Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Investigating Mystery Laptops Sent To US Governors

Posted by timothy on from the send-a-few-to-me dept.

itwbennett writes "The FBI is trying to find out who is sending laptops to state governors across the US, including the governors of Wyoming and West Virginia. The West Virginia laptops were delivered to the governor's office on August 5, according to the Charleston Gazette, which first reported the story. Kyle Schafer, West Virginia's chief technology officer, says he doesn't know what's on the laptops, but he handed them over to the authorities. 'Our expectation is that this is not a gesture of good will,' he said. 'People don't just send you five laptops for no good reason.'"

26 of 329 comments (clear)

  1. That might not be safe enough by acb · · Score: 4, Insightful

    What if whoever's sending them isn't just a small-time crook but a foreign intelligence agency with the resources to custom-make chips with built-in back doors. (Such back doors have been demonstrated to be plausible; someone has built a CPU with a circuit which switches off memory protection when it finds a specific sequence on a memory bus, which means that it doesn't matter how secure the software running on it is.)

    Why would they target state governors' offices? Well, they'd presumably be easier to pwn than, say, the Department of Defence or the CIA, and a good starting point for setting up pieces.

    1. Re:That might not be safe enough by MichaelSmith · · Score: 3, Insightful

      But delivering them this way is attracting too much attention. Better to deliver the machines to their normal IT supplier, perhaps by getting one of your people on the payroll.

      --
      http://michaelsmith.id.au
    2. Re:That might not be safe enough by 1s44c · · Score: 4, Insightful

      But delivering them this way is attracting too much attention. Better to deliver the machines to their normal IT supplier, perhaps by getting one of your people on the payroll.

      It would be far cheaper to put malware on a USB key with a logo of some government project on the side and mail that to them. They could use the same CD autorun thing that the U3 malware uses.

    3. Re:That might not be safe enough by BenEnglishAtHome · · Score: 5, Insightful

      ...a USB key with a logo of some government project ...

      Are you kidding?

      If I wanted to guarantee that a found USB key would be plugged in somewhere, I'd label it "porn".

    4. Re:That might not be safe enough by Anonymous Coward · · Score: 1, Insightful

      Nah. "${name of boss's hot PA/secretary} nude photoshoot" surely.

    5. Re:That might not be safe enough by TheCarp · · Score: 2, Insightful

      Then again.... maybe this is just QA.

      Put in your malbug, send the laptops out in a high profile way... see what happens. Do they investigate? Do they even find what you did? That, in and of itself, could be valuable information, and possibly worth 5 laptops.

      Though I do enjoy the double standard. Someone breaks into your systems, with evidence. Think the FBI is going to care unless they can be shown to have done massive damage or stolen real money?

      Here someone does something that is, on its face, perfectly legal and straight up, but the suspicion of potential wrongdoing and the FBI are all over it. I am pretty sure that if someone sent me a free laptop and I called the FBI, they would just laugh at me.

      -Steve

      --
      "I opened my eyes, and everything went dark again"
    6. Re:That might not be safe enough by Anonymous Coward · · Score: 2, Insightful

      Because they want to be noticed. One laptop to the President gets disposed of. Five laptops to each governor gets them examined. Carefully.

      It's a message. Wonder who it's from, don't you? Maybe God.

  2. Re:Hacked hardware? by John+Hasler · · Score: 2, Insightful

    I think that they are more concerned about bombs than BIOS trojans.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  3. Re:If they don't want them by jamesh · · Score: 4, Insightful

    Show me an IT monkey who could tell the difference between two standard network adapters, one of them fine and the other containing a counterfeit MAC/PHY IC that's been fucked with by Chinese intelligence services...

    And for the time taken to vet the laptop for such things, you might as well throw it out.

    On the other hand, if you actually did want to get government personnel using subverted hardware then I think just sending it to them anonymously is probably not a good way of going about it... so maybe the criminals aren't that smart. Or maybe that's what they want you to think?

  4. Re:Interesting angle on social engineering... by 91degrees · · Score: 2, Insightful

    Yes. I can't imagine it would be worth it for businesses. You're spending a lot of cash on something that may well go to fairly junior employees who have no access to any information of any importance. Even if the Governor himself gets one, you can't be sure that he'll use it for anything that will be of any value to a third party.

    A foreign government might be willing to splash out this sort of cash but I wonder how interested they are in individual state politics.

  5. Re:Interesting angle on social engineering... by maxume · · Score: 2, Insightful

    But West Virginia?

    --
    Nerd rage is the funniest rage.
  6. Re:If they don't want them by Jeremy+Erwin · · Score: 2, Insightful

    And if it's a hardware issue? I'd donate them to a educational organization (after wiping them down for malware)

  7. Re:If they don't want them by sopssa · · Score: 3, Insightful

    You wipe the OS and install a new one. You clean it up from the default bloatware and hook it to the network. You analyze the connection and if there is no communication the devices are safe.

    You seem like a intelligent gentleman providing great solution for both the latest gov IT attacks AND the recession!

    If this happens, I can see both China's computer espionage and Kim Jong's heads exploding from the sore happiness!

  8. Re:If they don't want them by Corporate+Troll · · Score: 3, Insightful

    That's a bit naive, isn't it? Perhaps there is a hardware trigger that will start sending out data when receiving a specific packet and when it doesn't, it stays silent? Or a timed device (6 months from first power-on)... There are many ways that those machines may be compromised without even being affected by the operating system that's on it.

  9. Re:Interesting angle on social engineering... by Anonymous Coward · · Score: 1, Insightful

    It's near DC (there are daily commuter trains), it's fairly cheap, and there's a congress critter with some clout. West Virginia actually has several federal computer centers, which are central hubs for the Coast Guard and the DHS. (At least.)

    Not that the governor has anything to do with them but there are some high-profile targets.

  10. Re:If they don't want them by thue · · Score: 3, Insightful

    > And for the time taken to vet the laptop for such things, you might as well throw it out.

    Except that if I were the CIA, I would pay a lot more than the price of 5 laptops to know who was spying on me, and how.

  11. Re:Interesting angle on social engineering... by Skinkie · · Score: 3, Insightful

    So what if the laptops where HP's with onboard maybe even modified 3G cards. How are you going to prevent a KVM calling home?

    --
    Support Eachother, Copy Dutch Property!
  12. Re:Interesting angle on social engineering... by MiniMike · · Score: 2, Insightful
    Maybe they're trying to intercept communications to or from Senator Byrd who, despite being from West Virginia, is a very influential Senator.

    Or they might just want the latest recipe for Varmint Pie.

  13. Your problem being? by Opportunist · · Score: 1, Insightful

    Rip out the hard drive, install a new one, perfectly good laptop for the price of a hard drive.

    If you're cheap, wipe the hard drive and reinstall (preferably some Linux distri).

    WTF is your problem, gubernator?

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:Your problem being? by HikingStick · · Score: 2, Insightful

      Not a bad idea unless the firmware is poisoned.

      --
      I use irony whenever I can, but my shirts are still wrinkled...
    2. Re:Your problem being? by CodeBuster · · Score: 2, Insightful

      Even with the original hard drive gone, I still wouldn't use these laptops if I were the governor. Where did they come from and who arranged the shipping? It could be that foreign intelligence agencies (the Chinese in particular) specially crafted these "gifts" and then attempted to ensure that they would fall into the hands of important people within our government. No, these laptops are best turned over to the FBI or the CIA and left unused by their recipients.

  14. Re:If they don't want them by Beezlebub33 · · Score: 2, Insightful

    Which is why you forward them to the CIA and have _them_ figure the whole thing out.

    Actually, you would have to be pretty stupid to send them to the CIA. You'd send them to the FBI (as TFA mentions), who would try to figure out if it was foreign or domestic, and then they would get the real experts (NSA) to do the technical work.

    --
    The more people I meet, the better I like my dog.
  15. Re:Hard-Trojans by Culture20 · · Score: 2, Insightful

    They don't sound too pleasant. Hopefully they're made with metal or plastic instead of wood. Bonuses: no breaking.

  16. Why assume it's some foreign entity? by rnturn · · Score: 3, Insightful

    What do the states whose governors received these laptops have in common? The referenced article didn't mention the complete list but West Virginia and Wyoming might have something commercial in common. Mining or energy for example. Wouldn't a lobbyist with some powerful clients in the mining/energy industry just love to have access to some state computer systems where they could snoop through internal emails discussing potential legislation restricting mining activities? West Virginia's had problems with mountaintop removal for years. There's been talk of stopping that for some time. Wyoming has their share of mining companies abusing the environment as well.

    On the other hand, perhaps a bunch of environmentalists shipped the laptops in the hope of getting access to state information so they could blow the whistle on state govt./industry shenanigans (bribes and the like).

    Anyone know where there's a complete list of the states where these laptops were shipped?

    --
    CUR ALLOC 20195.....5804M
  17. Re:China by conspirator57 · · Score: 2, Insightful

    Coal... China is now a net importer of fossil fuels, though mostly from Australia.

    --
    "If still these truths be held to be
    Self evident."
    -Edna St. Vincent Millay
  18. Re:If they don't want them by IchNiSan · · Score: 2, Insightful

    We really need to know, will it blend?