Archives
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
Categories
- Congress
- Defense
- General News
- Health
- Health IT
- Homeland Security
- IBM suspension
- Industry
- Info Security
- Intelligence
- International
- IT management
- Law
- OMB
- Oversight
- Policy
- Politics
- Privacy
- Procurement
- Program Management
- Project management
- Risk management
- Security
- Spending
- State and Local
- Technology
- Telecommunications
- Tip Thursday
- Virtual World
- Web
- White House
- Wireless
- Workplace
What's happening in the federal IT community
By Friday, May 30, 2008 | 10:56 AM
Yesterday, I wrote about a prediction from the SANS Institute that news would break today about another government laptop being lost. And this laptop belonged to a top-level senior executive, according to a comment written by Alan Paller, director of research at SANS, who commented on a news brief. Now we know the news came from National Journal, which posted late on Thursday an in-depth article by Shane Harris on how China has infiltrated U.S. government computers, stolen proprietary information, and accessed electric utilities and possibly caused major blackouts in the United States. The laptop Paller referred to was one used by Commerce Department Secretary Carlos Gutierrez. The laptop wasn't lost or stolen, but its contents were "clandestinely" downloaded while Gutierrez and a U.S. trade delegation was in China, according to the article, which is also posted on Nextgov. Here's an excerpt:
During a trip to Beijing in December 2007, spyware programs designed to clandestinely remove information from personal computers and other electronic equipment were discovered on devices used by Commerce Secretary Carlos Gutierrez and possibly other members of a U.S. trade delegation, according to a computer-security expert with firsthand knowledge of the spyware used. Gutierrez was in China with the Joint Commission on Commerce and Trade, a high-level delegation that includes the U.S. trade representative and that meets with Chinese officials to discuss such matters as intellectual-property rights, market access, and consumer product safety. According to the computer-security expert, the spyware programs were designed to open communications channels to an outside system, and to download the contents of the infected devices at regular intervals. The source said that the computer codes were identical to those found in the laptop computers and other devices of several senior executives of U.S. corporations who also had their electronics “slurped” while on business in China. The source said he believes, based on conversations with U.S. officials, that the Gutierrez compromise was a source of considerable concern in the Bush administration. Another source with knowledge of the incident corroborated the computer-security expert’s account.
Comments
I'm trying to reconcile this unbelievable breach with another NextGov piece indicating that "According to a survey conducted by Symantec Corp. in April, 77 percent of federal survey respondents gave their agencies top marks in the overall level of IT security..." (http://www.nextgov.com/nextgov/ng_20080602_1366.php?zone=itsecurity).
Seems to me we need to take a harder look at training competencies and performance or maybe this just happened on the watch of the other 23%.
Selah.
Marc Gartenberg | Thursday, June 5, 2008 | 12:22 PMThe increase in laptop docking stations has opened the door for hackers worldwide. The Feds who are given these laptops have no clue about the differences in wired and wireless security. The government ID necklace and bar code sticker on the PC help the cherry pickers find the Feds on TDY at the coffee houses and hotel lounges. As a former DoD security analyst, I am very aware of them when I walk into a coffee chain. From a criminal point of view it looks like an open file cabinet full of classified documents and possibly a lost wallet.
A. J. Weishar | Wednesday, June 4, 2008 | 9:47 AMI worked for Sec. Gutierrez and recently talked with him in Chicago on the issue of American Competitiveness. Trade with China is extremely important to U.S. economic growth, and intelligence gathering by China on how we are so successful at business is flattering, though the tactics used are obviously in this case are beyond diplomatic. Hats off to the IT pro who found the spyware on the laptop and that we can counter this with simply limiting what we take out of the office, especially on sensitive trips.
Anonymous | Sunday, June 1, 2008 | 12:45 AM