Slashdot Mirror
FBI Investigating Mystery Laptops Sent To US Governors
itwbennett writes "The FBI is trying to find out who is sending laptops to state governors across the US, including the governors of Wyoming and West Virginia. The West Virginia laptops were delivered to the governor's office on August 5, according to the Charleston Gazette, which first reported the story. Kyle Schafer, West Virginia's chief technology officer, says he doesn't know what's on the laptops, but he handed them over to the authorities. 'Our expectation is that this is not a gesture of good will,' he said. 'People don't just send you five laptops for no good reason.'"
What if whoever's sending them isn't just a small-time crook but a foreign intelligence agency with the resources to custom-make chips with built-in back doors. (Such back doors have been demonstrated to be plausible; someone has built a CPU with a circuit which switches off memory protection when it finds a specific sequence on a memory bus, which means that it doesn't matter how secure the software running on it is.)
Why would they target state governors' offices? Well, they'd presumably be easier to pwn than, say, the Department of Defence or the CIA, and a good starting point for setting up pieces.
Show me an IT monkey who could tell the difference between two standard network adapters, one of them fine and the other containing a counterfeit MAC/PHY IC that's been fucked with by Chinese intelligence services...
And for the time taken to vet the laptop for such things, you might as well throw it out.
On the other hand, if you actually did want to get government personnel using subverted hardware then I think just sending it to them anonymously is probably not a good way of going about it... so maybe the criminals aren't that smart. Or maybe that's what they want you to think?
You wipe the OS and install a new one. You clean it up from the default bloatware and hook it to the network. You analyze the connection and if there is no communication the devices are safe.
You seem like a intelligent gentleman providing great solution for both the latest gov IT attacks AND the recession!
If this happens, I can see both China's computer espionage and Kim Jong's heads exploding from the sore happiness!
That's a bit naive, isn't it? Perhaps there is a hardware trigger that will start sending out data when receiving a specific packet and when it doesn't, it stays silent? Or a timed device (6 months from first power-on)... There are many ways that those machines may be compromised without even being affected by the operating system that's on it.
> And for the time taken to vet the laptop for such things, you might as well throw it out.
Except that if I were the CIA, I would pay a lot more than the price of 5 laptops to know who was spying on me, and how.
So what if the laptops where HP's with onboard maybe even modified 3G cards. How are you going to prevent a KVM calling home?
Support Eachother, Copy Dutch Property!
What do the states whose governors received these laptops have in common? The referenced article didn't mention the complete list but West Virginia and Wyoming might have something commercial in common. Mining or energy for example. Wouldn't a lobbyist with some powerful clients in the mining/energy industry just love to have access to some state computer systems where they could snoop through internal emails discussing potential legislation restricting mining activities? West Virginia's had problems with mountaintop removal for years. There's been talk of stopping that for some time. Wyoming has their share of mining companies abusing the environment as well.
On the other hand, perhaps a bunch of environmentalists shipped the laptops in the hope of getting access to state information so they could blow the whistle on state govt./industry shenanigans (bribes and the like).
Anyone know where there's a complete list of the states where these laptops were shipped?
CUR ALLOC 20195.....5804M