Slashdot Mirror

← Back to Stories (view on slashdot.org)

Extent of Government Computers Infected By Bots Uncertain

Posted by ryuzaki0 on from the they're-looking-into-it dept.

Krishna Dagli writes to mention findings by the company Trend Micro on the extent of bot infection in U.S. Government computers. The article by Information Week indicates that, while the 'original' findings were much harsher, the security vendor has since backed down from some of its claims. Still, the extent to which information-stealing software has penetrated our national infrastructure is enough to take note. From the article: "While it may be tempting to discount the warnings of security vendors as self serving--bot fever means more business for Trend Micro--there's unanimity about the growing risk of cybercrime. In its list of the top 10 computer security developments to watch for in 2007, released last week, the SANS Institute warns that targeted attacks will become more prevalent, particularly against government agencies. 'Targeted cyber attacks by nation states against U.S. government systems over the past three years have been enormously successful, demonstrating the failure of federal cyber security activities,' SANS director of research Alan Paller says in an e-mail. 'Other antagonistic nations and terrorist groups, aware of the vulnerabilities, will radically expand the number of attacks.'"

9 of 96 comments (clear)

  1. Why, that means by Geminii · · Score: 4, Insightful

    - we have a new excuse for legalising illegal wiretapping and making it mandatory for Americans' PCs to spy on their owners! Because if we don't, those strangely elusive terrorists will have won. Again.

    1. Re:Why, that means by thrillseeker · · Score: 2, Insightful

      That would mean holding government people to the same laws as civilians. When do we do that?

      Daily.

  2. Bots accounting for questionable browser habits by Neil+Watson · · Score: 2, Insightful

    How many of these bots are there to generate hits for porn sites thus making the employees look bad?

    --
    UNIX/Linux Consulting
  3. It's the bureaucracy that's the biggest problem by elrous0 · · Score: 5, Insightful
    As someone who has worked in government IT, I can tell you that the biggest problem that we faced security-wise was the bureaucracy of the government. Want to hire a consultant, buy a piece of security software? Then you have to go through the long and arduous procurement process (forget any nimbleness or adapatability). Want to fire someone who is incompetant? Forget it (firing anyone is a HUGE pain in the ass, especially in the federal system). What you end up with in government IT (and, hence cyber-security) is often a bunch of guys used to doing the same thing every day; never learning anything new; who have grown burned-out, disenchanted, and cynical with the whole process.

    -Eric

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
  4. And Yet Still Windows by blueZhift · · Score: 5, Insightful

    I know it's always fashionable to bash Windows here on /., but stories like this really do beg the question of why the government is not seriously looking at a more secure operating platform. In particular, while Linux is not perfect, it would be much less likely to fall prey to the ills that are epidemic on Windows without much, if any, added cost post transition. I suppose someone will have to die before getting off of Windows is seriously considered, if even then.

    --
    To the making of books there is no end, so let's get started
    1. Re:And Yet Still Windows by Sloppy · · Score: 2, Insightful
      I think the real reason that you see so many security vulnerabilities is because you have experts (not just script kiddies, but blackhat experts) trying to break into Windows on a daily basis.

      That may be an aggravating factor, but it's definitely not the main problem. Windows' biggest problem isn't just that it's proprietary software -- it's that it just plain sucks even within the realm of proprietary software. It's the one platform where

      • Web browser was designed to download and execute binary code from web pages. I'm not talking about accidents and bugs like buffer overflows -- I'm talking about an intended feature. It's horrifically dangerous on purpose.
      • Mailreader executes attached scripts (supposedly this is mostly fixed nowdays?)
      • Word processor and spreadsheet execute macros when loading document -- and those macros can do just about anything.

      These aren't merely bugs that Microsoft failed to catch before the product shipped. Free vs proprietary software issues aside, Windows is dangerous by design. It's not just about lack of peer review or poor code quality. It's about trying to serve interests other than the users'. Switching to anything, even other proprietary systems, would almost certainly be better, because the above "features" are things that nobody else would dare to implement.

      If another platform were as dominant as Windows and there was still a lack of diversity, the situation wouldn't be as bad. Whether it were free software such as Linux, or a proprietary system such as MacOS, you'd still have a different situation. Bugs would still exist, and vulnerabilities would still be found. But the software wouldn't be designed to treat external (and therefore potentially hostile) content as executable code. You just can't do worse than Windows.

      --
      As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  5. Re:Wouldn't it be fitting... by Hijacked+Public · · Score: 2, Insightful

    But they would never 'discover' that, because they can't sell themselves or their peers security software. A more newsworthy headline, even aside from the fact that 'Extent of Government Computers Infected by Bots Uncertain' really has no relevant meaning at all and anyone who paid to get a report with that title should demand a refund, would be if a security software company audited someone's machines and reached the conclusion that no, you do not need to buy anything from us.

    --
    "Sacrifice for the good of The State" - The State
  6. Re:Granny != Uncle Sam by rwhamann · · Score: 2, Insightful

    Because many of Uncle Sam's employees have the tech skills of granny. Just like a home users, convenience often trumps security - "don't break the mission!"

    --
    seg fault
  7. Budget cutbacks and incompetence by RingDev · · Score: 4, Insightful

    I used to work both as a consultant, and an LTE for a department of a state government. I did software development, all of our Network resources were managed by the Department of Administration (DOA, appropriately enough). DOA may have started out as a good idea, one centralized agency that maintained licensing, contracts, support, purchasing, etc... But cutbacks led to them continuously cutting pay and positions. By the time I left, the only representatives from the DOA that I knew of were two LTE college students, and one former manager who took a demotion to a tech position to stay employed (which just happened to bump one of the last skilled technicians out of the department).

    Anyways, under their watch we had numerous security breaches. One of our servers was hosting a child porn collection and IRC channel. Another server had been crippled by viruses, and we had seen other signs of intrusion time after time. The child porn server was confiscated by the FBI when they tracked it down. They returned the server to the DOA when they had finished so that the DOA could learn from the breach and correct the security issue, but there was no one employed with the DOA who could identify the failure or what to do about it.

    Anyways, my rough guess is that given what I've seen of state networks, I would think they are heavily botnetted. The other side of the public sector though, atleast the Marine Corps network, is a pretty impressive setup. I've seen those guys in action and I would be extremely suprised if there is a lick of traffic that escapes their pipes with out their express knowledge.

    -Rick

    --
    "Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs