Slashdot Mirror
FBI, US Marshals Hit By Virus
Norsefire writes "The FBI and US Marshals were forced to shut down part of their computer network after being hit by a 'mystery virus.' FBI spokesman Mike Kortan said, 'We are evaluating a network issue on our external, unclassified network that's affecting several government agencies.' Nikki Credic, spokeswoman for the US Marshals, said that no data has been compromised but the type of virus and its origin is unknown."
You wanna know how you do it? Here's how, they hit you with a virus, you pull a gun. He sends one of your servers to the IT department, you send one of his to the morgue. That's the Chicago way, and that's how you get Capone! Now do you want to do that? Are you ready to do that?
More and more, sensitive corporate and government networks will need to be isolated or at least mostly isolated from non-sensitive networks and the Internet.
They may not need an air gap but they will need to be isolated enough to prevent general problems like viruses.
They also need to be run with the philosophy of "every other machine or user on my network could become compromised (infected or bribed) at any time."
A couple of possible solutions:
*Give employees 2 computers with a KVM, one for surfing the web and access to non-secure data, one to access secure data.
*Give employees a multi-homed, ROM+read-only-USB-stick-for-configuration-data-boot "thin client" that's stripped down and hardened, with no copy-and-paste, no network bridging, and other designed way for one remote server to influence the other. Then have them connect to different servers on different networks for different needs.
If your security requirements are extreme, use an air gap.
In either case, don't forget to take countermeasures against human idiocy, ignorance, and bribery/blackmail.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
"said that no data has been compromised but the type of virus and its origin is unknown."
How do they know that there was no data compromised if they don't even know the type of the virus?
Knowledge is power. Knowledge shared is power lost.
http://www.itbusiness.ca/it/client/en/home/news.asp?id=53225
How many people have gotten a virus from surfing a site using Linux? Very, very, very, few, to non existent. Sure, Linux is vulnerable but it isn't targeted, the diversity in distros, kernel versions, browsers, etc. help keep the target moving. About the only way to get a virus, in the wild is to download and explicitly install a virus or a trojan.
Taxation is legalized theft, no more, no less.
They DO use Macs. And Dell. They were shown VERY CLEARLY inside FBI headquarters during season 7 of 24.
The spokeswoman said :
"no data has been compromised but the type of virus and its origin is unknown"
That is an extraordinary statement. How would they know ?
If I was head of IT there I would assume that that was not true. Even if there was a completely different computer system for any sensitive information, data has a way of leaking to where it shouldn't be. Of thousands of people, not one put notes or passwords or whatever on the insecure side of the line ?
Regardless of what they tell the press, I hope that internally they are assuming that this is a breach, and acting accordingly.
Please copy this file to your hard drive, decompress it, untar it, chmod it, and place an entry in the root crontab... so I can have your advice.
If you mod me down, I shall become more powerful than you could possibly imagine.
Don't get me wrong, I love linux, Debian-fanboy for many a year. Everyday I have to run apt-get update && apt-get upgrade to keep my system secure. Not everyday it is a possible remote exploit, but there is always some security related bug to fix. Linux may have a better implementation to keep those risks from escalating quickly compared to windows, but I would not run nation-critical apps on it. Not at this point in time. I would look at Openbsd. And saying that, I noticed a lot of comments about openssh lately on fulldisclosure... And another major factor is economics. MS won't take to kindly to people switching on them. And that really is something to take with you when deciding to switch. There is a lot on stake. And there is a lot to lobby for. Linux doesn't lobby, openbsd even less. I don't see Theo explaining to them why they should switch to openbsd and if he did... they would probably tazer the crap out of him. Opensource and especially OpenBSD has a lot going for it when it comes to security, but there is nobody out there who really understands,that you need a lobby to make it happen. And goverments need things like 'support'... Ever asked a question on the openbsd-mailinglist? Without being flamed?
Mac is in no way less vulnareble than Windows, specially in targeted attacks. It seems most people have been brainwashed quite good. Yes, the amount of malware for mac's is lower than Windows, but so is mac userbase. However there are many OSX malware circumventing already and it seems to be just going up.
And no, not all malware require root to run. They can easily run under your user account aswell and still steal lots of data, passwords and keylog etc. If they require root, then social engineering attack will get past most users as they happily enter their root password.
This claim is made by nearly every spokesperson for any major organization which is forced to disclose a malware attack to the public. In nearly every case the claim cannot be substantiated. Run of the mill malware often scans hard drives and uploads data to remote servers over encrypted connections. Most organizations have no way of knowing if these even happened. They don't know how long they have been infected. They don't know if the attack is directed at them, specifically (and thus might be smarter about hiding its activity). These folk really don't know yet what the extent of the damage is. The stock line should be, "we don't know", not, "nothing bad happened". Something bad happened -- malware got on your network and spread. That much is clear.
If you mod me down, I shall become more powerful than you could possibly imagine.
True, US-government-classified material does have to be regulated.
But what about the human resource database of the United States Postal Service, with its employee birth dates and social security numbers? What about the customer database at American Airlines, with its juicy collection of credit card numbers? What about your medical insurer, which may have lots of information about your or your children's health you don't want entering the public domain? What about the bank teller whose terminal let's her do almost anything with people's money?
It's probably a bad idea to let computers which have access to that kind of data, particularly write-access, to access the Internet or an unsecured network unless absolutely necessary to do the job. Sometimes, you have to allow such access if you are going to allow certain services, like allowing people to order products or services with credit cards from home, or do home banking. However, at least in these cases you can limit the potential damage to what that customer is allowed to access. If you allow people with wholesale access to sensitive databases to "work from home," give them a separate, secure computer that runs on an isolated LAN at the person's house, tunnel everything over a VPN, and block all non-VPN traffic except that needed to establish the VPN. Better yet, give them a separate real connection straight back to the corporate glass tower, bypassing the Internet entirely. Even better yet, don't let them work from home.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
It's known as the "fastlead" virus, and it's frequently game over if you get infected.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Correct, zero is a tad less than ~ninety-three thousand.
Considering that UNIX-like systems are ubiquitous in the server world (and OS X is a UNIX-variant), that is a really lame argument.
[citation needed]
Caveat Utilitor
US Air Force General Kevin Chilton, head of US Strategic Command, has said that attacks on the United States via the Internet could merit a conventional military response.
"I don't think you take anything off the table. We're particularly looking toward one group in Seattle."
The Seattle-based insurgent group is thought to have seeded American government and military computers with millions of copies of malware that allows attackers easy access to any data stored on the computer, or indeed to take complete control of the computer and use it for their own ends as part of a massive "botnet" to mount further attacks. The malware, "Windows," makes securing a computer running it almost impossible.
"Turning Seattle into a glass crater would only be undertaken strictly as the minimum required surgical military action," emphasised Chilton, "and not in any way out of twenty-five years' bitter resentment and frustration at computing machinery."
Chilton stressed that members of the US military must begin to think of their computers as the front lines. "Do you realize that in addition to adding Windows to computers, why, there are studies underway to Windowsize salt, flour, fruit juices, soup, sugar, milk ... ice cream. Ice cream, Mandrake, children's ice cream! I can no longer sit back and allow Windows infiltration, Windows indoctrination, Windows subversion and the international enterprise licensing conspiracy to sap and impurify all of our precious bodily fluids!"
The Obama administration is currently reviewing the United States' cyberspace defense policy. "We're considering all options thoroughly," said the President, closing his MacBook and looking lingeringly at the red button on his desk.
http://rocknerd.co.uk
This should be modded up.
Generally, I also recommend Mac for brain-dead users whose computers I don't want to fix every 3 days. There is simply less chance of such problems... randomly. Most exploits target Windows and MSIE, simple as that. But that is only GENERALLY...randomly...blindly.
More and more, we are seeing targeted attacks. The targetted attack is most successful when the contents of the network are known. So get one machine compromised (advanced scout), survey the network to see what's out there, then plan the real attack. There are abundant attacks for Mac and even Linux. In the event of targeted attacks, all bets are off. "Reputation" for security only serves the attacker because the defences of the machines will likely be lower on those machines considered "more secure."
They are too lazy to learn a new desktop.
They rather get infected every now and then. After all it's your money they are spending.
Love many, trust a few, do harm to none.
93,000?
That's a mighty low estimate.
Sure, Linux is vulnerable but it isn't targeted, the diversity in distros, kernel versions, browsers, etc. help keep the target moving.
1. If the Government switches to Linux, there will not be a diversity in distros, kernel versions, browsers, etc.
2. Assume that, like the current windows installation, there will be gaping security holes due to mismanagement and misconfiguration.
3. The US government is an awfully big target and if they switch, you will see significant, concentrated effort on exploiting whatever distro and apps the Feds chooses.
[Fuck Beta]
o0t!
Step 1: Ditch a closed-source product notorious for exploits and viruses
Step 2: Choose a better open-source alternative notorious for its security and stability
Step 3: close the source
http://news.cnet.com/8301-13579_3-9808489-37.html
http://www.tuaw.com/2008/11/21/new-mac-os-x-malware-osx_lamzev-a/
http://www.f-secure.com/v-descs/trojan_osx_dnschanger.shtml
http://www.f-secure.com/v-descs/inqtana_a.shtml
http://blogs.zdnet.com/security/?p=2418
to begin with a few.
Also, most mac users think and they're told that theres no malware and they're secure, so they have the mentality of "nothing can hit me" and even tho theres a few mac av's, almost noone runs them.
Hell, there's botnets running inside _routers_. What makes it think that mac is somehow some bulletproof solution. You dont need root to send spam or ddos either.
Mac is also a standardized os, so its a lot easier to make malware for it than the tons of different linux os's. And its already true, but because of this mentality Apple and Mac users have given to everyone, they think they're safe. It's really stupid from Apple's part, because the problem keeps just rising and one day it gets hit badly and no one has prepared because of their assumptions.
Trojans can run on any OS, once the user is tricked into installing them. IOW,they're extremely easy to avoid. However, viruses are only found in the wild on Windows systems. And only Windows can be infected by simply visiting a web site.
Caveat Utilitor
Step 4: watch a lower ranking employee click on the HappyFunTime executable in their mail
Step 5: Priceless.
Sure some mysterious unknown virus. Or Someone broke/deleted something and didn't know how to fix it. I mean would you want to tell the FBI you broke their computers?
The reason windows systems are more vulnerable than Unix-like OS's is because in Windows, the default status of the computer is that the end user is running an administrator-type account, with full privileges to install new system software and replace drivers. In a properly administrated Unix system, only a few root-level processes are running, and the logged-in user does _not_ constantly have access to such privileges except when they are specifically requested by the user, and only then within the process that the end user specifically escalated privileges on. This leaves social engineering as the only real means by which a unix-type of machine is liable to be compromised, and avoiding that is also a matter of maintaining established sound system-administration practices.
Of course, maintaining such practices on windows systems would cause a significant (HUGE, even) drop in viruses on that platform as well (possibly even to the point that a resident virus scanner could be considered wasteful, and regular on-demand checks for compromises alone would likely be adequate). However, most windows users simply are not interested in learning how to be sysadmins, so the problem remains.
File under 'M' for 'Manic ranting'
700,000 desktops in the US Army are going to be upgraded to Vista.
you had me at #!
SELinux Background
Researchers in the National Information Assurance Research Laboratory of the National Security Agency (NSA) worked with Secure Computing Corporation (SCC) to develop a strong, flexible mandatory access control architecture based on Type Enforcement, a mechanism first developed for the LOCK system. The NSA and SCC developed two Mach-based prototypes of the architecture: DTMach and DTOS. The NSA and SCC then worked with the University of Utah's Flux research group to transfer the architecture to the Fluke research operating system. During this transfer, the architecture was enhanced to provide better support for dynamic security policies. This enhanced architecture was named Flask. The NSA integrated the Flask architecture into the Linux® operating system to transfer the technology to a larger developer and user community. The architecture has been subsequently mainstreamed into Linux and ported to several other systems, including the Solarisâ operating system, the FreeBSD® operating system, and the Darwin kernel, spawning a wide range of related work.
Every example in your list is a social engineering trojan. They all require the user to literally INSTALL the malware and enter their admin password to do it. No system can defend against that. There are proof of concept viruses and worms on the Mac, but pretty much everything in wild is a trojan and requires significant user intervention to work. That's hardly fair. Of course stupid Mac users are still stupid users. That doesn't make the system itself less secure. I'm not one of the "OMG, it's completely secure!" fanbois. There are definitely holes in OS X, and Apple has not always been quick to fix them. The fact remains, however, that their are virtually no Mac viruses or worms in the wild (for the proper, security profession, definitions of "virus" or "worm").
I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
Especially 2. I work for a government contractor. The amount of stupid pointless shit we have to do in the name of "security" while leaving HUGE GAPING HOLES untouched just hurts my head. It's like our security policy is designed by ADD addled five year olds. They read about something in a magazine and think "Oh, shiny!" They quickly write some insane, over the top, policy to "solve" the "problem" and keep reading the magazine. It's great assuming that the article covers all possible security problems ever, or that it contained actual solutions instead of stuff that kinda sounds like it ought to fix a problem.
The latest brainstorm is that we are switching to 12 character passwords which change every 60 days. This is almost certain to result in:
a) People forgetting their passwords, requiring continuous password resets
b) People writing down their impossible to remember, constantly changing, password
c) Both (a) and (b)
Meanwhile, we still have a number of systems that use rsh (No, not Kerberized rsh, the plain 30 year old version with .rlogin files.). Granted this is an isolated network, with no Internet access at all. We're not likely to be attacked by outside entities. But if you trust the users of the isolated network enough to assume that they are not going to take advantage of the multiple and well published rsh vulnerabilities, why don't you trust them enough to assume that they are not running password crackers?
I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
Maybe the virus writer is a disgruntled Pisser that didn't like DHS invading his personal pee space during a lay over in Houston?
Politics is the art of looking for trouble, finding it everywhere, diagnosing it incorrectly and applying the wrong fix.
Everyday I have to run apt-get update && apt-get upgrade to keep my system secure. Not everyday it is a possible remote exploit, but there is always some security related bug to fix. Linux may have a better implementation to keep those risks from escalating quickly compared to windows, but I would not run nation-critical apps on it. Not at this point in time.
I think you're making the classic mistake of equating the number of patches seen with the actual number, and severity, of vulnerabilities. Of course Debian gets more patches more often than Windows: the Debian security team sends out fixes for security vulnerabilities as soon as they're discovered, rather than leaving users exposed by waiting up to a month and fixing (some, but often not all) of the most critical known vulnerabilities in monthly roll-ups. And of course Debian sees more patches, when nearly all of the desktop applications on a Debian system are handled by apt; Windows Update only takes care of patching the operating system itself.
So when it comes to a question of which operating system to run sensitive government services on, patch counting is worse than useless. Things that are worth considering are the tractibility of the system's security model, and exploit mitigation techniques or fine-grained mechanisms for least-privilege, such as SELinux.
While I agree with the general principle that *nix OSes (including Macs) are more secure than Windows, viruses are just as possible on other operating systems.
That said, the government could save shit-tons in licensing fees by switching to a free OS like Ubuntu, and they wouldn't have to worry about something like this happening nearly so often.
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs