By Spencer S. Hsu
Washington Post Staff Writer
August 3, 2007
The U.S. government's main border control system is plagued by computer
security weaknesses, increasing the risk of computer attacks, data
thefts, and manipulation of millions of identity records including
passport, visa and Social Security numbers and the world's largest
fingerprint database, officials said.
U.S. officials have called the US-VISIT system a cornerstone of the
nation's efforts to stop terrorists at the borders and stanch the flow
of illegal immigrants. It automates the collection of fingerprints and
digital photographs, and links border control officers to FBI, border
enforcement, immigration and State Department watch lists and databases.
Congress has allocated $1.7 billion for the system since 2002. But in a
congressional report to be released today and obtained by The Washington
Post, Homeland Security officials said that many vulnerabilities exist
throughout the network and the computer stations used at 400 airports,
seaports and land crossings. These vulnerabilities could, in turn,
spread the risk of cyber-attacks or data losses to some of the
government's most sensitive security databases, the officials said.
"Weaknesses existed in all control areas and computing device types
reviewed," the Government Accountability Office reported. It called on
DHS to "immediately address" problems to avert potentially crippling
disruptions or the misidentification of drug smugglers, terrorists and
felons trying to enter the country.
"These weaknesses collectively increase the risk that unauthorized
individuals could read, copy, delete, add, and modify sensitive
information," investigators said.
In a statement, Joseph I. Lieberman (I-Conn.), chairman of the Senate
Homeland Security Committee, said the computer vulnerabilities may make
Americans less secure, not more. "DHS is spending $1.7 billion of
taxpayer money on a program to detect potential terrorists crossing our
borders," he said, "yet it isn't taking the most basic precautions to
keep them from hacking into and changing or deleting sensitive
The report raises the latest red flag over the Bush administration's
efforts to secure the borders, already heavily criticized by Congress
and conservative critics. It also adds to a growing list of warnings
about the vulnerability of key government computer networks.
In May, the Transportation Security Administration reported the loss of
a hard drive loaded with personal payroll information on 100,000
workers, including federal air marshals. A computer virus halted
processing of international travelers at U.S. airports for several hours
in August 2005. And a computer failure in December knocked out for two
hours the national computer network used at all 400 customs sites.
U.S. authorities expressed concern over a dramatic increase in computer
attacks and warned that they could become more destructive as hackers
grow more sophisticated, pointing to a rise in incidents aimed at
Pentagon information systems.
US-VISIT Director Robert A. Mocny acknowledged concerns but said that
security fixes are underway and that the report raised many hypothetical
problems and overstated others, because few outsiders can gain access to
the system's computers.
"There have been no attacks on the US-VISIT system," Mocny said. Still,
he conceded increased risks as sensitive databases are added. "When you
connect more systems, which [DHS] wants to do, you do have the risk of
the 'weakest link,' " he said.
US-VISIT has compiled digital facial images and fingerprints of 90
million individuals and is used to vet 54 million border crossings each
year. But Marc Rotenberg, executive director of the Electronic Privacy
Information Center, said the government has not taken adequate steps to
safeguard the privacy of millions of people whose citizenship,
immigration, law enforcement and national security records are used in
the customs checks.
Staff researcher Madonna Lebling contributed to this report.
Visit the InfoSec News book store!