Court Finds Indian Trust System Is Vulnerable to Computer Hackers
The Wall Street Journal
By: John J. Fialka
Staff Reporter of The Wall Street Journal
December 5, 2001
WASHINGTON — A federal judge has unsealed a report showing that computerized accounting systems used by the Interior Department to allocate $300 million a year in rents and royalties for Indians have major security gaps that could allow hackers to steal money and destroy records.
In the report, Alan Balaran, a special master appointed by U.S. District Judge Royce C. Lamberth, recommended the judge take over the accounting systems to prevent loss of information “crucial to the welfare” of roughly 280,000 Indians served by the system. He noted that during the past 15 years there have been 30 reports from Congress, Interior and outside firms suggesting the system was malfunctioning.
Mr. Balaran added that Indian trust-fund data is “no more secure today than it was 10 years ago” when the Interior Department set out to “reform” the accounting system.The report, unsealed after a motion by lawyers for The Wall Street Journal, will be used by Indian plaintiffs in a class-action lawsuit to support their claim that the court should take over the operation of the trust funds. “This means that the individual Indian trust system should be shut down until it’s fixed,” said Dennis Gingold, who represents the Indians.
The trust funds were set up by Congress in the late 19th century to function as a banking system for rents, royalties and other income owed to individual Indians for use of their land. Advocates for the Indians are citing the continuing problems with the trust funds to support Indian requests that Secretary Gale Norton and another Interior Department official be held in contempt of court. Judge Lamberth, who has repeatedly ordered Interior to fix the accounting system, will begin a trial over the contempt allegations next week.
Lawyers for the Interior Department have argued that a judicial takeover of the trust funds would violate the separation of powers clause of the Constitution. Spokesmen for Ms. Norton have asserted that this year she has “moved on several fronts” to improve the system, which has experienced decades of complaints and has lost a substantial number of Indian records.
In his report, parts of which remain redacted because of security concerns, Mr. Balaran states he hired an outside computer-security firm, New York-based Predictive Systems Inc., to conduct a series of “penetration tests” to check the security of the system. The tests showed that computer hackers, using tools available on the Internet, could easily penetrate the systems, parts of which weren’t protected by firewalls or passwords.
Entering via the Internet, the “hackers” found they could break many of the passwords protecting accounts, using a tool called a “cracker.” Many of the passwords, according to the report, were easy to guess, particularly one — “passwd” — which was frequently used.
According to the report by Mr. Balaran, whose job is to oversee reform efforts ordered by the court, an Interior official dismissed the security firm’s report, suggesting Interior had permitted the “hackers” to penetrate the system. To prove the official was wrong, Mr. Balaran states that in August he ordered Predictive Systems to hack into the system again, this time to switch an existing account to Mr. Balaran’s name.
|