Botnet ZeuS infects computers at 10 agencies

Chinese and European hackers gained access to government computers at 10 federal agencies during a recently discovered malware attack.

NetWitness, a Virginia-based private security firm, discovered the breaches at federal agencies and about 2,500 companies worldwide, and announced the findings in a Feb. 17 report. NetWitness did not disclose which agencies were attacked, but the malware appeared to be aimed more at gathering financial and personal login information from private corporations than state secrets. It affects computers running on Microsoft Windows operating systems.

Affected computers are infected with a botnet named ZeuS, which collects and feeds the hackers personal information, including data typed to enter encrypted Web sites and cookies, which store credentials for individual Web sites.

The botnet can also insert additional forms on Web sites to get users to enter more personal information than the site legitimately needs. The malware may have been active since March 2009, according to the report. The botnet is difficult to detect and buries itself deep within computers where users can't find it, the report states.

Egypt, Mexico, Saudi Arabia, Turkey and the U.S. are the countries with the most infected computers, the report concludes.

Name change: ‘Operation New Dawn'

Say goodbye to Operation Iraqi Freedom.

Effective Sept. 1, the war in Iraq will acquire a new official moniker: "Operation New Dawn."

Defense Secretary Robert Gates announced the move Feb. 17 in a memo to Gen. David Petraeus, chief of U.S. Central Command, that was first reported by ABC News.

"Aligning the name change with the change of mission sends a strong signal that Operation Iraqi Freedom has ended and our forces are operating under a new mission," Gates wrote.

IG faults FAA on airplane maintenance oversight

The Transportation Department inspector general raised concerns last week that the government is failing to police airplane maintenance at U.S. airlines.

The IG raised that issue in a 27-page report that criticized maintenance procedures at American Airlines and oversight of the airline by the Federal Aviation Administration.

The report concluded that a lack of adequate FAA oversight "raises significant concerns about potential maintenance weaknesses going uncorrected — not just at American but at other air carriers."

The report is the most recent finding of concerns about maintenance problems in the airline industry.

It says the IG received a complaint in February 2008 that alleged "the overall operational reliability" of American's planes "had diminished and that previously reliable aircraft systems were regularly failing."

The inspector general found that American had increasingly put off maintenance procedures and the FAA didn't take "appropriate action to address American's longstanding failure to comply with required maintenance inspection procedures."

American spokesman Tim Wagner says the IG report is a review of 2-year-old events and that the airline has addressed the concerns.

FAA spokesman Sasha Johnson says the agency also has since addressed the IG's concerns.

Study projects modest COLAs through 2020

The Congressional Budget Office has issued a bleak forecast for retirees about future cost-of-living adjustments. In a January report about the economic and budget outlook for 2010 through 2020, the nonpartisan CBO estimates there will be a 0.1 percent COLA on Dec. 1, 2010, a 1.2 percent COLA in both 2011 and 2012, and an average 1.8 percent annual COLA for 2013 through 2020.

Those modest increases would come after a year in which there was no COLA in December because of negative inflation.

These are only estimates, subject to change, depending on what happens in the economy. A decision on what COLA, if any, will be paid in 2011 will be made later this year based on a comparison of the Consumer Price Index in the third quarter of this year with the third quarter of the previous year.

DoD to restrict info-sharing with contractors

Pentagon leaders plan to tighten protections on sensitive information shared with contractors.

In a Jan. 29 memo, Defense Department Chief Information Officer Cheryl Roby clarifies new responsibilities for numerous high-level DoD officials. The CIO will chair a Defense Industrial Base cybersecurity and information sharing executive committee. The CIO will also coordinate oversight of industrial cybersecurity and information sharing with DoD's inspector general.

The undersecretary of Defense for acquisition, technology and logistics will be responsible for developing and putting new cybersecurity policies into place in acquisitions.

The chief financial officer will monitor the budget to make sure cybersecurity projects are funded and that funds are used appropriately.

In case of an attack, the National Security Agency and Defense Intelligence Agency directors will assess cyber intrusion damage.

Tests show no problems in KC federal buildings

Tests of indoor air quality at two federal buildings that have been the subject of employee health complaints found no basis for the concerns, the Environmental Protection Agency said.

EPA sampled indoor air in the two buildings in the Bannister Federal Complex in Kansas City, Mo., and detected "no particular health concerns," EPA Regional Administrator Karl Brooks said in a Feb. 18 statement.

Building 50 is home to the General Services Administration's Kansas City South Field Office, while Building 52 houses a day care center.

The federal complex has a long history of known and suspected environmental contamination issues stemming from industrial activities at the site, EPA said.

The agency launched its investigation in January, following local media reports of sick employees.

GSA to combine procurement databases

The General Services Administration has awarded a $74.4 million contract to IBM to consolidate nine acquisition databases.

The nine databases that track civilian and defense acquisitions are: Central Contractor Registration, Electronic Subcontracting Reporting System, Excluded Parties List System, Federal Agency Registration, FedBizOpps, Federal Procurement Data System-Next Generation, Online Representations and Certifications Application, Past Performance Information Retrieval System and Wage Determinations On-Line.

The contract will have a three-year base period and five one-year options, GSA announced in a Feb. 18 news release.

"The consolidated databases will improve the efficiency of the contracting process by providing federal acquisition professionals with a streamlined tool for all of their pre- and post-award reporting and tracking work," said Michael Robertson, associate administrator of government-wide policy, in a statement. "It will also improve transparency of the process by providing the public with a single, comprehensive source for contracting data from all levels of government."

VA settles $5 million bias case at Richmond hospital

The Veterans Affairs Department has agreed to pay plaintiffs $5 million to settle a class-action complaint alleging racial discrimination at its Richmond, Va., hospital.

About 2,000 black employees at the Hunter Holmes McGuire Richmond VA Medical Center signed on to the Equal Employment Opportunity Commission complaint alleging the hospital denied them the ability to compete fairly for monetary and nonmonetary awards, said the plaintiffs' lawyer, Michael Kator of the Washington firm Kator, Parks & Weiser.

"Disputes over the awards policies have dragged down employee morale for years and caused many exceptional employees to leave the VA for other employment. Settling this case will be an enormous boost to the morale of African-American employees of the Richmond Medical Center," Kator said in a Feb. 16 statement. The complaint was formally filed in 2002.

In addition to the $5 million settlement, VA agreed to allow employees to self-nominate for awards. Award nominations were previously submitted by others.

Will Gunn, VA general counsel, said VA does not tolerate discrimination and is settling because it overlooked documents that were required to be disclosed during the complaint's discovery process in 2007. VA agreed to the settlement "because of a failure on our part to timely identify and make relevant documents available," not because of any discrimination, Gunn said in a statement.

"Throughout our defense of this matter, VA found no bias in the administration of the awards program," Gunn said.

Labor-management council

The National Council on Federal Labor-Management Relations will hold its first meeting Feb. 26 at the Office of Personnel Management's headquarters in Washington. The council will hear comments from federal agencies and members of the public on how agencies will create labor-management forums across the federal government.