US Department of Homeland Security’s border screening system was crashed by Windows Zotob worm

“A Morocco-born computer virus that crashed the Department of Homeland Security’s US-VISIT border screening system last year first passed though the backbone network of the Immigrations and Customs Enforcement bureau, according to newly released documents on the incident,” Kevin Poulsen reports for Wired News.

Poulsen reports, “The documents were released by court order, following a yearlong battle by Wired News to obtain the pages under the Freedom of Information Act. They provide the first official acknowledgement that DHS erred by deliberately leaving more than 1,300 sensitive US-VISIT workstations vulnerable to attack, even as it mounted an all-out effort to patch routine desktop computers against the virulent Zotob worm.”

MacDailyNews Note: “Zotob is a worm that targets Windows 2000–based computers and takes advantage of a security issue that was addressed by Microsoft Security Bulletin MS05-039. This worm and its variants install malicious software, and then search for other computers to infect.” – Microsoft Security Advisory (899588). (“Microsoft Security,” LOL.)

Poulsen continues, “US-VISIT is a hodgepodge of older databases maintained by various government agencies, tied to a national network of workstations with biometric readers installed at airports and other U.S. points of entry. The $400 million program was launched in January 2004 in an effort to secure the border from terrorists by thoroughly screening visiting foreign nationals against scores of government watch lists.”

“The workstations at the front end of US-VISIT run Windows 2000 Professional, so they were vulnerable to attack. Those computers are administered by the DHS’ Bureau of Customs and Border Protection, which learned of the plug-and-play vulnerability Aug. 11, according to the new documents. The agency’s security team began testing Microsoft’s patch Aug. 12, with an eye to installing it on more than 40,000 desktop computers in use in the agency,” Poulsen reports. “But as CBP started pushing the patch to its internal desktop machines Aug. 17, it made the fateful decision not to patch the 1,313 US-VISIT workstations.”

“On Aug. 18, Zotob finally hit the US-VISIT workstations, rapidly spreading from one to another,” Poulsen reports. “At international airports in Los Angeles, San Francisco, Miami and elsewhere, long lines formed while CBP screeners processed foreign visitors by hand, or in some cases used backup computers, according to press reports at the time. At CBP’s data center in Newington, Virginia, officials scrambled overnight to distribute the tardy patch.”

Full sordid story here.

MacDailyNews Take: It just figures that the “U.S. Department of Homeland Security” uses the world’s most insecure OS, doesn’t it? If they had Macs instead, none of this would have happened – and that’s a fact. Please see “Related MacDailyNews articles” below.

Related MacDailyNews articles:
US Department of Homeland Security: patch Microsoft Windows now or risk complete system compromise – August 10, 2006
CCIA wants U.S. Dept. of Homeland Security to reconsider buying ‘insecure Microsoft software’ – August 29, 2003
U.S. Department of Homeland Security says Windows vulnerable to attack – August 01, 2003
Department of Homeland Security chose Microsoft due to time and money limitations – July 21, 2003
U.S. Department of Homeland Security awards enterprise agreement to Microsoft – July 15, 2003

Get a Mac: Viruses, spyware cost U.S. consumers $7.8 billion over last two years – August 08, 2006
Symantec details more security holes in Microsoft’s Windows Vista – July 26, 2006
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time – July 07, 2006
Sophos Security: Dump Windows, Get a Mac – July 05, 2006
What Microsoft has chopped from Windows Vista, and when – June 27, 2006
Apple: ‘Get a Mac. Say ‘Buh-Bye’ to viruses’ – June 01, 2006
FBI: Viruses, spyware, other computer-related crimes cost U.S. businesses $67.2 billion per year – February 01, 2006
Security company Sophos: Apple Mac the best route for security for the masses – December 06, 2005
Hackers already targeting viruses for Microsoft’s Windows Vista – August 04, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005


  1. Seriously, WHY do Governments and Administrations rely on Microshaft for mission-critical stuff? Doesn’t the EULA on Windows specifically state that it is not designed for mission-critical environments? Then why do they persist? And why are they surprised when things like this happen?

    It simply beggars belief.

    MW: behind

  2. “If I was a Democrat, the gubment would use Macs.
    MDN word “coming”.
    “If you disagree with me, using The Patriot Act, we’ll be coming to get you”.

    Oh yeah, that must be it. Because back during the clinton years, they all used Macs right?

    Can you name one person that has been negatively affected by the Patriot Act? (besides those terrorists in London that were planning to hijack 10 planes, and were stopped).

    MDN word – “heard”

    As in has anyone heard of anyone being hurt by the patriot act.

  3. Connor MacBook that’s because the biggest idiots in our government all work in our security apparatus. They make decisions based on fear and not on any rational reasoning.

    Didn’t the old saying go something like “no one ever got fired for buying Microsoft”?

  4. This is what is called a “boondoggle”, much like the acres of mobile homes in Hope, AR.

    Their hearts might have been in the right place, and when you let bids, you don’t always hear back from the best. Also, for the entire system to talk to each other, they probably felt they HAD to go Windows.

    For the money spent, though, too bad the entire Government couldn’t go OSX.

    Of course, as many units as that would take, then there wouldn’t be any Macs left around for us to buy…

  5. Thought process – Give this some thought

    Under the Patriot Act, the definition of terrorism is expanded to cover anyone or any group that tries to bring about change for political or ideological reasons and uses any kind of force to bring it about. This could range from nailing a poster to a courthouse door to carrying a picket sign. Thus, the government now has the authority to harass a broad range of political dissenters, ranging from Greenpeace to anti-abortion protesters to environmental activists to the National Rifle Association.

    Under the Patriot Act, the government can, and most likely already has, conducted black bag and sneak and peak searches. In other words, government agents—much like other authoritarian regimes—can now enter your apartment or home and look through your documents, computer files and possessions (“sneak and peak”) or take documents, files and possessions (“black bag”) without giving you notice that they’ve ever been on your property.

    Also under the Patriot Act, the government has routine access to your educational and financial/banking records as long as the government asserts that snooping through your records is “related to a terrorism investigation.” What this means is that all a government agent has to say to get access to your records is, “We’re conducting a terrorism investigation.” And, believe it or not, your school or bank cannot inform you that the government has gotten this information.

    The Patriot Act allows government agents to conduct document searches and seizures of businesses as well. Moreover, any company, including employers, libraries, Internet providers, banks, bookstores and video stores must provide all records relating to the subject under investigation. Again, these entities cannot inform anyone, including the suspect or the media, that they have been rifling through their files. A violation of this provision is a federal offense that can result in imprisonment.

    Under the Patriot Act, the government is allowed to conduct roving wiretaps. Any judge can issue a wiretap order for a telephone line, Internet line or e-mail system anywhere in the U.S. in order to follow a targeted individual anywhere—even if the individual is not named by the government. Known as a “Doe” target, it means that if you are labeled a suspected terrorist, any of your electronic communications are continually monitored by the government. This obviously makes it easier for the FBI—using the powerful Internet spying technology called Carnivore—to monitor computers, read e-mails and track which web pages are visited by American citizens with merely the say-so of an employer or university.

    There are many other intrusive and violative provisions of the Patriot Act, which clearly and dramatically emasculates key provisions of our Bill of Rights. Not only does it inhibit and chill free expression by American citizens, it is also an intrusive violation of our privacy and undermines the Fourth Amendment to our Constitution, which protects against unreasonable searches and seizures. There was obviously some concern about this by Congress, which is the reason that the Patriot Act was sunset at five years.

    One day after the terrorist attacks on the World Trade Center and the Pentagon traumatized our nation, President Bush vowed, “We will not allow this enemy to win the war by changing our way of life or restricting our freedoms.” Unfortunately, by becoming an aggressive advocate of the Patriot Act, the President is doing just that.

  6. “Can you name one person that has been negatively affected by the Patriot Act?”

    No one can, because if you reveal the name of anyone arrested under the Patriot Act, you’re put in the cell next to him/her, and your name is added to the list hanging on the rack in the torture chamber.

  7. I recall seeing pictures of “Governor” G W Bush with a PowerBook on his desk.

    Ok, there’s this problem with DHS’ computers, and, a few days ago, the Memphis DHS office was found to have listening devices in it.


  8. Check yourself there, Freedom Fister

    “to bring about change for political or ideological reasons and uses any kind of force to bring it about. This could range from nailing a poster to a courthouse door to carrying a picket sign”-

    Where is the force used there? Putting the nail in? Picking up the sign? What is YOUR definition of terrorism?

    While it is good that citizens always check legislation that could conflict with the Constitution, please don’t slant it to pass your ideals.

    Also realize that Congress passed this, and I don’t recall the Dems playing the filibuster card like they have for political-rather than constitutional, reasons.

    If you are against this and the government as a whole for passing it, then people like you are a blessing to any democracy. If you think this is a “Facist Ploy” by the right, please “move on”.

  9. “Thought Process”, part of the difficulty of showing anybody “hurt” by the Patriot Act is that many of provisions of the Patriot Act are secret. Thus, nobody knows about them. Things like secret searches and the like.

    But since you asked, I figured I’d name a few names.

    How about Brandon Mayfield, who the government detained because of it’s belief that he was part of the Madrid bombings? Or how about Sami al-Hussayen, who was arrested and charged with providing “material support” for a terrorists by posting links to “objectionable materials” on a website–links that were also available on the BBC. How about Michael Galardi–owner of a couple of Las Vegas strip clubs? The government was on a fishing expedition to see if he had bribed local officials. Investigators used provisions of the Patriot Act to obtain records, even though Galardi was not suspected of terrorism. Then there’s Tomas Foral, who moved Anthrax-infected cow tissue from a broken freezer to a working one.

    Oh, and don’t forget that the parts of the Patriot Act used by government investigators to catch that guy who was posting Stargate SG-1 episodes…

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.