The US-VISIT network consists of mainframe servers and Windows-based workstations installed at nearly 300 strategic locations in the US like airports and seaports. It is used by Department of Homeland Security (DHS) to take fingerprints and digital photos of visitors coming into the US. It compares each passenger's profile with national security and criminal watch lists.
On August 18, 2005 an enigmatic computer failure led to a nationwide breakdown of the network resulting in thousands of travelers being stranded in line at US border checkpoints. This technical hitch was not clearly explained to the public. DHS spokespersons contradicted themselves. One spokesperson said in an initial report that a virus caused the outages. Four months later, another one told that the failure was due to routine computer glitches with no evidence that it was caused by a virus.
Today we know: it was a virus and the virus was Zotob.
As early as April 2006, on wired.com, Kevin Poulsen explained that a worm infiltrated agency computers on the day of the outage. He learned this fact from two Bureau of Customs and Border Protection (CBP) reports obtained under the Freedom of Information Act. The Department of Homeland Security's US-VISIT program office declined to comment on the documents.
But yesterday, Kevin Poulsen and Ryan Singel fast forwarded the story. They distributed a link to a document filed in the court last Thursday. Inside this PDF, 15 documents are quoted:
That's 330 pages of helpdesk calls from screeners complaining about their computers being down; another 244 pages of work tickets to attack the problem; and 21 pages of IP addresses of computers "involved in the incident." Another document is described as a meeting notice on a "Zotob Status Meeting" in November "regarding the Zotob virus."
Today like these investigators, we are waiting for the May 26 judgment to learn the whole story.
