Slashdot Mirror
U.S. Interior Dept. Unplugged... Again
IO ERROR writes "The U.S. District Court ordered the Department of Interior to take all its systems offline for the third time, saying that its systems were too insecure to be left open. Among the systems to go offline are those that process payments owed to American Indians and Internet access in schools on Indian reservations. DOI employees cannot use the Web or send or receive e-mail."
If people can't secure the computer systems i wonder how secure the old paper based systems were?
:P
I mean, with a physical system u need physical access but I bet those old systems were probably quite easy to subvert
Simon.
Damnit, there goes my plan to leech off their p2p network...
"Why are you watching the washing machine?"
"I love entertainment, as long as it's clean"
DOI employees cannot use the Web or send or receive e-mail.
:)
*thinks about what he does at work*
So they're letting everybody go home early then?
...as reported by internet.com. Interestingly it seems that even the previous time was not really the first?
"For the second time in less than two years, a federal judge has ordered the Interior Department to disconnect from the Internet in order to protect $1 billion in American Indian money managed by the agency.
U.S. District Judge Royce Lamberth said Interior's refusal to cooperate with a court-appointed master who wanted to test the security of Interior's systems, prompted the decision. The government claimed it did not cooperate with Security Assurance Group of Annapolis, Md., because they could not agree on the "rules of engagement."
Why would systems with access to funds be connected directly to the net? No system with that level of risk should ever be connected to the net unless there's a damn good reason. Even online banking webservers are throughouly isolated from the core banking systems. This is just sheer stupidity.
Trolling is a art,
Pale Face let any brave look inside open teepee. You call it security, we call it maize.
There goes my sweet FTP server with the 0 day warez and the fat pipe!
I wonder who the culprit is.
Is their continuing failure to secure their system due to lack of will/lack of money/what they're using or some combo of the three?
Seems rather appropriate. What software are they running?
A feeling of having made the same mistake before: Deja Foobar
Simpson, whose verbal gaffes are also legendary, pulled another one Sunday visiting the White House, our sources say. The singer was introduced to Interior Secretary Gale Norton and gushed: "You've done a nice job decorating the White House."
Source: washingtonpost.com
This is really sad. I first heard of the DOI's incredible mishandling of the Indian trust here on slashdot a few years ago when they were shut down the first time.
I can understand having problems recompiling literally centuries of data for tens of thousands of people. But c'mon, you can't figure out how to set up firewalls with VPN connections between disparate groups?
Could you imagine any private organization like a mutual fund or retirement investor leaving SSNs and customer information online on websites? Imagine the smack down from the government! But if it's the gov't itself nada. Thank god (or Great Spirit, whatever) that there's at least one judge willing to do the right thing.
I've been on slashdot so long I'm starting to get out of touch with the cool stuff if it ain't on slashdot.
Among the systems to go offline are those that process payments owed to American Indians and Internet access in schools on Indian reservations....
The blackout stems from a class-action lawsuit between the agency and Indians who allege that it has mismanaged trust accounts set up in the late 19th century to handle proceeds from oil, gas and minerals extracted from Indian lands.
Doesn't look like this will do anything positive for the Native Americans.
-Adam C. Greenfield
Department of Inferior?
There are 10 kinds of people in the world > > Those who understand binary and those who don't
I think part of the problem with a lot of the corporations/departments having many security flaws, or systems open to the net that shouldnt be is the fact that many people still see the internet as an idealistic place for the exchange of ideas and commerce. People are still slow to realize the danger that lies in the internet, and the fact that it can be dangerous. If people knew more about the dangers of technology they might be more apt to work on protecting themselves.
That's cool. We'll just keep the casino money.
Somehow this doesn't strike me as a bunch of linux boxen unfirewalled with the root password as "password."
Just goes to show, though, that people can sing about security all they want, release whitepapers and HOWTOs on security, but if people don't follow nor enforce such rules PROPERLY, it amounts to jaque squat.
Of course, their need for security is much greater than your average home user. We're not all carrying heuuuge amounts of sensitive information.
I'm a bit offended by this post's pandering to our intellect. Like we're supposed to view this is some sort infringement on Native American rights in the US. Sure, maybe it's interesting that the Dept of Interior, which shares the podium with the Dept of Homeland Security, needs to upgrade insecure servers. Nevermind Debian, GNU, Gentoo, and Microsoft have had just as much trouble with security, ti's no surprise the Feds might have trouble too.
There's no news here. Don't try to make news where there isn't any.
Is that what they mean by "rules of engagement" ? ...
Like they were boxers: No hitting below the belt. No eye gouging.
I emailed the Department of the Interior, pointing out that they should consider selling any unsolicited copies of software so as to not waste the value of gifts. They shouldn't use gift material as that bypasses the intent of normal acquisition processes.
Now I know why I got no response...
Coincidentally, The Dept of the Interior actually does decorate the White House.
learn about it. The money isn't reparations like most african americans are clamoring for. Unlike the bogus "40 acres and a mule" there are both actual treaties for how the natives should be handled, and then there's the mineral/gas/oil rights on reservation land that the US Govt is steward of. It's out of the billions of dollars earned off those rights that they are paying the natives.
"its systems were too insecure to be left open"
Well, I feel sorry for the systems. It is really rough working for the government and having self esteem issues. If I worked for the gov't, I would be a little insecure my self : P
"The Interior Department said the order "is a new frontier in this court's efforts to run the operations of executive branch agencies."
//
"We are working closely with the Department of Justice to quickly respond to this order in the appropriate legal venue," the agency said in a faxed statement.
It's a political thing. Probably not much of a technical problem here at all. Somebody's making a move for power somewhere and now all of this BS. They are punishing the Interior by taking down links with schools on them rather than just blocking traffic via access lists and firewalls.
If they really had a problem with some of the services being provided as insecure they could have either firewalled those services or just blocked them at the router. Since, they did not take a rational approach to solving the problem, the problem is likely a political one from one greybearded idiot to another.
Been a consultant for the government. Seen it. I once went almost 4 months doing nothing but earning good money while waiting for the Chicago Tollway to resolve some political infighting. 4 months of sitting at home, watching TV and basically chilling out on Illinois tax dollars.
It was lovely.
There aren't enough pureblood indians left in the US to fill a 747. The people getting benefits only have to demonstrate a degree of Indian ancestry, which for many is a stretch.
DOI isn't the only place in DC where clueless PHBs make decisions like this.
Much of the money that is handled 'for' the native americans is not federal money from taxes. It is money that is due native americans through things like mineral rights. Security should not even be at the top of the list though- plain mismanagement and incompentence that is criminal. But as is often the case- none of the big players are being held responsible to the extent they should. You can read about it all over the place - like this article
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
Looks like the Interior Department has been having computer problems for a long time (December 2001!):
"Web wanderers looking for information on national parks, government mapping services or geological disasters will need to get their information from non-official websites for a while.
U.S. District Judge Royce Lamberth issued the order late Wednesday after a report showed that the computer system which handles $500 million annually in royalties from Indian land has major security holes that make it easy to access the system, alter records and possibly divert funds."
Indians are not being reimbursed from attrocities committed in the past (not enough money in the world). The monies are from the tribes charging money for companies...mostly mining companies...for using their tribal lands. The lands are not owned by the Indian tribes, but are held in trust for them by the US govt (sorta like how we are doing now for the Iraquis...) so the tribes cannot contract directly with the mining companies. The govt holds onto the royalties made off these lucrative contracts and redistributes them to enrolled tribal members. Except their bookkeeping sucks. Just like it always had. We are talking about millions of dollars owed to the poorest people in America that just disappeared. The money that is lost was owed via contracts. No one was watching out for these people is the whole point.
Uh, do you know what a "treaty" is? It is a legally binding contract. Despite having repeatedly violated the treaties, the Interior Department is legally bound to try to honor them. These "payments" are usually part of ongoing compensation for having deprived people of land that they were legally entitled to. The priciple of Eminent Domain does allow the government to kick people off their land, but stipulates that they must be compensated.
"Freedom means freedom for everybody" -- Dick Cheney
No, there is no way that protecting their privacy and keeping the money that is rightfully theirs from being stolen is doing anything good for them. Give me a break, read the article and not just the headline.
Oops, this is Slashdot. (Rosanne Roseannadana Voice) Nevermind!!
So does this mean there will be some positions opening up for new Sysadmins?
--AC
Not "New Delhi" Indian !!!
... until we wise up and START TAXING THE CRAP OUT OF IT.
Furthermore, "outsourcing" and "H1-B" are not the same "Texas Hold 'Em" and "Black Jack". And yes you can keep the money
It's frustrating to be out of work and not getting offers, while knowing I'm considerably more competent than these fools who still seem to have jobs after b0rking it time and time again.
ehintz
You don't really understand what happened do you?
Firstly, there is no Indian "race" or "nation" that was in conflict with the United States.
There were many conflicts with many tribes and there are many settlements which differ in scope and letter of the agreement.
Since the closing of the Frontier in 1890 and the end of major military action with the American Indians around the same time the rights of the American Indians have changed and the role of the government in thier lives has changed.
The crux of this arguement between the DOI/BIA and the folks suing them isn't about monetarily reimbursing for "or practically annahilating their race" it's about mismangement of natural resources on lands which are on Reservations or were on Reservations which are held in trust by the United States Government who act as stewards of the resources, both discovered and undiscovered.
Basicly the DOI/BIA has lost billions of dollars of money that should have been paid out to various tribes and various private citizens. Not only that, but they can't figure out a webserver that holds confidental information on the monies going out to private citizens that can't be exploited.
Is MTV getting hard up for programming ideas or what?
This should be obvious to moderators, but there are quite a few wackos with points who would mod any anti-US, leftist claptrap up.
and just so everyone knows, the dept of interior is 100% standardized on Microsoft Windows. They do not use any Unix/Linux/BSD anywhere. everything is windows. thats part of the problem of why they are so insecure
Does the name Pavlov ring a bell?
Do you live in a teepee?
"(g) No Refusal Gift Acceptance Policy
All Department of the Interior employees may accept gifts offered to them by representatives of Indian Tribes, Alaska Native Organizations, Insular and foreign governments when refusal to accept such gifts would be likely to cause offense or embarrassment or otherwise adversely affect relations with the United States."
Don't you know? Most crimes are inside jobs.
I still have more fans than freaks. WTF is wrong with you people?
If irony was made of strawberries, we'd all be drinking a lot of smoothies right now.
Interior Dept unplugged from the Net
Judge orders agency to shut Internet system after concluding security holes are still a problem.
March 16, 2004: 2:46 PM EST
WASHINGTON (Reuters) - Wide swaths of the Interior Department were taken off the Internet again Tuesday after a federal judge concluded that the agency still has not fixed security holes that threaten payments owed to American Indians.
It was the third such shutdown for the Interior Department since 2001, when an investigator found that hackers could easily steal money from a system that allocates energy and mineral royalties to 300,000 Indians for use of their land.
U.S. District Court Judge Royce Lamberth said the system still remained vulnerable despite the department's assurances to the contrary, and the agency could not be trusted to fix the problem by itself.
"The feigned indignance of Interior aside, there is simply no other alternative. Interior brought this on themselves," Lamberth wrote in an opinion signed Monday.
The Interior Department said the order "is a new frontier in this court's efforts to run the operations of executive branch agencies."
"We are working closely with the Department of Justice to quickly respond to this order in the appropriate legal venue," the agency said in a faxed statement.
Lamberth, who serves in Washington, ordered Interior to pull all its computer systems offline except for those involved in vital police and fire services.
Bureaus that oversee national parks and provide geological information can also remain online as they have no relation to the trust data, he said.
Divisions that oversee wildlife management, oil and gas royalty payments and Indian affairs were offline Tuesday. Employees are unable to access the Web or send e-mail to those outside the agency, spokesman Dan DuBray said.
The order also shuts down a program that provides Internet access to schools on Indian reservations, the agency said.
Interior could bring its systems back online if an independent reviewer certified them as secure and monitored them on a monthly basis, Lamberth said.
The Interior Department consistently attracts failing computer-security grades from congressional reviewers.
The blackout stems from a class-action lawsuit between the agency and Indians who allege that it has mismanaged trust accounts set up in the late 19th century to handle proceeds from oil, gas and minerals extracted from Indian lands.
Lead plaintiff Elouise Cobell, a member of Montana's Blackfeet tribe, charges that the government has lost track of billions of dollars and wants the judge to transfer control of the accounts to a court-ordered receiver.
Working with a court-appointed overseer, the agency had been able to bring nearly all of its systems back online within a year after Lamberth ordered them unplugged in 2001. But Lamberth ordered some systems offline again in July 2003 after a dispute between the agency and the overseer.
I still find it funny that the US government pays current American Indians for it's actions in the past.
And the gov't doesn't even recognize all tribes. They have set a very high bar for recognition, one that is too expensive for many tribes to pursue. Some of the richer tribes have taken to lobbying the gov't to prevent recognition of lesser tribes to keep them from enroaching on the fat profits many tribes are making from various endeavors like gambling and tobacco sales.
I don't know what the system's like in the US, and I'm not saying our ancestors (key word there) didn't do some terrible things to them, but in Canada the natives want nothing else but to reap the benefits of our hard work while they hunt endangered species with no regard for our environmental laws. They get free power, free housing, free money in addition to not paying taxes on the money they earn with and like the rest of us (assuming you can actually find one of the few that work for their living), free vehicles so long as they can prove they're using them to uphold their "traditional" way of life (no joke here). The list goes on much further than that, and it's absolutely ridiculous. They may have been a noble people once, but at this point most of them are nothing but spoiled beggars. If you want to live in the modern world then go to school and earn your keep, if not then go back your wigwams and wear your bearskins with pride. Believe me, there's no shortage of open wilderness here in Canada so it's not like they don't have the option. There's no reason we should still be paying penance for the actions of our ancestors. If my father went out and killed someone, I wouldn't get in any trouble for it, so why do natives still deserve the support we give them, and why do we still feel obligated to give it to them?
From Eddie Vedder - "Those ignorant indians got nothing on me. Nothing! Why? It's evolution, baby!"
thank you
Oops, this is Slashdot. (Rosanne Roseannadana Voice) Nevermind!!
Wrong character. Try again.
I was talking last week to an Offshoring outfit who was crowing about the contract they had to supply these guys with cheap labor to handle their IT needs.
:)
I guess you get what you pay for.
And this is exactly why you should not depend on the government to do anything with any degree of compentency. Every time someone suggests handing over some large project or economic or social program to the federal government, I cringe. Large organizations are inherently inefficent, and the larger they are, the more inefficent they are. Governments are some of the largest organizations out there, and in fact, the U.S. Government is the single largest organizational entity on the planet.
Obviously, there are some things that can only be done by an entity of that size (going to the moon in 1969, for example), but to expect efficent and effective IT policy from the Department of Interior is like getting angry when your pet elephant tramples your flowers.
... to worry about security.
[Jessica] Simpson, whose verbal gaffes are also legendary, pulled another one Sunday visiting the White House, our sources say. The singer was introduced to Interior Secretary Gale Norton and gushed: "You've done a nice job decorating the White House.
(source, near the bottom, after W. refers to the Ford Theatre as the Lincoln Theatre.)
R: That voice. Where have I heard that voice before? B: In about 365 other episodes. But I don't know who it is either.
i feel terrible about what their culture has become, and I applaud those who try and uphold and continue the tradition. However, their culture antiquated and they are surrounded by one of the most technological advanced nations in the world.
It looks like the Park Service, USGS , and Office of Aircraft Services are still online. Yet there are some seemingly unrelated divisions offline that probably shouldn't be. I don't see why the National Interagency Fire Center is offline. It seems somewhat important!
If your grandfather killed my grandfather, I wouldn't expect you to be punished for it. On the other hand, if your grandfather stole my grandfather's property, and I'm my grandfather's rightful heir, were this fact uncovered, you should be expected to give me back the property that is now rightfully mine. That's not punishing you for a crime your grandfather committed, that's not penance, that's just doing what's right.
Now, if we want to give the natives of North America back what rightfully is theirs, we European decendants need to get on ships and sail back to the Old Country, set up shop in London or whereever. Personally, I don't want to do it. So, if I'm not going to give back what is rightfully theirs, I should at least pay rent on it, no?
Again, I'm not interest in punishment, which I don't deserve, or penance, when I don't need. What I'm interested in is doing what's right...
"Convictions are more dangerous enemies of truth than lies."
and you're still at work. therefore your internet connection is back.... You don't work for the DOI do you?
Why is the court telling the DOI to unplug? Is there a lawsuit I'm missing? The court's job is to rule on lawsuits brought before not define public policy or run about ordering people around. So unless there's a lawsuit about the DOI's systems, the court should stfu.
--
http://cheeser.blog-city.com
End of major military action with the American Indians... So you had President Cleveland hang a MISSION ACCOMPLISHED on a... uhm... giant steam-powered mecha spider?
(Look up the history of the Seminole sometime.)
Government computers are insecure and Native Americans get the shaft from the federal government.
Wow. In what way is this news?
Proud member of the Weirdo-American community.
I would venture: Yes, yes, and yes. Why do you think they are shut down? :-)
My beliefs do not require that you agree with them.
in PDF format at the plantiff's website. It'll tell you all you ever wanted to know about the events that led up to yesterday's decision. There's some good zingers towards the end.
Mind you, they may well be a bunch of lying Pakis - the three from Tipton were apparently overheard planning to go and train in Afghanistan, but of course the authorities over here won't send the bastards back to Pakistan where they belong.
Yes - I am a British nationalist. It's my country, and my right to object to it being diluted by multiculturalism.
oh brave new world, that has such people in it!
It was not their land. You have a lot of thinking to do. Ask yourself, if they were entitled to a whole continent, why aren't others? Where's my America, for example? They're entitled to one, why aren't I? No, my friend, we are all heirs to the earth and we are all here now.
A recent exploit documented on indianz.com was to a couple of AS/400 systems that had no password for database administrators. I know that MS SQL Server used to ship that way by default, but to my knowledge it doesn't run on AS/400. The article doesn't say, but DB/2 or Oracle would be my guess. Sounds like the admins are either way overworked or Just Plain Incompetent.
Send the buggers back, there are plenty of PIA flights every day.
oh brave new world, that has such people in it!
It is the function of the One to bring the code you carry to the core...
>The money isn't reparations like most african >americans are clamoring for. Most African Americans? Right clown boy.
I'm posting this AC for obvious reasons.
A few years back we had a run-in with the DOI. We found very strange things in our web and FTP logs and traced them back to a Denver office of the DOI. Basically what they were doing was spending hours every night (way after office hours) digging and digging and digging to see what they could find. There were tons of 501s because these guys would enumerate when directory listing was turned off.
My colleage wrote to the DOI in Washington and asked 'what's up'. Because of the evidence we could show, the DOI Washington office decided to put a sniffer on the Denver line. Great, we thought, soon this wil be cleared up. As if.
A week goes by, and the Washington DOI people contact us. Their sniffer thing didn't work. When they were about to install it, some dork went around the Denver office barking, 'OK EVERYBODY HAS TO GO HOME EARLY TONIGHT WE'RE INSTALLING A SNIFFER ON THE LINE'.
Now if you believe that story (and that's how they told it) is another matter. We did not - and ever since, at regular intervals, they're back again.
Funky group. Very funky!
There's some irony in Wyatt Earp setting the record straight here :)
...the sysadmins.
Linux was shown as the most-breached OS on the net according to that study Slashdot posted, remember.
The only thing turned off is essentially all outside connections to the internet, internal email within the DOI still works.
:-)
My father works for the Fish & Wildlife Service and he says these stints without email are some of his most productive times.
Imagine how much spam he's NOT getting
On a funny note, the first time they shut him off they only blocked heavily used ports (http/pop/smtp, etc.) but they left open ports for things like AIM etc. So for a few weeks we chatted using AIM despite the fact that he couldn't surf the web. Eventually they got wise and blocked all ports to the outside.
R-
Hard loop..... huh?
Dynamic Designs
But what is "rightfully theirs"? You actually accept that they have a better "claim" to the continent than you do? They get a whole continent and you get pokey old England?!?! I think someone has laid a guilt trip on you, my friend, and as you get older, you will see it and build up your defenses to not let it happen again.
like the NSA, DOD, and others that routinely deal with security know how to properly secure their systems. Yes, even they are human, make mistakes and get hacked.
Agencies like the DOI that deal with issues that are deemed to be of less importance than National Security usually don't get the best-of-the-best when it comes to resources for data security. Also, these are the agencies that suckle the most at Microsoft's teat.
IMHO, I think that the NSA should do the security for ALL government agencies, not just the spooks.
If "disco" means "I learn" in Latin, does "discothèque" mean "I learn technology"?
My roommate worked for the Dept of Interior. He was always amazed at how the home network I had set up for us always 'just worked'. He said 'the internet' at work would go down at least once a week, and always on Monday morning.
He brought me to work for a party once, I was amazed that everyone had a sweet computer with a big LCD monitor. The offices were huge so they didn't need LCD for the space. When I commented at how lucky they were he said "Actually the made us turn them all off becuase they aren't good enough". I was puzzled by that but didn't ask further, I was there for the free food and beer coutesy of my federal tax dollars.
BTW, they ran a mirror under our car going in, but I was never asked for ID.
Soooo by posting all three links to /. make sure to take them all offline ! Brilliant !!
Roses are red, violets are blue, most poems rhyme, but this one doesn't...
Which is why secured government facilities are required to shred all classified documents. And as for Mr. Feynman's legendary escapades, Los Alamos was recently severely upbraided by the DOE for its lax security.
Most government facilities have the lowest level of classified information ("Secret"). Very few have "Top Secret" or higher. And even with Secret, there are very extensive procedures in place in terms of document storage, personnel access, etc.; you're not going to be able to get in with a penknife, leastways not when the document is in a 2-ton graphite safe with 70-point rotary dial behind an armed guard gate.
And as for the guy who found a 10-Base T hub? Dude. That's nothing. We throw old junk away all the time. I just threw 5 Betacam SP decks, worth about $6000 each, in the trash last week. Remember, the agencies can't sell equipment; only the GSA sells surplus, and that's at auction. And it's not like the agencies get credit for turning stuff in. So there is no financial incentive for the agencies to save old equipment, and the paperwork is far too much of a hassle to deal with, just to get it transferred off the books to surplus. (You have to verify condition and certify it, blah blah blah.) So we just get it written off as damaged beyond repair, and toss it.
Believe me, I'd take the stuff home if I could, but then I'd technically be stealing. It has to be officially thrown away first.
God Bless America.
take computer from the desk
put the computer into the box it came in
call vendor to get RMA number
when they ask what's wrong simply give them the (un)expected response...
"Sorry, our department is just to stupid to use these computers... we're just not worthy..."
The computers are down for uh... (maintenance? No we cant say that... used it in 1980...)
..
...
...
uh... (For updating to a new accounting system for this very account? Damn, used that in '92... there's got to be a good excuse here somewhere... I know!..)
Oh, yeah it's a security issue! That's it, a security issue... can't mess with security now, can we? Not after 9-11!...
(Good one!)
Yes, we'll get back to you about that $700,000,000.00 we owe you after all of this is sorted out...
Oh, sure. As soon as possible...
Don't worry about it, we've got everything under control. Thanks for being so understanding...
Oh yeah, I almost forgot, your access is going to be out for a while...
That's right, no email, no web...
Yes, there'll be no distance learning at the schools either for the time being...
Really, that's not fair. Why don't you people just hire more teachers?
What's that?
$700 Million?
It's funny how technical problems always plague the DOI every time this issue comes up.
Read, L
I don't know anything about Interior's problems with the Indian accounting systems, but I can assure you that the security scorecards for Federal systems are tough. OMB and the Hill have appropriately set a very high bar to push agencies to the limit. The intent is to make government systems a model for security best practices - they don't get marked "green" unless they jump through a lot of hoops. There are plenty of bright people on /. who could teach the Feds and anyone else a lot about secure systems. But there are also a whole lot of us who, truth be known, are running critical systems that couldn't come close to passing muster against the standards used to rate the Feds on security.
I also haven't seen any specifics about why the Judge is hammering DOI. I wouldn't be surprised if they are simply battling with the Judge over the oversight processes she wants to impose - granted that might be a dumb battle to fight.
i write software for many many many banks in Minnesota.
Almost all of them use pgp for anything remotely confidential, and many use md5 checksums to make sure nothing got changed in-transit.
I dont know the prices myself but im pretty sure its not $10k. Even if it is, thats peanuts for most banks, especially for something as critical as that.
Plus, I have software out there that many companies dealing with credit cards use. If you apply for a Target credit card, your application (after it has been scanned) goes through my application. Guess what, coming into and going out of, its encrypted.
Maybe you havent worked with banks lately, I'll agree it was pretty bad maybe 6 years ago, but they have got up to speed quickly and most are more secure than your average large company.
That homeland security department is fast =)
"If any question why we died, Tell them because our fathers lied."
The computer security can be laughable sometimes. Those of us who develop software, use Linux whenever possible. I NEVER boot my pc into windows except to allow the IT people to update my antivirus defs. You wouldn't believe the grief I get if I don't boot into windows at least once a week.
The problem is that federal employees get lousy pay. If the Fed paid more, they might be able to get a half-decent set of admins in the DoI.
Instead, it's a pretty good bet that it's MCSE central in there...
May we never see th
So I'm posting anonymously.
We use mostly VAX here at the DOI for the fiancial servers; I'm in charge of maintaining the FORTRAN code that is run for the transfers (key point here: don't touch it! It's worked fine for over 15 years).
On the desktops, its straight up Windows 98, and Office 97, and -- get this -- Netscape 4.7 (yeah, it was the standard for a while, and still is, unfortunately). We're supposed to get upgrades to Windows 2000 (and Office 2000, and Netscape 7.0) one of those days, but they've been saying that for a while now. We don't even run virus scanners on the desktop yet -- you should see some of the spyware installed on some clueless people's desktops. And firewall? Ha! I wish.
And what exactly is a "Department of Interior"? Please enlighten this curious non-American. This is the first time I've ever seen the name Department of Interior...
Duct tape is like the Force. It has a light side, a dark side, and it holds the universe together.
According to netcraft, doi.gov was running NT4 or Windows 98 when it was last updated 3-ish years ago. Does that mean that they still haven't upgraded from NT4?? If their web server is any indication of other servers at the DOI, it is no wonder they were pulled down...
If they are looking for secure servers, then they should move over to MacOS X server like other government agencies who want top notch security have.
Of course the government hates spending less money than they already do, so the OS X servers would make too much sense.
Come and argue when you've got a name, Mr nonentity.
One of my best mates happens to be a Jamaican Muslim, and his views on Pakistanis are roughly the same as mine, only more extreme.
oh brave new world, that has such people in it!
First you have to gain access to the facility, then you have to have access to that area and then you have to have access to the files. It is not that easy to just stroll in there and get a copy of them.
At least in the case of the indian stuff it wasn't an issue of getting copies of the information.
They "lost" essentially all of the indians' money - and the records were corrupted enough that it was no longer possible to trace who took it.
The bureaucrats in charge (the likely suspects) then took advantage of the insecure network to finger-point away from themselves. And the systems were taken offline when it was shown that they were STILL wide open.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Any level of incompetence and malfeasance displayed by the DOI would fail to surprise me.
[Set Cain on fire and steal his lute.]
...when the security testing company decided to run a portscan on a server at the same time the server was scheduled for a reboot. (Yes, they have scheduled reboots. Windows servers.)
When the security outfit saw the server disappear AS they were scanning it, they concluded that DOI had detected their portscan and pulled the plug on an insecure box.
At least, that's the scuttlebut I've heard. But it's not like DOI hasn't done many other things to piss off this judge.
Why can't they beg access to use NIPRNET? From what I glean from scanning through all the conspiracy theories, it's basically a secure proxy for military and other sensitive-type peoples from the gummit to surf pr0n anonymously (I get hundreds of hits from *.NIPR.mil at griffjon.com each month, mostly looking at old shadowrun RPG junk).
This isn't a total solution, obviosuly they have some serious internal security probs, but it'd at least get them back on the web/email, and take their productivity back down to more acceptable levels for gov't employees.
Returned Peace Corps IT Volunteer
For starters, only 1/2 of the interior is shut off. USGS, the Park Service and others are up. The Bureau of Reclamation, the Bureau of Indian affairs (duh), the Bureau of Land Management, and some other offices are down.
The judge's order is archived
here
The kicker pages that say what Interior must do are pp. 26-29. The order does outline some intrusion attempts that were successful at parts of Interior.
The Plantiff's site gives an overview of the case--it's written by the Indian Plantiff, so it's biased, but still pretty accurate.
Background: this is all about trust fund monies that in the late 1800's the U.S. Government said to Indian tribes: "We'll manage the monies that are made from drilling, mining, etc. your reservation land. Trust Us! PS: You don't have a choice." Then, the Gov't took the money and said buzz off to the Indians. In the 1990's, some Indians sue, and say where's our money -- Interior says, I dunno.
Is the judge vindictive -- probably. But it's not that different from Hanging Judge Jackson in the MS Anti-Trust case -- the judge may be pissed off, but he's got that way from years of dealing with the incompetence of Interior.
M
I work for a hospital that sends excel files containing data of HIV positive patients unencrypted over SMTP to an external mailserver and receives this mail by (unencrypted) password-authorized POP3.
To top this the POP3 password is the same as the one you need to access the hospital's database system.
The complete network is a single subnet populated with some hundreds of Win2Kpro boxes, that are usually never updated and just waiting for the next virus/worm to distribute sensitive data.
But they have very good locks at the doors...
Sometimes I could cry about this level of ignorance, but since I'm just a freelancer and don't want to be told about their insecurity...
k2r
Any distance learning classes are going to have some problems. So the court ruling affects the education of the next generation. It looks like US Geological Survey (the group that administers the bia.edu part) will be going to court to get the order lifted for the colleges so they can go on without interference.
PS
Also, it is believed that the amount of lost money for mineral / grazing rights on the trust land total around $10 billion.
Honestly, Uncle Sam, get your act together. If you have to shut down your computer systems (for the second time!!) because they are that insecure, what are our tax dollars truly going for? What aren't you doing right? I plan on contacting my Congressional Representatives about this issue to ask just why they screwed up this bad.
Funny, I just applied at a Info Tech Specialist for the DOI. Maybe I can work some mojo...
"Watch as I use my crack squad of badgers (badgerbadgerbadger....) to fix servers and thwart evil! Watch as I bend plastic zip ties with only 4 fingers!"
Oooh, I hope no hiring managers are reading this. Where's that delete button...
Vote monkeys into Congress. They are cheaper and more trustworthy.
...and your point is what exactly? No, Windows isn't the most secure OS, but don't point the finger at Redmond when this is a case of sheer incompetence by the admins.
Even if they are running 100% Windows (which I can see by other comments they are not), a competent admin can configure it and put it behind a good firewall to make it quite secure. Incidents might happen, but not enough to warrent cutting the whole office off the net.
If my computer systems were so insecure as to be shut down, I would be fired. FIRED, FIRED, FIRED. I would not be around long enough to make the same mistake thrice. How hard could it be to install a virus-scanner, proxy server (squid anyone?), and a firewall? Then only leave open necessary ports (25, 110, 443, 80, etc). How come government is given a free pass when it comes to incompetence? If stuff like this happened in the private sector, shareholders would be calling for heads on platters.
I hate sigs.
Hi, I'd like some security. Yes, I'm very insecure.
Here's the breakdown of the judges' decree I read at work (at one of the DOI deparments) earlier today (and yes, internal email still works!)
:)
A couple years ago Cobell wanted to know how much money was in the trust fund. DOI stutters, says "uhhhh" and a lawsuit is filed. DOJ (Department of Justice) says to DOI "Your computers are not secure, you're cut off from the internet until they are secure." Internet is out for a few months. An appeal is filed, DOI says "We've fixed the problem!" DOJ says OK. Internet is restored, but as it happens nothing has really been secured. IBM is hired to hack at the servers, and for a month and a half of hacking NO ONE NOTICED or even attempted to take countermeasures.
Here's a kicker: when a security audit was planned for one of the machines, DOI pulled the plug when they knew it would be getting scanned! Needless to say, the judge is rightfully upset with DOI, and we probably deserve to have our internet shut off.
In the meantime, it really sucks to have to order stuff over phone and fax. I just hope this outage doesn't last for months. Today was long enough....
Cheers.
Well, I suppose you can send paper mail if you can find their address...
Just because they didn't own the whole continent doesn't mean taking what they did own was just.
at *least* $13 Billion
Given that the government has been held in contempt for destroying records in violation of court order (some documents dating back to the 1800s)
Its amazing that this case has not recieved more press coverage
Theres some interesting information at www.indiantrust.com
Just to make it clear, the whole shutting down the DOI Internet access thing is 100% BS, driven by lawyers looking for money who do not have the best interests of Native Americans in mind.
A few years back I was contracted to the DOI teaching agents PC field repair and troubleshooting. I thought their computer systems were very nice and well managed. I was however only in the Wildlife and Fisheries Department.
MAKE YOUR TIME
Wyatt Earp wasn't an Indian Fighter IRL, he was a "lawman" in Kansas and Arizona.
"DOI isn't the only place in DC where clueless PHBs make decisions like this."
PHB's are rewarded with success, instead of, say, acts of violence against their persons. Are you part of the solution or part of the problem?
I suppose that if I look in the phone book I'll find you under BigBadBri. Just because you post under a named account doesn't mean you're any less anonymous.
they're the Indians in the news all the time for doing outsourced work for Americans right?
Visit http://ringbreak.dnd.utwente.nl/~mrjb/growingbettersoftware to download your free copy of the book
You mean the safe is made of a flaky, crumbly substance that can easily be broken with a hammer and tends to rub off onto nearby objects?
Wow... cool.
Whence? Hence. Whither? Thither.
If you listen to Jessica Simpson, the DOI is charge of decorating. What kind of confidential/secret/classified information could they have?
don't feel bad- when I first heard about this a while back I didn't really understand it either. The only reason I did hear about it at all is because I live in Arizona. We have the largest Indian Reservations in the U.S. Plus one of the people who has been involved in the whole thing is Bruce Babbitt. He was governor of AZ before he was secretary of the interior. So this stuff made the local news here.
And you just have to remember that when ever you are talking about government and native americans that things are going to be wierd. It will be a while before things get straightened out- due to the things you mentioned in your original post. How do you make up for treachery and lies? How do you keep agreements that were made when killing failed- but don't make a lot of sense now? It is all very complicated.
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
DOI employees cannot use the Web or send or receive e-mail
If they lose their phones, maybe they will get some work done...
One said an American girl had smeared menstrual blood across his face in an act of humiliation!
FYI: That isn't possable.
And I might add men who have a hard time maintaining control on seeing a womans FACE is hardly a religous man... At least not one of Islam.
A diet of foul water and food up to 10 years out-of-date has left inmates malnourished.
I guess your channeling the dead? Eating food that is a mear 6 months past due will KILL you.
Foul water has the same effect... IE killing you.. and in some cases you don't even need to drink it.
I guess you could say sex is to you as lying is to Americans...
IE: It makes us sick, we hate it, we can't help but do it anyway.... (WoMD my ass).
Were as Sex is to us as lying is to you...
IE: Got no problems doing it. Think it's great. Do it often. Pitty those who don't.
It is a ploy to keep the Interior from mounting any defense before the Bush-Cheney Energy Bill gets a vote.
The first thing Clinton ever vetoed was the Taylor-Dicks amendment to something else -- oh, yeah it was the budget bill for the year -- anyways, that amendment was tagged onto something that the distinguished genetlemen had assumed the president had to sign... trying to force the concept down the throat of the taxpayer that it was a Good Thing (TM) to let the oil and lumber industry come in and rape what's left of our pristine wildernesses in the west and northwest and that it was an even better idea to have the taxpayer foot the bill for all the infrastructre (roads, bridges, etc.) required to do it. Well, like I said, it became the first thing Clinton ever vetoed (up to that point he had been viewed as strangely cooperative and non-partisan). Well, when the budget crisis ensued and the entire gov't threatened to shut itself down (remember that? how many of us hoped it would?) the first agency to get the axe was the EPA and Congress even went so far as to repeal the Environmental Protection Act for a period of three years and the work in the forests went on as planned.
This is just more of the same, business as usual. Ony this time, they're cutting the Interior Department off at the knees before they have a chance to mount opposition. If you make sure it doesn't meet opposition to begin with, you won't have to resort to more obvious dirty tricks later on. Nobody shut down the Democrats' systems in the Congress for insecurity... they pilfered them for all they were worth. Not really news here. Nothing to see here folks, move along...
Can I bum a sig? I left mine at the office.