The Virus That Ate DHS

A Morocco-born computer virus that crashed the Department of Homeland Security's US-VISIT border screening system last year first passed though the backbone network of the Immigrations and Customs Enforcement bureau, according to newly released documents on the incident.

The workstations at the front end of US-VISIT run Windows 2000 Professional, so they were vulnerable to attack. Those computers are administered by the DHS' Bureau of Customs and Border Protection, which learned of the plug-and-play vulnerability Aug. 11, according to the new documents.

But as CBP started pushing the patch to its internal desktop machines Aug. 17, it made the fateful decision not to patch the 1,313 US-VISIT workstations.

On Aug. 18, Zotob finally hit the US-VISIT workstations, rapidly spreading from one to another. Phone logs offer a glimpse of the mayhem that ensued. Calls flooded the CBP help desk, with callers complaining that their workstations were rebooting every five minutes.

By then, Wired News had already filed a Freedom of Information Act request with CBP seeking documents about the incident. The request received a cool response. An agency representative phoned us and asked that we withdraw it, while refusing to answer any questions about the outage. When we declined, CBP misplaced the FOIA request. We refiled it, and it was officially denied, in total, a month later. After an administrative appeal went unanswered, we filed a federal lawsuit in U.S. District Court in San Francisco, represented by the Stanford Law School Cyberlaw Clinic.