October 2, 2003 (Computerworld) --
Despite the government's recent efforts to integrate dozens of terrorist watch list databases (see story), terrorists may still be slipping through major cracks in homeland defenses by stealing identities and using computers to create fraudulent travel documents, officials told Congress yesterday. Testifying before the House Select Committee on Homeland Security, Ronald D. Malfi, director of the General Accounting Office's Office of Special Investigations, said that during the past three years, his staff has successfully created fraudulent identities and documents on home computers that allowed officials to do everything from entering the U.S. from foreign countries to buying firearms and gaining unfettered access to government buildings. "We created fictitious identities and counterfeit identification documents, such as driver's licenses, birth certificates, and Social Security cards ... using inexpensive computer software and hardware that are readily available to any purchaser," said Malfi. "In March 2002, we breached the security of four federal office buildings in the Atlanta area using counterfeit law enforcement credentials to obtain genuine building passes, which we then counterfeited." "It's relatively easy for a terrorist to pose as someone else," said Rep. Robert Andrews (D-N.J.). "And the impact is that the integrated terrorist watch list and other databases that the [DHS] is sharing with other agencies is ineffective if we're not identifying [people]." Delegate Eleanor Holmes Norton (D-District of Columbia), a self-proclaimed "card-carrying civil libertarian," said the nature of the vulnerabilities has led her and others to rethink the issue of national ID cards. However, Keith Kiser, chairman of the American Association of Motor Vehicle Administrators, said a national ID card is not needed and would probably require additional IT infrastructure currently not in place. Instead, Kiser argued that the IT infrastructure used throughout state motor vehicle departments to verify identities and issue valid driver's licenses should be enhanced and standardized. Rep. Peter DeFazio (D-Ore.) asked biting questions of experts from the Department of Homeland Security (DHS) and the FBI about why retail workers at many U.S. airports are allowed to enter secure areas of the airport without having to pass the same security screening checkpoints that pilots and passengers must go through. In addition, the only security precautions taken to ensure that those workers are who they say they are is a basic name and Social Security number check, often done using driver's licenses that may or may not have been obtained legally, said DeFazio. "Today, several hundred thousand people, who we don't know if they are the person they said they are, will file into secure areas of airports in the U.S. without even walking through [security] and without putting what they are carrying on a [scanner]," said
"Welcome to a special IT Blogwatch EXTRA: as Richi Jennings watches bloggers' reactions to the Russian hackers who claim to..."
Read more...
"As if taxpayers needed another reason to scorn the IRS. I read yesterday that the inspector general review of several..."
Read more... Read more Security posts or See all Blogs
One positive development stemming from the collapse of Wall Street may be a boost in interest in computer science and IT careers among students who were previously interested in financial services jobs.
From Laggard to Leader: Transforming the Data Center
From Laggard to Leader: Transforming the Data Center Register for this complimentary webcast today! Go to the webcast
Computerworld Executive Bulletin: Building a Robust Antivirus Defense
Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs. (Source: MessageLabs) Antivirus software alone isn't enough to prevent today's speedy, sophisticated virus attacks. Security managers should consider multitiered approaches that include behavior scanning, appliances that check e-mail for worms, and restricting user access to dangerous Web sites. Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs, to learn more. Download this executive briefing
Quick Sizing Guide for SAS Grid Running on HP BladeSystems and EVA Storage
Download this white paper today! (Source: HP) Designed for CIOs, IT managers, data center managers and grid computing architects seeking to improve performance, SAS Grid Computing on the HP BladeSystem c-Class helps accelerate growth and mitigate risks with a simplified, consolidated infrastructure that's agile enough to efficiently handle change. SAS Grid Manager on HP BladeSystem can lower costs through automation, virtualization and improved IT efficiency. Download this white paper
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Securing your network begins at the gateway, also called the perimeter, to keep unauthorized users, viruses and malicious code from entering your systems. Deploying multilayer technologies is your first line of defense. With the mobility of employees and the ease with which external devices can be brought in and out of a network, continuing to build your security plan for network servers and clients is a must. Fortunately, there is much that organizations can do to protect themselves from attacks - internal and external. One of the key facets of a successful security strategy is protecting the servers that run critical applications and house so much of your essential data. Having the right policies, procedures and server configurations is critical.
Fired up about IT?Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT – the good, the bad, and the rest of the weird stuff you deal with every day.
Companies today are realizing that competitive advantage is harder to sustain when based solely on gains in productivity and cost efficiency. The focus is shifting to invest more in business optimization initiatives which rely on trusted information to develop new insights that deliver better business results. But how can this be done efficiently in a business environment across multiple applications and processes. The answer is an Information Agenda - an innovative approach to transforming business information into a strategic asset for competitive advantage.
Preston Gralla: Apple plays the bully again
Apple is once again unleashing its attack dog lawyers. This time against a college for using an apple in its logo. ... [more]
See your link here
Subscribe to
Computerworld 
or
Other Security Stories
From Laggard to Leader: Transforming the Data Center
Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs. 
Download this white paper today!
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
The Security Zone
Fired up about IT? Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT – the good, the bad, and the rest of the weird stuff you deal with every day.
Preston Gralla: Apple plays the bully again
Apple is once again unleashing its attack dog lawyers. This time against a college for using an apple in its logo. ... [more]
