FBI investigates Unisys over U.S. government hack
IT systems integrator Unisys Corp. is under fire for allegedly failing to detect the hacking of U.S. Department of Homeland Security computers, an incident that resulted in data being sent to a Chinese-language Web site.
Unisys is now under investigation by the U.S. Federal Bureau of Investigation, according to an aide for the House of Representatives' Committee on Homeland Security, which started investigating the DHS and Unisys in April.
The committee sent a letter to the DHS on Friday asking for its inspector general to open an investigation, the aide said. The letter said DHS had 844 "cybersecurity incidents" during fiscal 2005 and 2006, which the committee called "high and unacceptable."
The data breach adds to the growing chorus of complaints from countries such as France, Germany and the U.K. that hackers in China have stepped up their game, hunting for sensitive information on government computer systems.
In 2002, Unisys won a US$1 billion contract to manage computer systems belonging to the DHS and the Transportation Security Administration, which were created after the Sept. 11, 2001, terrorist attacks to shore up the nation's defense. Unisys received a $750 million contract in early 2006 to continue the work.
Under the contracts, Unisys installed six intrusion-protection devices, said Lisa Meyer, Unisys spokeswoman. Those devices, which can detect unauthorized activity on a network, were not installed properly, alleges the committee.
Three months passed before clues emerged that malicious software capable of copying and transferring files had been installed on 150 DHS computers. The data, although unclassified, was transferred late at night or early in the morning to a Chinese-language Web site, according to committee evidence and testimony.
Two U.S. representatives also accused the DHS and Unisys of ignoring warning signs of the hacking.
In a statement, Unisys denied the intrusion protection devices were improperly installed and that the company reported security incidents.
Meyer said Unisys has not been notified by either the FBI or the committee of an investigation. She said she could not comment further on specific security incidents.
The FBI referred questions to DHS officials, who could not immediately be reached.
IDG News Service
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
VMware ESX Server in the Enterprise
By Edward L. Haletky
Published Dec 29, 2007 by Prentice Hall.
Enter now! | Official rules | Sample chapter
Green IT
By Toby Velte, Anthony Velte, Robert C. Elsenpeter
To be published Oct. 10, 2008 by McGraw Hill Professional
Enter now! | Official rules | About the book
