Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

800 Break-ins at Dept. of Homeland Security

CmdrTaco posted more than 7 years ago | from the well-i-feel-safer-already dept.

Security 276

WrongSizeGlass writes "Yahoo is reporting about the computer security nightmare going on at the Department of Homeland Security. Senior DHS officials admitted to Congress that over a two year period there were 800 hacker break-ins, virus outbreaks and in one instance, hacker tools for stealing passwords and other files were found on two internal Homeland Security computer systems. I guess it's true what they say ... a mechanic's car is always the last to get fixed."

cancel ×

276 comments

I'll only say... (5, Insightful)

damn_registrars (1103043) | more than 7 years ago | (#19579537)

That ending line is far too kind.

"a mechanic's car is always the last to get fixed"
Assumes that the DHS is somehow competent to fix anything at all.

Re:I'll only say... (0, Redundant)

Anonymous Coward | more than 7 years ago | (#19579727)

"a mechanic's car is always the last to get fixed"
Yes, but at least a mechanic's car gets fixed. That is much better than never changing the oil and sending it to the dump after a couple of years.

My computer is always the FIRST to get fixed. (5, Insightful)

khasim (1285) | more than 7 years ago | (#19580553)

Gotta agree with that. If they were competent, they'd have their own house in order.

Just as anyone here who's competent with a computer has their systems up-to-date and tuned.

Re:I'll only say... (1, Insightful)

Otter (3800) | more than 7 years ago | (#19580585)

Assumes that the DHS is somehow competent to fix anything at all.

Another day, another round of Slashbots turning a complete inability to read into an opportunity to hold forth on how much smarter they are than the people in the story they're unable to read correctly.

The department of "homeland security" (4, Interesting)

danpsmith (922127) | more than 7 years ago | (#19580619)

I think the reason that people see any irony at all in these type of stories is the fact that they actually expect that the government is as good as its hyperreal image [wikipedia.org] . Of course government agencies aren't infallible, but to suggest this is to deny this hyperreal, overemphasized "we're efficient, intelligent and we know things about you you don't even know" public persona. Without a sufficient belief in the agencies like the CIA and the FBI, and the belief that they are actually more informed than the masses and that the government is more in the know than anyone is aware (unless they are in the government), people would want to know where all this security spending is going (which is a problem for anyone). The government is an inept, massive body of people that is unable to act upon information quickly due to its many layers of bureaucratic bullshit and the legality of everything. The only solution to this problem is to eliminate some of the bureaucracy (firing people, which, of course, can't be done), or to eliminate the red tape (legislation, which, if you eliminate too much becomes a Bush-like grab for power), neither of which will ever be done due to the nature of the politicians in charge. So the federal government, no matter what the politicians say will continue to grow as a monolithic, insecure and ineffective beast while feeding you the image of a secure, fast, intelligent and best of class organization and terrorists with their small but efficient plans will continue to find gaping holes in the system. And that's why irony in this case can be saved for the naive and the uninformed, the rest of us see things like this coming a mile away.

Re:I'll only say... (5, Insightful)

Intron (870560) | more than 7 years ago | (#19580703)

Never mind competent. What exactly do they do? I can understand the purpose of the FBI, CIA, NSA, Treasury, FDA, FAA and SEC in law enforcement. What does DHS do that isn't covered already? The only thing I can find is publishing the threat level (currently Yellow = Run and Hide, except the airline industry is at Orange = Don't Bring Juice). Does anyone pay attention to that?

Do we really need a whole beurocracy to make the various departments share information and cooperate with each other? Aren't they run by grownups?

Re:I'll only say... (4, Insightful)

statusbar (314703) | more than 7 years ago | (#19580953)

Homeland Security = Homeland Insecurity

What they DO is they bring insecurity to every sector of government and society that they touch, in the name of "Security"

It is all about optics... It doesn't matter that their computers are insecure... obviously the problem is that the fact that their computers are insecure should be a top-secret fact. It is not something that they feel needs to be fixed. They are only there for the illusion.

--jeffk++

Big assumption (5, Insightful)

Tony (765) | more than 7 years ago | (#19579557)

I guess it's true what they say ... a mechanic's car is always the last to get fixed.

That's very true.

Especially when the mechanic is incompetent, and more interested in throwing around political weight than actually trying to accomplish anything useful.

Re:Big assumption (3, Informative)

TubeSteak (669689) | more than 7 years ago | (#19580875)

Especially when the mechanic is incompetent, more interested in throwing around political weight than actually trying to accomplish anything useful.
You show me a mechanic who has to deal with multiple bureaucracies to get things done & I'll show you a mechanic who has to build up and throw around 'political' influence in order to get results.

If the Dept of Homeland Security was a car, it'd have incompatible parts from every car manufactured over the last hundred years.

What's with the car analogies anyways?
They usually suck.

Homeland Security != Information Security (2, Insightful)

EveryNickIsTaken (1054794) | more than 7 years ago | (#19579609)

I guess it's true what they say ... a mechanic's car is always the last to get fixed.
Since this analogy isn't applicable in this case, maybe you're confused (?)... DHS was created in response to the 9/11 attacks, and responds to potential terrorist threats and attacks on US soil. They're not a group of IT guys or white hats.

Re:Homeland Security != Information Security (3, Funny)

damn_registrars (1103043) | more than 7 years ago | (#19579629)

Apparently cyber-terrorism isn't important then?

Re:Homeland Security != Information Security (3, Funny)

EveryNickIsTaken (1054794) | more than 7 years ago | (#19579695)

No, it's not. Cyber-terrorism is a buzzword made up by idiots.

Re:Homeland Security != Information Security (5, Funny)

mcpkaaos (449561) | more than 7 years ago | (#19579809)

Kinda like "War on Terror"?

Re:Homeland Security != Information Security (1)

EveryNickIsTaken (1054794) | more than 7 years ago | (#19579835)

Exactamundo!

Re:Homeland Security != Information Security (1)

Vo1t (1079521) | more than 7 years ago | (#19580819)

Possible misspelling. Should be: "War or Terror".

Re:Homeland Security != Information Security (1)

davespice (686605) | more than 7 years ago | (#19579979)

Cyber-(anything) is a buzzword made up by idiots.

Re:Homeland Security != Information Security (2, Funny)

Anonymous Coward | more than 7 years ago | (#19580057)

I believe you are trying to say it is a cyber-buzzword.

Re:Homeland Security != Information Security (0)

Anonymous Coward | more than 7 years ago | (#19580699)

What about cyber-sex? I'm sure good portion of /. users lost their virginity that way. Now we'll all have to go back to being virgins wanking on our keyboards.

Re:Homeland Security != Information Security (1)

BlueTrin (683373) | more than 7 years ago | (#19580081)

I would tend to agree with you but this case [nytimes.com] could be considered as cyber-terrorism, isn't it ?

Re:Homeland Security != Information Security (1)

Raul654 (453029) | more than 7 years ago | (#19580283)

I would call it Cyber-warfare, not cyber-terrorism. Granted, terrorism is probably the hardest word in English to define. Wikipedia has an entire entry [wikipedia.org] on the word's definition. Note, though, the entry says: 'Terrorism expert Walter Laqueur in 1999 also has counted over 100 definitions and concludes that the "only general characteristic generally agreed upon is that terrorism involves violence and the threat of violence"' Attacking the computer infrastructure isn't an act of violence.

Re:Homeland Security != Information Security (2, Insightful)

TheRaven64 (641858) | more than 7 years ago | (#19580507)

Cyber-terrorism has the potential to be a much more effective method of terrorism than violence. Just before Christmas, the airports in London were closed. A lot of people had to sleep in (cold) airports, and many didn't make it home to spend Christmas with their families.

In absolute terms, this didn't have the same impact as killing a load of people; no one actually died to my knowledge. For the people involved, however, it was far more personal that some people they'd never met being blown up, and a lot more people were affected than in most terrorist actions.

A similar effect could be had by infecting the air traffic control computers, for example, or even the airlines booking computers (imagine if they were hacked to allow every seat to be booked twice...).

There's a great bit in Good Omens where a group of demons are recounting their day's work, and none of the old crowd can understand why tying up the London mobile phone networks for a couple of hours over lunch is evil. Just because no one dies, doesn't mean that there isn't real damage. It's also much easier for people who aren't directly affected to sympathise with terrorists who don't kill anyone than with ones that do.

Re:Homeland Security != Information Security (4, Informative)

Johnny Mnemonic (176043) | more than 7 years ago | (#19579771)

Part of their mandate and jurisdiction is Information Security; they are charged with protecting the computing infrastructure of the country.

Re:Homeland Security != Information Security (5, Funny)

Farmer Tim (530755) | more than 7 years ago | (#19580097)

they are charged with protecting the computing infrastructure of the country.

What's Chinese for "pwned"?

Re:Homeland Security != Information Security (4, Funny)

_Sprocket_ (42527) | more than 7 years ago | (#19580937)

What's Chinese for "pwned"?


Outsourced.

Re:Homeland Security != Information Security (1)

HungSoLow (809760) | more than 7 years ago | (#19580977)

(simplified)
(traditional)

http://babelfish.altavista.com/tr [altavista.com]

The characters will only show up if you have support for them.

Re:Homeland Security != Information Security (1)

Mockylock (1087585) | more than 7 years ago | (#19580299)

As much as we'd like to think that, from what it seems, they probably don't have much say in anything. The position is more about popularity and showing that we do have a DHS department, even if it doesn't show much momentum.

I have yet to see anything useful come out of DHS than political banter.

Re:Homeland Security != Information Security (2, Funny)

morgan_greywolf (835522) | more than 7 years ago | (#19580371)

Part of their mandate and jurisdiction is Information Security; they are charged with protecting the computing infrastructure of the country.


I heard they were farming that out to Microsoft India... ;)

Re:Homeland Security != Information Security (3, Funny)

The Angry Mick (632931) | more than 7 years ago | (#19580029)

They're not a group of IT guys or white hats.

Thank you for that clarification. I feel so much better now knowing that the department in charge of protecting the U.S. from terrorists has no technical skills.

Re:Homeland Security != Information Security (1)

Applekid (993327) | more than 7 years ago | (#19580383)

"They're not a group of IT guys or white hats."

Would you support another breaucracy to take care of electronic threats? If not, who better to carry that flag?

Perhaps what IT should be asking is if they're hiring because there clearly is a need there for qualified individuals.

Re:Homeland Security != Information Security (2, Funny)

EveryNickIsTaken (1054794) | more than 7 years ago | (#19580413)

Would you support another breaucracy to take care of electronic threats?
Perhaps the EPA - I'd imagine even those tree-huggers could do a better job of securing networks than the clowns in the DHS.

Re:Homeland Security != Information Security (5, Insightful)

eln (21727) | more than 7 years ago | (#19580451)

DHS was created in response to the 9/11 attacks as a purely political move to make it look like we were serious about fighting terrorism. It created a huge bureaucracy, gave it an impossibly broad mandate, and made it more difficult for existing agencies (that were moved under DHS because they were at least tangentially related to protecting the country against various things) to do their jobs. As a result, the government is far less capable of intelligently defending against attack than it was before. It is only capable of wildly overreacting to perceived threats (like someone slipping through airport security with 4 ounces of hand soap rather than the mandated maximum of 3), again so it can appear as if it is on top of things.

DHS was a bad idea that was implemented poorly out of a panicked need to do *something* following the attacks.

Re:Homeland Security != Information Security (1)

teh_chrizzle (963897) | more than 7 years ago | (#19580505)

DHS was created in response to the 9/11 attacks, and responds to potential terrorist threats and attacks on US soil. They're not a group of IT guys or white hats.

exactly. since terrorists only target mosques, open air markets, train stations, and airplanes, clearly information security is someone else's job. i nominate the NSA since they do so much to protect our rights and liberties.

it's not like all that sensitive private information that they keep on citizens and badguys alike could be mis-appropriated in some way anyhow. if a list of all the people they have under surveillance were to leak, i am sure no ill would come of it.

our economy is based on manufactured goods like cars and electronics, not information and intellectual property, so there is no need to protect information or the infrastructure that enables the exchange of it in any fashion.

besides, it's not like we are slowly trading privacy and freedom for the illusion of security. if we were, this incident would have very serious PR implications.

you know, the more i think about it, the more i believe that "homeland security" is a misnomer. perhaps "ministry of truth" or "ministry of love" might be more applicable. that way we citizens are not distracted by these minor incidents and can go back to watching american idol.

Re:Homeland Security != Information Security (-1, Troll)

EveryNickIsTaken (1054794) | more than 7 years ago | (#19580579)

Since you capitalized both NSA and PR, I'm assuming you know where the shift or Caps Lock keys are, so here's a pointer: In English, the first letter of the first word of a sentence gets capitalized. Bravo.

One thing is for sure. (5, Insightful)

AltGrendel (175092) | more than 7 years ago | (#19579617)

The people that are smart enough to really do this IT stuff properly for the DHS are smart enough to earn more money elsewhere.

Re:One thing is for sure. (4, Insightful)

Guppy06 (410832) | more than 7 years ago | (#19579975)

"The people that are smart enough to really do this IT stuff properly for the DHS are smart enough to earn more money elsewhere."

And even if the pay was the same, there's still the many months and ungodly amount of paperwork involved in trying to get a government job. Are you going to go for the offering that's available next month or next year?

Re:One thing is for sure. (3, Interesting)

jimicus (737525) | more than 7 years ago | (#19580425)

Further, the people who are likely to be seriously interested in infiltrating the DHS are quite able to find and finance someone with the capability to do so.

Thank god we fixed a 40 billion dollar bureaucracy (5, Funny)

Anonymous Coward | more than 7 years ago | (#19579631)

...that failed to deliver when it came to 9/11 warnings by layering on a new bureaucracy on top of the failed bureaucracy.

Clearly what we need is a new Dept. of Homeland Security Security.

Re:Thank god we fixed a 40 billion dollar bureaucr (2, Interesting)

jimicus (737525) | more than 7 years ago | (#19580473)

Let's be honest, that's about all governments ever do. When was the last time you heard of a government organisation made more effective by simplifying things?

Its more than just simplification (1, Insightful)

Anonymous Coward | more than 7 years ago | (#19580643)

You get accountability by rewarding incompetence with unemployment.

Other than Rumsfeld and a couple of low-level stooges from Abu Griab, no one seems to have been fired.

We reward incompetence with bigger budgets which breeds more incompetence.

We realize that bureaucracy is inefficient. (1)

Mr. Arbusto (300950) | more than 7 years ago | (#19580571)

Our plan to fix this bureaucracy is to make room and add more bureaucracy.

800 is a lot compared to who? (5, Insightful)

jofny (540291) | more than 7 years ago | (#19579637)

Point 1: Considering the complete inability of standard technical solutions to security problems to prevent a significant number of attacks/infections from being successful, this is not like the mechanics car getting fixed last. It's called "the security industry and standard methodologies continue their long history of consistent failure at organizations, both public and private"

Point 2: Those numbers are a completely meaningless abstraction without tying them back to type of attack, actual damage, importance of the data on those systems or their roles in launching further attacks, what kind of infections occurred and their damage potential, and finally what those numbers look like compared to other orgs of the same size.

Point 3: Homeland Security is comprised of multiple mostly-independant sub orgs (like Coast Guard, TSA, etc)....so..saying DHS had so many attacks is misleading without clarification

Point 4: Not saying theyre not making mistakes, just that those "facts" dont tell you either way what the actual state of things is.

Re:800 is a lot compared to who? (1)

Seventh Magpie (826312) | more than 7 years ago | (#19580275)

amen. you hit it perfect.

When you are a primary target (3, Interesting)

Ngarrang (1023425) | more than 7 years ago | (#19579657)

When you are a primary target like the DHS, I would imagine that the attacks they face are probably harder and longer than most possible victims. I would be interested to know how many hack attempts failed to see what kind of success rate such a high profile agency has. No security is perfect.

""What the department is doing on its own networks speaks so loudly that the message is not getting across," Thompson said."

Meh, whatever. This seems to me to dismiss the high profile nature of the DHS. Most other businesses might not even survive the onslaught faced by the DHS and other government sites.

Could they do more? Sure. There is ALWAYS more that can be done from the user level up to systems and network admin.

"All the problems involved the department's unclassified computer networks..."

That is good to know.

Re:When you are a primary target (3, Insightful)

Critical Facilities (850111) | more than 7 years ago | (#19579783)

Most other businesses might not even survive the onslaught faced by the DHS and other government sites.

I agree with you that DHS is a "juicier" target than some businesses, I'm willing to bet that the attacks (and the frequency of them) against Bank of America, [bankofamerica.com] Citibank, [citibank.com] Equifax, [equifax.com] etc, are just as bad if not worse.

Re:When you are a primary target (4, Funny)

darthnoodles (831210) | more than 7 years ago | (#19579869)

harder and longer

This post failed to pass my spam checker.

Re:When you are a primary target (1)

Red Flayer (890720) | more than 7 years ago | (#19580485)

Caveat:

"All the problems involved the department's unclassified computer networks..."
That is good to know.
Problems that occurred on classified networks are classified, and would not have been released to the public.

Just sayin'... I wouldn't want anyone to have a false sense of security, or a false sense of DHS competence when dealing with classified information.

Re:When you are a primary target (2, Interesting)

jimicus (737525) | more than 7 years ago | (#19580535)

I think you've made a very good point there.

The DHS could guarantee that all computer-based attacks would be fruitless overnight. They'd just have to get rid of all their computers and resort to pocket calculators, slide rules and abacuses.

Unfortunately, that's about the only way to provide a 100% cast-iron guarantee that there's no way in hell the computer systems will be hacked.

Even if you did take such an extreme measure, the result would be that anyone that interested in getting information about what the DHS is doing would plant a few individuals in there.

Re:When you are a primary target (1)

kennylogins (1092227) | more than 7 years ago | (#19580843)

'"All the problems involved the department's unclassified computer networks..." That is good to know.' That's because the other breaches are classified.

This was predicted (3, Interesting)

Johnny Mnemonic (176043) | more than 7 years ago | (#19579701)


even by Slashdot pundits, when we learned of the huge Dell and Microsoft contracts that were being awarded by the DHS.

Those who wanted the DHS to be a braintrust of security were sorely disappointed, and indeed we can see that it is nothing more than another bureaucracy more interested in distributing taxpayer funds to corporate friends than really doing anything for the health and welfare of the nation.

This is how Rome fell.

Re:This was predicted (3, Insightful)

Timesprout (579035) | more than 7 years ago | (#19580059)

Never mind predicted, this is desirable for the DHS, it's further 'proof' there are bazillions of terrorists out there hell bent on destroying the US.

Re:This was predicted (0)

Anonymous Coward | more than 7 years ago | (#19580349)

Debate tactics of the retarded:

Step 1- Mention some pet cause or personal preference
Step 2- Make general statements without anything to back them up
Step 3- Try to relate it to the fall of Rome

Well, it makes sense (5, Informative)

WindBourne (631190) | more than 7 years ago | (#19579709)

DHS was started by a number of folks from the marines (I worked for one). They were ALL windows believers ( but the ones that I knew were very so-so in the tech work). They were adamant about not being like NSA in spite of the fact that NSA has 2 missions; 1) obtain any info that they can on others 2) secure our boxes. NSA has a LARGE number of mathematicians as well as computer geeks. And windows is only allowed in none secured arenas or have their network capability severed at a hardware level (i.e. no nic or usb). If DHS had been ran by professionals and not politicians from the military (ALL of the tops one were W.s, Cheney's and esp. Rumsfeld's friend), then they would not have had the break-ins.

Re:Well, it makes sense (1)

kismet666 (653742) | more than 7 years ago | (#19581007)

How do you know this stuff about these classified networks? I happen to know otherwise WRT what network OSes they use on their classified networks.

If you want to..... (1, Insightful)

budword (680846) | more than 7 years ago | (#19579717)

keep the USA safe from soccer Moms with sippy cups full of water, homeland security and TSA are competent. Anything more complex, and they are all butterfingers. Even the name "Homeland Security" freaks me out, not because they have extraordinary powers that threaten me, but because the name reminds me of something out of 1984 type double speak, sort of a Stalin-esk soviet type of pun. I suspect Homeland Security is much more likely to be applied against citizens of the homeland than it is likely to be applied against any enemy of America.

Indeed. We've been played. (1)

FatSean (18753) | more than 7 years ago | (#19579777)

Gave up rights and privledges in the name of 'security', and a mall rent-a-cop could probably secure those systems and charge less to boot.

But as long as the simple folk are still scared by the turrist boogeyman, gays getting married, and corporations hiring illegal immigrants and out-sourcing works in order to meet the demand for cheap goods from those simple folk...this is the future of the USA.

Re:Indeed. We've been played. (1)

DeepHurtn! (773713) | more than 7 years ago | (#19580787)

It looks to me like the illegal immigrant "debate" focuses very little on the corporate complicity that runs the whole thing -- mostly it's just "Learn English!" and complaints about the use of social services. It would be uncomfortable for Bush and other elites if *too* much attention was paid to how much large corporations benefit from how things are going now.

And btw, regarding your sig: there's nothing new about that aspect of US foreign policy! It's been like that for the entirety of the post-War (WWII, that is) era.

Re:If you want to..... (1)

DakotaSmith (937647) | more than 7 years ago | (#19580727)

Even the name "Homeland Security" freaks me out, not because they have extraordinary powers that threaten me, but because the name reminds me of something out of 1984 type double speak, sort of a Stalin-esk soviet type of pun.

Keep in mind that the English translation of "KGB" is "Committee for State Security". Allowing for idiomatic and cultural translations, the DHS is the American KGB. In point of fact, I've been referring to it as "the American KGB" since it was instituted.

Fortunately for all of us, enough of a free market still exists in the US to drive talented people into the private sector, leaving only the dregs who can't earn a living any other way than forcing taxpayers to cough up money to work for the government. This ensures that no matter how it tries, government programs can only be utterly incompetent.

The last thing we need, after all, is an American KGB that is as competent as its Soviet counterpart

1-800-Break-Ins (3, Funny)

OzPeter (195038) | more than 7 years ago | (#19579719)

That was how I read the summary and it made me think - Dang the Dept of Homeland Security is so (dis)organised that you can phone in break in requests to their systems

Re:1-800-Break-Ins (0)

danpsmith (922127) | more than 7 years ago | (#19580187)

That was how I read the summary and it made me think - Dang the Dept of Homeland Security is so (dis)organised that you can phone in break in requests to their systems

...and so stupid they think there's 8 digits after 1-800

Out of Context (4, Insightful)

WarpSnotTheDark (997032) | more than 7 years ago | (#19579733)

Look at any government agency or corporate IT infrastructure - 800 break-ins is not a big number. I have been conducting information security analyses for many years for corporate networks and government entities and 800 is not a high figure. What you have to find out before considering this a valid story is; was integrity, confidentiality or availability of their infrastructure effected by these break-ins or was it just dorks poking their nose through the DMZ to see what they could find.

Re:Out of Context (2, Insightful)

scatters (864681) | more than 7 years ago | (#19579973)

The problem is that 800 is the number they know about. What's the real number?

Re:Out of Context (2, Insightful)

jofny (540291) | more than 7 years ago | (#19580137)

Considering the fact that there IS monitoring going on, Id say the 800 figure is probably much closer to the "truth" than a lot of other organizations' numbers who DONT monitor. Exchange often attributed to an anonymous officer at DoD: "My systems have never been broken into!" "How do you know, have you looked?" -Silence-

On the good side... (1)

Billosaur (927319) | more than 7 years ago | (#19579741)

No lost laptops... yet.

Re:On the good side... (2, Informative)

Reverend528 (585549) | more than 7 years ago | (#19579859)

In other cases, computer workstations in the Coast Guard and the Transportation Security Administration were infected with malicious software detected trying to communicate with outsiders; laptops were discovered missing; and agency Web sites suffered break-ins.
I'll admit that "discovered missing" was probably a poor choice of words, but the article pretty clearly states that there were lost laptops.

Re:On the good side... (2, Informative)

gethoht (757871) | more than 7 years ago | (#19579929)

They haven't lost a laptop that we know about, but how about a hard drive with thousands of SSN#'s on it?

http://www.toptechnews.com/story.xhtml?story_id=03 3003P6Z4B6 [toptechnews.com]

"The agency said it did not know whether the device is still within headquarters or was stolen."

I guess it's true what they say... (0, Troll)

Anonymous Coward | more than 7 years ago | (#19579743)

a mechanic's car is always the last to get fixed.

What do they say about the vehicles of back-water, trailer park baptist Gestapo?

They're sitting idle... (1)

FatSean (18753) | more than 7 years ago | (#19579861)

...as feeding 4 children in today's economy means they cannot afford fuel?

Re:I guess it's true what they say... (-1, Troll)

Miseph (979059) | more than 7 years ago | (#19579879)

That jacking up your Ford 350 with beefier suspension, a gun rack and a big confederate flag in the bed doesn't make you classy. Well, at least that's what I say about the Bush family.

Ha! (4, Interesting)

Anonymous Coward | more than 7 years ago | (#19579759)

That's nothing. A password cracker is included in the OS load of every server here. Our security auditing program uses it! Better yet, it would normally be detected by our antivirus program, but a guy here is paid to remove it's pattern from the vscan updates before they're sent out. When an unedited vscan pattern file manages to make it's way on to the machine somehow, it nukes the audit program. How's that for "administratively broken"?

Usual illiteracy... (2, Informative)

Otter (3800) | more than 7 years ago | (#19579761)

800 Break-ins at Dept. of Homeland Security

No, there were over 800 incidents ranging from a single (if I'm understanding correctly) break-in to other problems from malware and less.

By the way, seven comments already and not one anguished wail from a 14-year-old pretending to be a grizzled veteran upset about the changing meaning of "hacker"? Get a move on, guys!

Networking (2, Interesting)

G1369311007 (719689) | more than 7 years ago | (#19579853)

Why don't they just move the whole operation to a classified network behind NSA Type I devices? So what if they can't surf the internet. At least they'd get work done without having to worry about people going to doublewidefantasies.com and picking up some malware.p

Just Out of Curiosity (1)

LifesABeach (234436) | more than 7 years ago | (#19579817)

Just a thought; But what was the Operating System of Choice for those poor unfortunate Department of Homeland Security Victims?

"Slowly, one by one, the Penguins steal my sanity" - Unknown

the Operating System of Choice (1)

rs232 (849320) | more than 7 years ago | (#19580317)

"Just a thought; But what was the Operating System of Choice for those poor unfortunate Department of Homeland Security Victims?"

'The contract, awarded June 27, named Microsoft as the "primary technology provider [computerworld.com] " to the Department of Homeland Security, supplying desktop and server software critical for the agency'

"Microsoft Corp [gcn.com] . has hired another Homeland Security Department official for its team "

was: Re:Just Out of Curiosity

Break-ins at Homeland Security (2, Funny)

Rik Sweeney (471717) | more than 7 years ago | (#19579847)

Article needs the following tag:

Irony

The DoHS (0, Offtopic)

Black Parrot (19622) | more than 7 years ago | (#19579913)

is nothing but a politician's way of telling the public "We're doing something about it!" Actually working is a minor, secondary consideration, just like with the post-Katrina relief effort and the "surge" in Iraq.

Doing things right would invove raising taxes and/or redirecting money from pet pork projects, and putting experts in the decision-making roles rather than political hacks.

Security (1)

thetagger (1057066) | more than 7 years ago | (#19580001)

That goes to show that by putting "Security" as part of the department's name they actually painted a huge target on their own ass.

May I suggest going low-key next time. Information security should be handled by the Department of Fishing.

Another saying (1)

Gothmolly (148874) | more than 7 years ago | (#19580005)

The government is filled with douchebags.

I think more appropriate when discussing DHS.

Can you say "Honeypot"? (0)

Anonymous Coward | more than 7 years ago | (#19580051)

I knew you could!

I can't understand how some people don't comprehend the art of misdirection.

My brief experience in DHS (3, Insightful)

erroneus (253617) | more than 7 years ago | (#19580053)

This is no exaggeration. As with virtually any other government employment, the DHS is filled with people who just want titles and a paycheck. Most morons know how to install windows and office and a few of those can even install a server and exchange email. Whether they know anything useful or not, they don't really care about doing more than the bare minimum to keep their paychecks flowing. I blame the way government pays and oversees people for this. There is not much in the way of pay or advancement by merit in government employ. Everyone's too afraid of descrimination suits and the like. So the only measured basis one can use safely is time in service really. Other than that, the culture is to keep your head down and do the bare minimum.

And if you think the creation of DHS was a carefully planned and well-thought-out move, I think the historical evidence speaks to the contrary.

The only solution is for detailed requirements for security and data handling. It would be more effective than not having any... they really don't have much in place now. How secure can they be with Microsoft everything running their offices?

800 is that really high? (2, Insightful)

Seventh Magpie (826312) | more than 7 years ago | (#19580175)

800 includes virus infections as well. Lets see there are about 150,000 employees of DHS, so assumining there is at least 1 computer per employee, there must somewhere in the range of150,000 computers? Lets be conservative and say 100,000 computers. 800 incidents, that is less then 1%. Now take any other enterprise with that many computers, you IT guys tell me, is under 1% rate for computers without virus infections or intrusions a failure? Hell it isn't perfect, but it should be expected.

The bottom line is I dont care what kind of agency, business, enterprise, securing that many computers is impossible no matter what. You always have the human factor involved. Once you get 150,000 people thinking security (impossible to do) then you can be close to perfect..

Re:800 is that really high? (0)

Anonymous Coward | more than 7 years ago | (#19580435)

...is under 1% rate for computers without virus infections or intrusions a failure? Hell it isn't perfect, but it should be expected.

The bottom line is I dont care...
You would of course be unalarmed therefore if your bank annouced its future policy would be to keep only 99% of accounts secure.

Re:800 is that really high? (1)

Seventh Magpie (826312) | more than 7 years ago | (#19580677)

Considering how many bank accounts, credit card numbers, and personally identifiable information have already been compromised, I think 99% secure is more than we can hope for.

It is to be expected ... (2, Informative)

arthurpaliden (939626) | more than 7 years ago | (#19580177)

When the first question out of the DHS pruchasing agent after the demo is 'And the name of your Congressman is?'

Yes, this really happened, it is recorded in my lab book.

You know what else they say... (1)

McGregorMortis (536146) | more than 7 years ago | (#19580205)

"Those who can't do, teach."

Something Smells Here? (0)

Anonymous Coward | more than 7 years ago | (#19580237)

FTA

|...suffered more than 800 hacker break-ins, virus outbreaks and other computer security problems over two years...|

wonder if this includes spam?

|...In one instance, hacker tools for stealing passwords and other files were found on two internal Homeland Security computer systems...|

1 incident of hacking found. Ok then: 800 - 1 = 799 incidents (non hacking?)

|...All the problems involved the department's unclassified computer networks...|

hmmm. Isn't there some sort of prioritization of risk here, or is the being blown out of proportions? Must be an up coming budget request.

They have holes in their security... (5, Funny)

athloi (1075845) | more than 7 years ago | (#19580341)

...that you could fly a 747 through!

Oops, that was in bad taste.

you people don't get it (2, Insightful)

Lord Ender (156273) | more than 7 years ago | (#19580481)

Most companies' security strategies primarily rely on two things: patching and virus scanning.

Maybe break-ins are rare for you, and you think you are doing security really well. In reality, your success is based primarily on the fact that nobody good is targeting you. The people who discover flaws, write the exploits, and create the effective viruses do NOT target your pissant little company. They target governments and financial institutions.

Once the flaws and viruses are discovered by the primary targets, you get the luxury of updating your software and signature files before anyone gets around to target you.

DHS may have security a million times better than yours, but they are a primary target, so they get hit a billion times harder.

DHS was thrown together (1)

The Second Horseman (121958) | more than 7 years ago | (#19580543)

Knowing where the gaps occurred would actually be interesting. Were there particular pre-DHS agencies or offices that had systems do well or poorly? On the server/software side, if failures occurred, were the same people or the same part of the organization in charge of those systems, or had they been shuffled around inside DHS? If you've got your own responsibilities already, odds are you're only going to have enough time to keep an unfamiliar system working, not learn it inside and out. There was a lot of institutional chaos created along with DHS (post-DHS FEMA was obviously an example). And FEMA and DHS became a dumping ground for political appointees under Bush. (Clinton, apparently, tended to load them into the Department of Commerce and a few other places).

Deputy chief information officer had a fake degree (1, Interesting)

Anonymous Coward | more than 7 years ago | (#19580545)

In 2003 it was found out that that a PhD claimed by the Homeland Security Department's deputy chief information officer, Laura Callahan, was from Hamilton University of Wyoming, a known diploma mill.

wikipedia: "According to Department of Labor employees later interviewed by the media, Callahan had become increasingly difficult to work for, reacting in
a hostile way when questioned on her unusual decisions, and frequently belittling employees for not understanding the complex technological jargon she said she had acquired while studying for her doctorate." - sounds like a real asshole

No, it's *not* like a mechanic's car, it's like... (1)

BarnabyWilde (948425) | more than 7 years ago | (#19580557)

...clueless power-mad bureaucrats, who care not about your safety, but only for their precious pensions.

The central question (to them) about this incident is "Was anyone's pension endangered?"

Look like.... no.

tennessee office was bugged (0)

Anonymous Coward | more than 7 years ago | (#19580625)

I am not surprised, the shelby county tennessee homeland security office was bugged back in November. http://www.wmctv.com/Global/story.asp?s=5601452 [wmctv.com]

The largest, most bloated bureaucracy in history? (1)

noewun (591275) | more than 7 years ago | (#19580649)

Run by the most corrupt and incompetent administration in modern history has security problems with teh internets?

Really?

Talk about a non-story. I actually surprised the launch codes for our nukes, and the secret recipe for Coke, aren't on the front page of the DHS website, hightlighted with the flash tag.

Re:The largest, most bloated bureaucracy in histor (1)

0123456 (636235) | more than 7 years ago | (#19580783)

"I actually surprised the launch codes for our nukes, and the secret recipe for Coke, aren't on the front page of the DHS website, hightlighted with the flash tag."

In a typical example of government's excellent security policies, the launch codes apparently used to be all zeros until the mid 70s. I read an article about this a couple of years back, apparently they weren't changed until some military guys pointed it out to the right people in Congress and then managed to convince those politicians that, no, they weren't joking.

FUD Article (4, Insightful)

Evil W1zard (832703) | more than 7 years ago | (#19580689)

Ok so here is the deal. DHS' network is a mesh of multiple other networks that were already in existence. This is problematic in itself as it involves a heavy amount of integration and also borders upon borders of perimeter security (each disparate agency is part of the whole but may have its own controlled interfaces for some level of separation...

Now lets go to the article. To the laymen you say 800 compromises and they go into "WOW THAT IS SO BAD" mode, but seriously come on. The compromises are mostly workstations. Now that doesn't mean they get a free pass, but its not like they have had their core servers owned by foreign states... What they should be doing is not only scanning apps, DBs, and servers and patching/hardening them appropriately, but also client-side firewalling, config control of workstations, baseline security mechanisms for remote users, centralized virus/vulnerability patching... This article does not surprise me what-so-ever and it really is not an indication that DHS security is horrible. Its not the best, but 800 is not that bad.

What Does the DHS Do? (1)

segedunum (883035) | more than 7 years ago | (#19580749)

What does the Department of Homeland Security do now anyway? It doesn't seem to have very much to do other than looking over the shoulders of people at libraries to see if they're browsing porn, and then trying to arrest them until it's pointed out that they have no jurisdiction.

I mean, everyone is really keen to tell us how we're on the verge of IT meltdown, and terrorists are willing to meltdown the entire western economy through botnets (Die Hard 4), but it's just bull.

An organisation like that, with nothing to do, trying to justify itself by claiming non-existent threats is a bit dangerous to me. They then start telling us that the enemy is within, and when that enemy can't be pinpointed or proved to exist, every citizen then becomes the enemy - because.......it could be anyone. Just look at the way the UK is going with MI5, their security services and CCTV cameras up your backside.

question? (1)

josepha48 (13953) | more than 7 years ago | (#19580845)

If they can't secure their own office, how can they secure a country and how can WE trust them with the info they collect on us?

so 24 is realistic? (0)

Anonymous Coward | more than 7 years ago | (#19580899)

I've always complained about how bad guys are breaking into CTU physically and electronically. Based on this, maybe that part of the show is realistic afterall?

Hey cut them some slack (1)

kennylogins (1092227) | more than 7 years ago | (#19580981)

Conducting surveillance on 300 million people is a big job.

C'Mon Guys... (1, Funny)

Anonymous Coward | more than 7 years ago | (#19581027)

We can do way better than 800...

Salient FACTS (3, Informative)

N8F8 (4562) | more than 7 years ago | (#19581055)

The DHS has around 200,000 employees.

The article actually says "800 hacker break-ins, virus outbreaks and other computer security problems over two years".

These numbers are remarkably low, if true. I once cleaned over 1000 virii, rootkits and spyware apps off the computer of a busy, filesharing teenager. 800 from 200,000 employees is pretty low. Not to mention that these are on public terminals since the real important data passes across private DoD networks (SIPRNET [wikipedia.org] and JWICS [wikipedia.org] . another clueless article written by another clueless reporter spreading FUD to the clueless liberal masses.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...