Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Investigating Mystery Laptops Sent To US Governors

Posted by timothy on from the send-a-few-to-me dept.

itwbennett writes "The FBI is trying to find out who is sending laptops to state governors across the US, including the governors of Wyoming and West Virginia. The West Virginia laptops were delivered to the governor's office on August 5, according to the Charleston Gazette, which first reported the story. Kyle Schafer, West Virginia's chief technology officer, says he doesn't know what's on the laptops, but he handed them over to the authorities. 'Our expectation is that this is not a gesture of good will,' he said. 'People don't just send you five laptops for no good reason.'"

4 of 329 comments (clear)

  1. That might not be safe enough by acb · · Score: 4, Insightful

    What if whoever's sending them isn't just a small-time crook but a foreign intelligence agency with the resources to custom-make chips with built-in back doors. (Such back doors have been demonstrated to be plausible; someone has built a CPU with a circuit which switches off memory protection when it finds a specific sequence on a memory bus, which means that it doesn't matter how secure the software running on it is.)

    Why would they target state governors' offices? Well, they'd presumably be easier to pwn than, say, the Department of Defence or the CIA, and a good starting point for setting up pieces.

    1. Re:That might not be safe enough by 1s44c · · Score: 4, Insightful

      But delivering them this way is attracting too much attention. Better to deliver the machines to their normal IT supplier, perhaps by getting one of your people on the payroll.

      It would be far cheaper to put malware on a USB key with a logo of some government project on the side and mail that to them. They could use the same CD autorun thing that the U3 malware uses.

    2. Re:That might not be safe enough by BenEnglishAtHome · · Score: 5, Insightful

      ...a USB key with a logo of some government project ...

      Are you kidding?

      If I wanted to guarantee that a found USB key would be plugged in somewhere, I'd label it "porn".

  2. Re:If they don't want them by jamesh · · Score: 4, Insightful

    Show me an IT monkey who could tell the difference between two standard network adapters, one of them fine and the other containing a counterfeit MAC/PHY IC that's been fucked with by Chinese intelligence services...

    And for the time taken to vet the laptop for such things, you might as well throw it out.

    On the other hand, if you actually did want to get government personnel using subverted hardware then I think just sending it to them anonymously is probably not a good way of going about it... so maybe the criminals aren't that smart. Or maybe that's what they want you to think?