of integration and also borders upon borders of perimeter security (each disparate agency is part of the whole but may have its own controlled interfaces for some level of separation...

    Now lets go to the article. To the laymen you say 800 compromises and they go into "WOW THAT IS SO BAD" mode, but seriously come on. The compromises are mostly workstations. Now that doesn't mean they get a free pass, but its not like they have had their core servers owned by foreign states... What they should be doing is not only scanning apps, DBs, and servers and patching/hardening them appropriately, but also client-side firewalling, config control of workstations, baseline security mechanisms for remote users, centralized virus/vulnerability patching... This article does not surprise me what-so-ever and it really is not an indication that DHS security is horrible. Its not the best, but 800 is not that bad.

    --
    News Reporters Make Tasty Polar Bear Treats!