Virus Knocks Out U.S. Visa Approval System

← Back to Stories (view on slashdot.org)

Virus Knocks Out U.S. Visa Approval System

Posted by timothy on Wednesday September 24, 2003 @01:51AM from the tax-funded-monoculture-gets-blight dept.

GillBates0 writes "According to this story and many others, the State Department's electronic system for checking every visa applicant for terrorist or criminal history failed worldwide late Tuesday because of a computer virus, leaving the U.S. government unable to issue visas. The virus crippled the department's Consular Lookout and Support System, known as CLASS, which contains, among others, names of at least 78,000 suspected terrorists. It was unclear which computer virus might have affected the system. But a separate message sent to embassies and consular offices late Tuesday warned that the Welchia virus had been detected in one facility. Welchia is an aggressive infection unleashed last month that exploits a software flaw in recent versions of Microsoft Windows."

18 of 439 comments (clear)

Min score:

Reason:

Sort:

Does the state dept. read /. ??? NO by setzman · 2003-09-24 01:51 · Score: 3, Insightful

If they did, they would know they following:
1.) Use a firewall to block unnecessary access from the external network
2.) Patch Windows often
3.) Use anti-virus software and update the definitions often

I would have thought that the State Department would at least do these minimums (to keep its systems "safe from evil-doers"), but I guess you can't even expect that much from government work.

--
C:\>
1. Re:Does the state dept. read /. ??? NO by PaulK · 2003-09-24 02:07 · Score: 4, Insightful
  
  At what point will the government and public at large decide that "enough is enough?" Do people have to die before someone takes this seriously?
  
  Day after day, example after example, the world is inundated with successful attacks.
  
  We can say, "Well, people are stupid... They should know not to click on attachments," The reality is though, that "1 in 7" users have problems with the power button.
  
  There is no future security in blaming the end user. It's high time that we look at the systems that allow this type of invasion, replace where necessary, and train the users accordingly.
  
  The talk of cost becomes irrelevant when recovery costs are totalled. Just wait for the first wrongful death suit revolving around an insecure system failure.
  
  If we insist that users are accountable, we must also demand that the corporate citizens are accountable.
2. Re:Does the state dept. read /. ??? NO by jaredcat · 2003-09-24 02:20 · Score: 4, Insightful
  
  >> 1.) Use a firewall to block unnecessary access from the external network
  
  Really this doesn't work as well as you'd think. If you have laptop users on your network, which nearly everyone does, its analagous to wearing a plastic bubble suit but having unprotected sex with strangers every weekday morning.
  
  My office has about 60 users in it and is protected by PIX firewalls and techdata's email virus scanner. We have about 20 Windows servers in our server room (this doesn't include the many dozens of servers running Linux or Solaris, or the machines at one of our 3 colo sites), and we patch them all about once a month. Office workstations are forced to patch themselves weekly through a distributed Windowsupdate. So yeah, this should be pretty safe, right?
  
  Well about 3 times per week some user brings in a laptop, plugs it in to the LAN, and we get some new worm running around the office LAN.
3. Re:Does the state dept. read /. ??? NO by Xerithane · 2003-09-24 02:30 · Score: 5, Insightful
  
  1.) Use a firewall to block unnecessary access from the external network
  
  They probably do. Then a user VPNs in with an infected machine against policy, or brings a laptop in and plugs it in. This happens at my work, too.
  
  2.) Patch Windows often
  
  Define "often", please. It could be once a month, once a quarter. I'm sure they have change control plans.
  
  3.) Use anti-virus software and update the definitions often
  
  See above.
  
  I would have thought that the State Department would at least do these minimums (to keep its systems "safe from evil-doers"), but I guess you can't even expect that much from government work.
  
  No, it's just that it's easier to assume that you are smarter than them and assume you know their network and systems.
  
  --
  Dacels Jewelers can't be trusted.
4. Re:Does the state dept. read /. ??? NO by Frater+219 · 2003-09-24 02:59 · Score: 5, Insightful
  
  No system is immune.
  
  But systems are not equally buggy. I discuss this here. No design and no development method is perfect. However, it is incontrovertible that some designs and some development methods yield software that fails less often; that fails less severely; and that fails more recoverably. We can inspect systems' behavior and say that for particular purposes, certain software is better than others. We can say this on the basis of technical facts, not merely marketing claims and promises of "support" and "warranty". We can also say it on the basis of historical evidence -- some systems have failed more often and more severely than others.
  A Microsoft Exchange mail server stores users' mail in a binary database, in a proprietary format. A Postfix or Qmail mail server stores users' mail in text files in a simple directory structure. We can make a reasonable (and correct!) prediction that in case of failure, it is easier to recover the content of mail from a Postfix or Qmail system than from Exchange. And, indeed, this is borne out by the experience of administrators: a maildir can get into an inconsistent state, but it's much easier to recover it than to recover an Exchange mail database.
  (Note that I'm not describing frequency of failure, but rather severity. We can also make predictions about the former, of course ....)
  Security holes are, from an engineering standpoint, simply another kind of failure. We can look at design choices such as privilege separation and chrooting -- applications of the Principle of Least Privilege -- and say that some systems will fail worse than others. A program that can't access files outside of /home/myprog cannot scribble on the kernel in /boot/vmlinuz. A Web server that runs as Administrator on Windows 2000 has opportunities to fail worse than a Web server that runs as www-data on Solaris.
  Simply put, there exist objective facts about security design, just as there exist objective facts about, say, civil engineering. Why doesn't the city construct water mains out of balsa wood and bridges out of papier-mache? It simply doesn't work very well. :)
5. Re:Does the state dept. read /. ??? NO by antiMStroll · 2003-09-24 03:01 · Score: 5, Insightful
  
  Congratulations, you win the MS/Godwin award for the first spurious comparison between an arcane, difficult OpenSSH exploit requiring manual application on a per-computer basis and detailed expertise, and a Windows plug-it-in-and-watch-it-die automatic worm vulnerability. I knew someone would rush to claim equivalency between such radically different apples and oranges but am surprised it's getting modded inside of a dozen first posts.
6. Re:Does the state dept. read /. ??? NO by EzInKy · 2003-09-24 04:08 · Score: 4, Insightful
  
  Simply put, there exist objective facts about security design, just as there exist objective facts about, say, civil engineering. Why doesn't the city construct water mains out of balsa wood and bridges out of papier-mache? It simply doesn't work very well. :)
  
  You bring up a good point here. Civil Engineers are licensed professionals who are held legally accountable to follow certain well known design standards. Software Engineers on the other hand are unlicensed and expected to ensure that their designs are not well known to anyone other than their employers.
  
  --
  Time is what keeps everything from happening all at once.
Windows Means Work by akedia · 2003-09-24 01:52 · Score: 5, Insightful

As much the Slashdot community hates Windows and likes to dump on its flaws, I've realized one thing: Windows means jobs in the IT security sector. As a Network Security technician, my job is, among other things, to make sure the latest threat to Microsoft software doesn't bring down the entire infrastructure in the federal department where I work. At least twice a week, my office has a meeting where we discuss the latest Windows virus or exploit, organize a task force, and then do a system-wide deployment of the fix to some 2000+ clients. I like to think that as long as Microsoft keeps making, er, crappy software, and as long as we still have crackers writing virii and trojans, I don't have to worry about losing my job. If there was some magical "perfect" sofware that never needed fixing (note: there isn't) then we wouldn't need IT security professionals now, would we?
1. Re:Windows Means Work by Sevn · 2003-09-24 01:57 · Score: 4, Insightful
  
  I see where you are coming from. The problem is, Windows also means WORK. And MONEY. and LOST PROFIT. and having a freaking stone tied around your neck. Actually, more like having a TICKING TIMEBOMB around your neck and you have no idea what the timer is set for. So from an employees standpoint, sure. Windows problems employ a hell of a lot of us. It's the companys that are getting royally screwed. And the ticking timebomb for us is when they suddenly wake up and realize that. At that point knowing another platform is going to come in mighty handy.
  
  --
  For every annoying gentoo user, are three even more annoying anti-gentoo crybabies. Take Yosh from #Gimp for example.
2. Re:Windows Means Work by grub · 2003-09-24 01:58 · Score: 4, Insightful
  
  What you mean is "Windows Means Job Security".
  
  Think of it from the other side of the fence; if you weren't running Windows on every desktop you wouldn't need your 2+/week meetings to discuss the latest viruses and trojans.
  
  Of course that would mean your IT budgets would be cut and people laid off as your group became more productive with less.
  
  We can't have that now, can we?
  
  --
  Trolling is a art,
3. Re:Windows Means Work by Afty0r · 2003-09-24 02:08 · Score: 3, Insightful
  
  I've realized one thing: Windows means jobs in the IT security sector.
  
  This is analogous to saying that poor house building regulations and standards means more jobs for builders, plasterers, repairmen, plumbers etc.
  
  It does mean more jobs, however more jobs != a good thing - you're using the wrong metrics.
Re:Firewalls?? by cehbab · 2003-09-24 02:07 · Score: 3, Insightful

It was cheaper to do without ? We all know how the budgets of gov departments are continually being slashed :)
Re:Shut down on purpose, not failed.... by phillymjs · 2003-09-24 02:09 · Score: 5, Insightful

Shutting down a network on purpose is different from having it "fail" due to a virus.

Not by much, since both have the effect of putting a stake through the heart of user productivity for however long it takes to exorcise the virus from all the systems.

~Philly
Re:Heads should roll... by Chibi+Merrow · 2003-09-24 02:36 · Score: 3, Insightful

Now I'm a big Linux supporter and all... but you're way off base here comparing Exchange to a Linux MTA... they're very different beasts.

Just to let you know, we use Exchange, and I think all we did about the virus e-mails was scratch our head and shrug. Never had a single e-mail borne infection...

Though that didn't stop a certain unnamed director from making us send a memo out explaining why people were getting weird e-mails and why the return address was wrong etc...

In THIS case, the article mentions Welchia... Which is NOT an e-mail virus, it's the RPC DCOM worm that tries to patch the Blaster hole. Is it still able to infect due to bad software? Absolutely! But it has NOTHING to do with e-mail or Exchange.

How would a bunch of Linux servers have helped them in this instance? If they're lax on patching Windows boxes, they'll be lax on patching Linux boxes too. Then they're just one OpenSSH exploit away from being out of commission anyway.

The only reason I can think of you being modded up is blind hatred for Microsoft. Hating MS is fine, but don't mark a post as 'Informative' that doesn't even know what they're talking about...

--
Maxim: People cannot follow directions.
Increases in truth directly with the length of time spent explaining them
Re:Damn terrorists! by Dr+Caleb · 2003-09-24 02:41 · Score: 5, Insightful

Only 78,000 suspected Terrorists?
I thought the U.S.A. P.A.T.R.I.O.T act made everyone in the US a suspected terrorist. That should read "300,000,000+ suspected terrorists".
Did you read that article on politechbot.com that they wouldn't let some guy wearing a little button that read "Suspected terrorist" fly on an airplane?

--
"History doesn't repeat itself, but it does rhyme." Mark Twain
Re:78 THOUSAND suspected terrorists? by ZoneGray · 2003-09-24 02:47 · Score: 5, Insightful

>> Instead we spend more on a "war on terror" in a year than has been spent in the entire history of cancer research.

Not even remotely true, unless you only count the money spent by the federal government. There are billions spent every day on cancer research by companies big and small, dwarfing what is spent chasing terrorists.

It's like that year at the Oscars when all those wealthy actors stood up and complained that the US doesn't spend enough on the arts.

Anyway, read the Preamble.... "in Order to form a more perfect Union, establish Justice, insure domestic Tranquility, provide for the common defence, promote the general Welfare, and secure the Blessings of Liberty to ourselves and our Posterity"

No mention of curing cancer, or PBS documentaries, or midnight basketball, or time off from work to take your dog to the vet. Those things are all reasonable, but they're not the primary responsibility of government.

Note, too, the difference in wording: "PROVIDE for the common defense, PROMOTE the general welfare."
It wasn't a computer virus! by FunWithHeadlines · 2003-09-24 02:48 · Score: 3, Insightful

I'm getting sick of mainstream media equating Windows viruses with computer viruses. This was NOT a computer virus. Were any Linux machines at risk? No. Were any Macs at risk? No. How about mainframes? Nope. Those are all computers, and yet none of them were at risk from this virus. So it is inaccurate to call these things "computer" viruses.
Call it what it is: A Microsoft Windows virus. Maybe if the media keeps pointing out what us /.ers already know, the general public will get it through their heads that their choice of OS makes a difference.
Re:Rights vs Citizen rights by merlin_jim · 2003-09-24 03:20 · Score: 3, Insightful

Sorry human rights and the right to fair treatment below to EVERYBODY, regardless of citizenship.
We have accepted standards of treatment for people we are actively at war with. People who have no apparent hostile intent should get treated at least as well.

While I agree with you that there needs to be an accepted standard of treatment for terrorist actions, similar to the Geneva Accord for wartime, the sad fact is that such a standard does not, at this time, exist.

And these people aren't being treated unfairly; we're not letting them come to the United States without explaining terrorist connections. The United States doesn't belong to the world, it belongs to us, and we can say who we do and do not want to let in.

While I do feel that there should be some oversight over who gets put on this list and how they are selected, that the list should be made publicly available, and that there should be an appeal process to be taken off the list if necessary, none of those is an inalienable right.

I don't have a right to come into your home at any time I like. I can knock on your door and ask if I can come into your home. But if we don't really know each other, and you've seen me in the neighborhood a couple times with some known violent criminals, you would certainly think twice about inviting me in.

I don't see how the United States implementing a similar policy is any different.

--
I am disrespectful to dirt! Can you see that I am serious?!