Sasser not a fed harasser

The Sasser worm, which crawled through unpatched computers running Microsoft Corp. Windows this week, was pretty much a nonevent for federal government offices. Or a success story, as the Homeland Security Department's Lawrence Hale said today.

Hale, deputy director of DHS' National Cyber Security Division, said although there were isolated incidents of computer infections, most federal agencies were well protected when unknown assailants released the Sasser worm on the Internet a week ago.

"We've seen isolated incidents but no mission impact," Hale said.

DHS officials issued an alert about the Sasser worm April 13, the same day that Microsoft officials released a critical security patch to protect computers from attack. Hale said the agency's alert was timed to coincide with Microsoft's.

Apparently, most agencies took advantage of the more than two weeks' lead time to apply the patch. Most patching had been completed before attackers released the Sasser worm to exploit a buffer overflow in a portion of the Windows operating system code known as the Windows Local Security Authority Subsystem Service.

The organization that defends Defense Department computer networks monitored the Sasser worm closely. "We've noticed it, followed it and it had minimal effects on DOD systems," said Tim Madden, spokesman for the Joint Task Force-Computer Network Operations (JTF-CNO).

Madden declined to comment on when JTF-CNO first noticed the Sasser worm, when officials started monitoring it and what kind of minimal effects the computer worm caused to military systems. JTF-CNO, based at the Defense Information Systems Agency, falls under control of Strategic Command, one of nine key military commands that manage missile, space and information operations from Offutt Air Force Base, Neb.

At the Department of Veterans Affairs, "much less than a half of one percent of the devices" that could have been affected by the worm were infected, said Bruce Brody, associate deputy assistant secretary for cyber- and information security. "The primary reason is that the patching [with] the Microsoft security patch initiated in April worked," he said.

There were also reports that a handful of House and Senate offices experienced problems early in the week, but the problems were quickly resolved.

-- Frank Tiboni and Sarita Chourey contributed to this article.


  • Cybersecurity
    secure network (bluebay/

    Federal CISO floats potential for new supply chain regs

    The federal government's top IT security chief and canvassed industry for feedback on how to shape new rules of the road for federal acquisition and procurement.

  • People
    DHS Secretary Kirstjen Nielsen, shown here at her Nov. 8, 2017, confirmation hearing. DHS Photo by Jetta Disco

    DHS chief Nielsen resigns

    Kirstjen Nielsen, the first Homeland Security secretary with a background in cybersecurity, is being replaced on an acting basis by the Customs and Border Protection chief. Her last day is April 10.

  • Management
    workflow (Urupong Phunkoed/

    House Dems oppose White House reorg plan

    The White House's proposal to reorganize and shutter the Office of Personnel Management hit a major snag, with House Oversight Democrats opposing any funding of the plan.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.