Slashdot Mirror
Extent of Government Computers Infected By Bots Uncertain
Krishna Dagli writes to mention findings by the company Trend Micro on the extent of bot infection in U.S. Government computers. The article by Information Week indicates that, while the 'original' findings were much harsher, the security vendor has since backed down from some of its claims. Still, the extent to which information-stealing software has penetrated our national infrastructure is enough to take note. From the article: "While it may be tempting to discount the warnings of security vendors as self serving--bot fever means more business for Trend Micro--there's unanimity about the growing risk of cybercrime. In its list of the top 10 computer security developments to watch for in 2007, released last week, the SANS Institute warns that targeted attacks will become more prevalent, particularly against government agencies. 'Targeted cyber attacks by nation states against U.S. government systems over the past three years have been enormously successful, demonstrating the failure of federal cyber security activities,' SANS director of research Alan Paller says in an e-mail. 'Other antagonistic nations and terrorist groups, aware of the vulnerabilities, will radically expand the number of attacks.'"
- we have a new excuse for legalising illegal wiretapping and making it mandatory for Americans' PCs to spy on their owners! Because if we don't, those strangely elusive terrorists will have won. Again.
-Eric
SJW: Someone who has run out of real oppression, and has to fake it.
I know it's always fashionable to bash Windows here on /., but stories like this really do beg the question of why the government is not seriously looking at a more secure operating platform. In particular, while Linux is not perfect, it would be much less likely to fall prey to the ills that are epidemic on Windows without much, if any, added cost post transition. I suppose someone will have to die before getting off of Windows is seriously considered, if even then.
To the making of books there is no end, so let's get started
I used to work both as a consultant, and an LTE for a department of a state government. I did software development, all of our Network resources were managed by the Department of Administration (DOA, appropriately enough). DOA may have started out as a good idea, one centralized agency that maintained licensing, contracts, support, purchasing, etc... But cutbacks led to them continuously cutting pay and positions. By the time I left, the only representatives from the DOA that I knew of were two LTE college students, and one former manager who took a demotion to a tech position to stay employed (which just happened to bump one of the last skilled technicians out of the department).
Anyways, under their watch we had numerous security breaches. One of our servers was hosting a child porn collection and IRC channel. Another server had been crippled by viruses, and we had seen other signs of intrusion time after time. The child porn server was confiscated by the FBI when they tracked it down. They returned the server to the DOA when they had finished so that the DOA could learn from the breach and correct the security issue, but there was no one employed with the DOA who could identify the failure or what to do about it.
Anyways, my rough guess is that given what I've seen of state networks, I would think they are heavily botnetted. The other side of the public sector though, atleast the Marine Corps network, is a pretty impressive setup. I've seen those guys in action and I would be extremely suprised if there is a lick of traffic that escapes their pipes with out their express knowledge.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
If an Agency is willing to spend the money, time and energy to put in place the protections that the typical Government information system deserves, this wouldn't be a problem.
My agency uses a multi layered defense to protect us against these issues. There are network level protections, PC level protections and desk-side support level protections. We also regularly send out warnings about current threats as well as require personnel to undergo annual IT security awareness training.
Individual PCs that are found to be broadcasting unknown signals to unknown or unverifiable outside destinations are removed from the network and reimaged immediately.
If, from a complaint to the help line, we find that a PC is infected with spyware, we don't even try to remove it; it is immediately reimaged.
We have instituted a locked down desktop policy; users are NOT allowed admin access except through application to a special committee for good business cases, based upon the use of special software that requires such access to run. We bend over backwards to alter those situations to avoid that access whenever possible.
Laptops are imaged using an image that is encrypted using a good encryption program that encrypts the entire hard drive using a 512 bit key, and NO laptops are allowed to be bought without going through our recieving process where that image is installed.
We have spent millions of dollars of your tax money in the last five years bringing this system online, but now that we have, we believe that we have as safe a system that we can get without just unplugging it or spending twice as much.
We don't have classified material, but we do have information that is confidential by law and must be protected from public release. (proprietary information belonging to firms we regulate.) This limits the measures we need to use, since classified material requires a completely different level of protection.
If the VA had used a system like ours, they would never have been embarrassed by the recent theft. The theft may still have occurred, but the information would never have been at risk.
It is not a perfect system, and it takes constant dilligence to maintain and periodically upgrade, but I think we do a pretty good job.
"Money is truthful. If a man speaks of his honor, make him pay cash." Notebooks of Lazarus Long, Robert A. Heinlein
Because nobody wants to be hugged by 50 year old suits?
May the source be with you.
There were a few notables I saw while I was active duty in the Marine Corps as a 4067 (Computer Programmer). My first experience with the MITNOC was in Okinawa, Japan. One of the network/pc techs had put up a geocities page that had references to UNC paths inside the network. It worked great for him because he could go to any PC on any of the bases and get to all of the tools/software/installs he needed for most of his work. The links were only worth a damn if you could get into the network though. Unfortunately someone else (I believe it may have been 'Hackers for Girls') also discovered the links. The same weekend in 1998 that CNN was disrupted, the MITNOT (Located in Quantico, VA) noticed a huge flood of attacks on the Oki network. With in a few hours, the MITNOC had the website taken down, a mirror image of the PC tech's hard drive, his browsing history for the last 3 months (printed and digital), and 3 Marines on a plan to Japan.
Another notable environment I saw was one of the Office buildings in Quantico, VA. Each new building for the most part had it's own network design team that would configure the building prior to people moving in, and they would design and configure everything. Once the regular staff showed up, the design team would hand off control of the network to the local IT department. The guys at the Marsh Center had this down to a science. When I left Quantico, the only thing those networks would get out of their chairs for was to clear a printer jam or replace failed hardware. Everything else was locked down, automated, network pushed, and other whys control remotely. A truly beautiful environment for both the IT support team, and us developers.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs