The Zotob Worm and the DHS
On August 18 of last year, the Zotob worm badly infected computers at the Department of Homeland Security, particularly the 1,300 workstations running the US-VISIT application at border crossings. Wired News filed a Freedom of Information Act request for details, which was denied.
After we sued, CBP released three internal documents, totaling five pages, and a copy of Microsoft’s security bulletin on the plug-and-play vulnerability. Though heavily redacted, the documents were enough to establish that Zotob had infiltrated US-VISIT after CBP made the strategic decision to leave the workstations unpatched. Virtually every other detail was blacked out. In the ensuing court proceedings, CBP claimed the redactions were necessary to protect the security of its computers, and acknowledged it had an additional 12 documents, totaling hundreds of pages, which it withheld entirely on the same grounds.
U.S. District Judge Susan Illston reviewed all the documents in chambers, and ordered an additional four documents to be released last month. The court also directed DHS to reveal much of what it had previously hidden beneath thick black pen strokes in the original five pages.
“Although defendant repeatedly asserts that this information would render the CBP computer system vulnerable, defendant has not articulated how this general information would do so,” Illston wrote in her ruling (emphasis is lllston’s).
The details say nothing about the technical details of the computer systems, and only point to the incompetence of the DHS in handling the incident.
Details are in the Wired News article.
another_bruce • November 6, 2006 1:00 PM
i may be exhibiting some naivete here, but if these 1300 workstations were running on a dedicated government intranet with an airgap between it and the nasty internet, and the 1300 users obeyed their manual and never loaded material of dubious origin into their boxes, how could this infection have possibly happened?