Slashdot Mirror
Judge Disconnects Interior Dept., Again
jeremycec writes "Evidently, nothing's been resolved since 2001, when this
happened the first
time. In these Memorandum
Opinion and Preliminary
Injunction documents from Judge Royce
C. Lamberth of the U.S.
District Court for Washington, D.C., we see how the court
stepped in to pull the plug on a system, which, through its
abject lack of due care,
left someone's important financial information wide open to
attackers. According to the former CIO of the Bureau of
Indian Affairs: 'For all practical purposes, we have no
security, we have no infrastructure, ... Our entire network
has no firewalls on it. I don't like running a network that
can be breached by a high school kid.' So, when the BIA
could get no relief through Interior's IT Dept.,
it went to the courts. Source: Government Computer News "
It's really very simple, people; if you leave personal information about me lying around on a network which a mere script kiddie can break into, then you deserve to get sued. If you take no measures to remedy the situation, even after being repeatedly warned, and then my details get stolen and sold on, you WILL get sued. Why? To send a message. I hope this happens to more companies so that they get serious about data protection. Heck, even schools have crappy information security. I should tell you about the kind of thing I could get off the school network and the lax treatment of passwords...
Bash script for FP whores
Our government is incapible of becoming like Orwell's 1984. They cant even keep their system straight.
And also, what's a government office doing on the internet? Shouldnt there be a Web machine (dmz) and a firewall for interal access (if they need it)? That doesnt cost more than a 1000$.
it's true .... my mother in-law works at the BIA, and hasn't had email for years. i've offered to do real cheap contracting to help them set up a small, secure network in their regional office, to no avail. they were still waiting for the gov IT dept to work it out.
They should try one of those motherboards with fancy IDE encryption, that'll keep their data safe!
I have over 70 freaks, do you?
I know the feds have lots of standards (And pretty well thought-out) for bank-related IT security.
Don't they have some similar standards for government standards, or are all different federal entities left to simply come up (or not come up) with their own standards?
It's often a good idea to make it plain which link is the main focus, rather than the background information. It would make sense for the main story to be linked to "the court stepped in to pull the plug on a system", but I suppose we'll have to be left wondering.
On the bright side, at least this one wasn't archived.
Well sounds like someone told someone a Buzzword. If there was NO infrastructure, there wouldn't be a problem. The problem is the infrastructure they DO have. BTW is the dept. of Indian affairs there to keep secret the horrors the Indian people had to suffer under the Imperialist conquerer's the early Americans were? Ooops just let the secret out, you can keep the firewall budget for the lawsuits.
I went to battle MC Escher, but drew a blank
So, what's your IP? WoOt!
Now everyone gets to know your business if the government does. How egalitarian! Big Brothers are watching you!
So fine, the BIA is allowed to sue the DOI. But who the hell is the DOI, who funds them. Well you and I. If the IT manager of the DOI is an idiot who couldn't care less about Native Americans and their "bureau", the absolute worse thing that can happen is that that person will lose their job (and good luck with that if this person happens to be female or a minority). So what is happening here. WE get to pay for someone dropping the ball. WE get to pay the court costs for BOTH agencies. WE get to pay whatever damages are awarded. In this case lawsuits are worthless (actually worse than worthless as they have negative worth). No messages are sent and in the end the taxpayers lose, and the clients of the BIA lose.
There has to be a lot more to this story. Low priority is one thing. This is right up there with willfully not breathing, or willfully not locking a door.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
They should run on FreeLeonardPeltierBSD.
in this day and age, when government spending along with jobless rates are at an all time high, there are government agencies that either don't have or have a badly staffed IT department. Judging from slashdot readership alone, there are many out-of-work geeks that could shore up gov't IT security for next to nothing. Even if it's an all Windows network, it can still be secured for relatively cheap....just hire a kiddie, pay him 30K/year to maintain Microsoft's Software Update Services to automatically download and install critical updates. You certainly don't need MCSE for that!
This comment was randomly generated by a school of piranhas chewing on the PCB of a Microsoft Natural Keyboard.
The simple fact is that the Department of The Interior hates the BIA. They resent them like hell and are doing nothing to help them at all. Standards, routers, etc... have nothing to do with this.
It's high time that the BIA be moved from Interior to the Department of State anyway. The American-Indiands issue isn't a land issue, it's a deplomacy issue. But that's just more politics and not relevant to the story at hand.
Boobies never hurt anyone. - Sherry Glaser.
I feel safer. And the chocolate rations have been increased to 5 units.
The BIA has been hopelesly corrupt for years, squandering monies that were meant for Native Americans and padding their own pockets. They don't want this system fixed, as fixing it would also uncover their embezlement. They also want a convenient scapegoat: "Hackers took the money!"
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
This is slashdot, after all.
The BIA isn't suing anyone. They're *being* sued.
The case is Cobell v. Norton -- the plaintiffs are Native Americans and Norton being the Interior department, of which BIA is a part. (Side note: Gail Norton has been held in contempt of court at least twice that I know of as part of this case.)
So, what we have here, is a suit by individuals (more or less) against the Interior department.
Yes, WE get to pay for the government's defense, and, when the government loses, the full judgement to the (fully deserving, IMHO) plaintiffs.
Go pursue your anti-governemnt, anti-PC campaign elsewhere: it isn't relevant here.
Lawsuits aren't worthless here, they're pretty much the only lever the endlessly screwed-over Native Americans have against the interior depatment. I'm happy to see them succeeding at it.
This is the funniest joke I've seen on slashdot in quite a while. Of course, most /.'ers probably are not familiar with this
very controversial case.
"Weapons should be hardy rather than decorative" - Miyamoto Musashi
I think that goes for OS's too
I heard this on NPR (about 2 weeks ago, sheesh!) and all I could think was "I wonder how long until someone posts the google cache link."
No, my sig isn't that link.
--
...what the hell this article is about?
Bureau of Indian Affairs - are these the people responsible for outsourcing IT jobs to India?
They can get interns to do it for free .
.
, .
.
.
.
.
.
.
.
.
If they cannot get an Intern they can import someone
from overseas give them a L1 visa and pay them
minimum wage
Hell Tatia consulting specializes in unempolying ppl in the US
they are one of the best cheap foreign labor sweatshops in the US
Why hire americans, when you can get ppl for next to nothing !!
Go corporate corruption !
( sarcasm ended )
Asking the government why they do something stupid year end
and year out is like asking why the CEO of a major failing
corporation did not listen to the engineers
An MBA type thinks he is above the lowly R&D folks, his
elitism pushes his ego to all new heights
You see the same egotism, elitism, and intra-departmental
squabbling in the government
"little kingdoms" run by little minds
cooperation on a basic level undermined by personality
conflicts, and pissing contests
Until someone goes thru there and "cleans house" it is gonna
suck just as bad as it does now
Protecting the jobs of the incompetent whether they are
female or a minority is hurting this country, and will
be of the key object lessons of it is collapse from within
Learn from the fall of Rome, or history will repeat itself
Peace,
Ex-MislTech
google "32 trillion offshore needs IRS attention"
The other flaw with this is the following:
"The preliminary injunction followed a hearing this morning in which the plaintiffs in the Cobell v. Norton litigation, who represent American Indian trust beneficiaries, sought the injunction. The goal of the injunction is to protect American Indian trust accounts from intrusion via the Internet. "
The American Indians requested that the injunction be put into place, and it was granted.
This has nothing to do with what administration is in power.
- The government agreed to secure machines that had certain types of sensitive information, and to allow someone to verify that those machines were secure.
- One machine was discovered to be insecure because apparently it WAS in the DMZ for a legitimate use and thus could be portscanned (it was just insecure)
- The people scanning it told the gov't that they were going to do a full penetration scan (so that they didn't get prosecuted), which everybody had agreed to and agreed would be private (i.e. nobody would try to secure the box in advance of the penetration)
- The machine magically vanished off the network right before the penetration scan with a bit of a bogus explaination
- The government and the guy responsible for doing the scans got into a big pissing contest that they refused to settle peacefully.
In other words, it seems like some parts of the government was attempting to do the right thing here, but some other parts got seriously upset when they discovered that the Special Master (the guy responsible for verifying compliance that the machines were actually secure) was actually doing his job and not just taking their word that they hadn't leaked information about the machine that was going to be penetrated, fearing the consequences.Quite frankly, I'm a little confused as to why the government had to allow a full exploit to take place rather than accepting the warning of "this machine is insecure, secure it now," except that maybe it's with an eye towards preparing for the day when the courts aren't constantly portscanning them.
I don't like running a network that can be breached by a high school kid.
I think this statement underestimates the experience, intelect and time that some high school kids have. I have seen countless posts to Slashdot either by people in high school or by people who were doing great things by the time they were in high school. This statement means nothing and somewhat indicates the lack of understanding that the general public has about hackers and crackers.
The US government continues to crap on Native Americans. They've done so for centuries, and will continue to do so until people speak up. I am part Native American (at least 1/8th blackfoot). I am grateful that my parents divorced when I was younger and I grew up with my dad. There are no opportunities on most reservations. The actions of the DOI (or lack thereof) stated in the article just goes to prove that the BIA does just the bare minimum. It's truly sad. :(
Get the facts and the whole sad story online at www.indiantrust.com
You will discover that the real issue is the US Gov. stonewalling and resisting the lawsuit giving rise to this judical order.
At stake is the US Gov losing it's trusteeship over all the money it collects from such things as rental/timber/mining/mineral/other rights earned and payable to individual indians. Seems there may be TRILLIONS of dollars "unaccounted for" over the decades the US Gov has been "taking care of" the indians.
The IT systems supposedly set up to track everythng are a mess. They can't say how much they have, should have, or to whom they should be making payments.
Sounds to me like a nice slush fund for the US Gov. With the judge on this case -- who is wise to all the government's ploys (read about his background for why), it's likely the game is finally up. While I'm doubtful the entire truth of the entire amount stolen from the indians will come to light, the amounts that do come out are lilkey to astonish many, IMO.
Anyone can read up on the lawsuit and press coverage of this lawsuit at www.indiantrust.com
To most of the 4 and 5 level moderated comments I've read, I'll say that most of you are reading this assuming the judicial order is due to the system being messed up (and this coming to light recently) as the central issue. This is just the tip of the iceberg. The real story is how the US Gov has been pilfering indian money for decades, resisting by every means they can of making a full accounting of the state of the trust accounts, and resisting losing their control over all the money flowing through their hands -- much less than 100% of which makes it to the trust beneficiaries (i.e. poor indians) it's supposed to be paid to.
FWIW, IMO...and I'm not a lawyer or an indian, nor connected to this suit; I've just been reading about it over time,
Signed,
A proud American, but one ashamed at how badly his government behaves in cases like this.
In a nutshell, the Special Master for the court has brought in an outside consultant to do pen-testing of DOI systems. The problem is that this guy is just hacking away willy-nilly, and there are no rules of engagement or lines of communication. In short, there's no way for DOI to know this guy's attacks apart from those of any black-hat, and there's no way to prevent him from doing more harm than good (or notifying DOI should he screw something up, as is prone to happen in pen-testing). SAIC, the company working to improve DOI security, has asked for some changes to this, and was turned down. As a result, the DoJ has intervened, pointing out that what the consultant has been doing is not legal and is actually hacking in the very illegal sense of the word. This is the backlash from the Special Master in return for that.
For your security, this post has been encrypted with ROT-13, twice.