Slashdot Mirror
Virus Shuts Down Australian Ambulance Dispatch Service
angry tapir writes "Computers which co-ordinate ambulances in NSW, Australia, are back online in three of the state's regions after a major virus forced staff to shut them down for more than 24 hours. The virus crept into the Ambulance Service of NSW's dispatch system, prompting staff to co-ordinate paramedics by telephone and handwritten notes. The cause and source of the virus are not yet known."
"The cause and source of the virus are not yet known."
I'm gonna take a guess at the cause: somebody decided to use a Microsoft product to control a critical system on which people's lives depend.
If a bank used an armored car made of cardboard to transport money, would you blame the inevitable robbers, or the bank?
So my ambulance levy pays for my ambulance service to run on Windows? Effectively I have no ambulance service.
So I guess the dispatch service found that virus... ...is NSFW!
*Puts on sunglasses*
YEEEEEAAAAAAAHHHH!!!!!
I'll probably get modded to hell for this, but this isn't Microsoft's fault. Their IT staff is either incompetent, or their management is. Stopping Wdinwso from getting a virus isn't a diffucult proposition.
Install decent AV in it, keep the subscription up to date, done.
You can of course go much further and lock down the OS so it doesn't let removable devices connect etc, but unless this was more than a virus, simple AV would have solved it.
Normal people worry me!
....because it's not. Check an infected file on www.virustotal.com, and you'll see for yourself that at least a third won't detect the virus -- of course this always varies from virus to virus, rendering the 'one AV fits all' argument invalid... sadly.
Anyone stupid enough to use Microsoft crapware for mission-critical applications probably is also too stupid to figure out how it got infected.
Windows is such crapware, as so many of you think, why don't you guys all get together and write an emergency management system that runs on a Linux distro? Now I obviously don't know for sure, but it seems likely the reason they are using Windows is that their application is written that way. Take a way the need to use Windows before bitching and moaning about them using Windows.
Insert funny smart-ass comment here.
when i was an IT i had a system down where i had a 'restore partition' on every computer. i could reinstall 40 machines, with our special software already installed, in about 20 minutes, it would have scaled pretty damn well too because it used UDPCAST and a 'no centralization' network model, and yes it was heterogeneous hardware, using whatever that MS product is that can help you make disk images.
i believe that if you have your windows machines set up, with all your shitty proprietary software set up, and imaged, then it is possible to do windows pretty safely, so that even if a virus takes it out, you can be up and running in a very short while.
of course, everything depends on the shitty proprietary software sitting on top of windows. if it talks to a central database and leaves things screwed up if there is a client crash, then .. youre still hosed.
and... if the site has no IT person, instead just relying on various low bid contractors to come in at random and do stuff... i guess.. youre f@#$@#$ed in that case.
Even if you have Linux, and you had some proprietary piece of crap on top of it, that talked to 'the cloud', and somehow corrupted the cloud, youd have the same problem.
No silver bullets.
It's quite possible to set up an environment where Windows is safe for mission critical applications - but often users won't accept the limitations that have to be imposed. Things like no general web browsing at all (except to sites that host a business application), no removable media, no admin rights or ability to install software, email is filtered for viruses and limited to corporate emails and emails from business partners, no other email is delivered to agents.
I've worked in IT at a 100 seat call center with Windows machines, in 2 years, none of the agent computers have had virus problems (antivirus is installed, deep scans every week), but a handful of non-call center computers have had viral infections (because they don't have the same restrictions as the agent computers).
the only thing that "shut down the network" were the users being cautious because their "security software" detected "a threat" and well they are a critical service, and they did have a very well developed manual standby system which they are trained to use, and it's no biggie really, in fact they go to manual several times a year as it is just for maintenance and training purposes.
The virus wasn't necessarily even going to cause a problem with the system, perhaps it was just someone misunderstanding what a tracking cookie is.
The only flow on effect of this is that management have some extra expense on their hands to capture the weekend's manual records in their systems they use to decide how many people to fire or hire next year. oh and about a zillion wasted hours while management talk to the media about how everything's alright really.
Oh, and did anyone mention that there's a state government election in about 5 weeks?
Again I must ask: why was the emergency response system connected to the world wide web in the first place? Was the virus specifically designed/targeted to attack them? Or was it installed through a physical medium? Either way, it seems like having a back-up system, ready to be up in only a few hours with frequent tests, would be something the group should look into.
Ginga no Rekshiya Mata Each page.
Get vaccinated!
I didn't RTFA.
and a windows crash left a ship dead in the water.
windows for warships.
They are just Dispatch they need incoming data and data on where they are sending the ambulances to after picking people up.
... had the answer. Wash your hands after touching a Windows machine.
http://en.wikipedia.org/wiki/Ignaz_Semmelweis
Have gnu, will travel.
A rather interesting choice of words in TFA: "The virus crept into"
Eek ! In all my years, I've never known a virus to "creep" anywhere. Once in a computer they usually jump about and whack the system senseless in a few microseconds. This must be one of those new super-viri we've been hearing about because the mental giants responsible for this system still have no idea as to the cause or source, according to TFA. Glad to know that calls to the 000 emergency number weren't affected, although for the unknown virus to lung out and infect a totally physically isolated network (Telstra) would have been pretty impressive.
The most depressing part of the entire article is that it was supposedly written by someone at "TechWorld.com.au". How on earth do these idiots get jobs, let alone keep them? If this really is the state of our technical media and specialists, then the country really has gone to hell in a hand-basket.
The fact that the numb-sculls responsible for this system still have jobs and the gaul to report, "we know nothing", is simply scandalous and an outrage. Still, that's what you get when you farm essential services out to private enterprise and only pay 6 times what it should cost to run.
The whole thing is a disgrace.
Almost every comment posted so far is bashing Microsoft or Windows for being an insecure OS but I can't find any mention of either in the article. It doesn't give any information about what kind of system the Ambulance Service was running.
If only they had a "kill switch" they could have disabled their network before it was disabled by a virus.
Sysadmins need to realize that just because they have users or probably managers complaining "OMG, I can't get on Facebook and check my Farmville!!!" the users do not need access to anything but what is critical for the applications and uses required to do their jobs. When you start opening these holes, what do you expect?
As an EMT for the past 4 years, most places are coordinated by telephone, (standard) radio, and handwritten notes. Including my agency. It works just fine.
For large cities or areas, CAD (computer-aided dispatch, in this context) is a fantastic tool - but they functioned without it probably as recently as a few years ago. Some of the dispatchers still working there, I'm sure, started out without a fancy CAD and are perfectly happy to keep track of everybody's location using Post-Its, a map, a notepad, and perhaps a whiteboard. I can personally vouch that it works, even for large places and dozens of ambulances.
In any case, any place doing serious work (which, I'm sure, includes NSW) has procedures for how to deal with outages. Things like trunking radio systems will fall-back to normal operation, but computer-based communications and dispatch equipment will not prevent communication. It'll be inconvenient, sure, but it'll work.
Should this have happened? Absolutely not. Whoever let a virus in is too fantastically stupid to ever work in IT again, especially a system so important. But if any patients died, or were inconvenienced more than nominally, there were much bigger problems with this organization than a virus - such as outright reliance on computer systems, or not enough training without them.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
Yea, and at-least 2 of them were shutdown by windows crashes and were dead in the water, need a tow all the way back to port.
Thats urban myth. IIRC the original article that claimed that Windows was to blame was debunked. The original article was based primarily on speculation from a unix oriented developer who had not worked on the project and who was not on the ship. The publisher of the article backed away from it. The Navy officers who were on board at the time said it was the application software that controlled the propulsion system. The developers of this application software said it was their fault, although the software was a development version that did not contain the safeguards the production software would contain. Basically bad data was entered into a database, this was fed to the application that controlled propulsion, and this application failed. The operating system was not involved, it would have happened under unix too.
and a windows crash left a ship dead in the water.
Actually the navy officers on board the ship at the time of the incident said it was not windows, rather it was an application that controlled propulsion. The developer of this software also admitted it was their software, although it was a development version not the production version that would have handled the fault more robustly. IIRC a speculative article by a unix advocate who was not involved in the project and who was not on the ship made the original claims against windows. Linux advocates ran with this early speculation and it has become urban legend.
I personally support core critical infrastructure for one of the state based EMT organisations in australia.
I got a big shock hearing about the ambulance outage on the news, as I was not the active out of hours oncall dude, I started checking emails and phone, nothing. Then found out the issue was with another organisation in another state. whew!!
I have read some of the posts and find that quite a few are waay off the mark. I guess I would have posted the same 12 years ago when I was in my "linux rules, everything else sux" phase. Having spent most of my time at various organisations performing sys adm work I find my current situation to be the most interesting. It's easy to bash and talk about one particular tech being better than another, but let me tell you this - a state wide EMT service covering all services is a non-trivial service, its not just a pc or a bunch of pc's. - first of all its a secure, fault tolerant network protected by several firewalls that are so tight even the network admin who I consider very tight does not even allow ICMP between local subnets. Then there is a radio network that talks to other sites and vehicles, etc... As is the case in most of the industry all o/s software / hardware is commodity software / hardware with the main operational software being customised written for each client.
After all this there are the special interest groups that have control over certain parts of the production chain that keep the while service up and running. So basically there are many people involved. For example if I cocked up there would be many sets of eyes on my azz and many phone calls would be made. Luckily for me my error rate is very low.
The downtime for this service is a couple of minutes a month at the most, after this someone starts shelling out a large amount of cash.
This should give some the young'ns some perspective about how these type of services actually get delivered.
With regards to linux vs windowz etc. I see an O/s as a tool and just choose most suitable tool for that particular job.
nowdays I run just virtualised os images on a dual ssd macbook pro, no issues.
Having worked for many health care facilities over the years, including those with EMT/Ambulance staff, I can tell you that ambulance drivers and dispatchers suffer from periods of insane boredom while waiting for the next call to come in. During this downtime, they monkey with the PCs, browse some of the most pointless/inappropriate websites, and try plugging anything with an ethernet jack in to your network. The latter includes personal laptops, wireless access points and satellite/cable boxes. Solutions to this include 802.1x/NAP and even just getting the crews a DSL/Cable internet connection for their personal use. Like many things in I.T. (and life in general), the more you restrict someone's access to something they want, the more they will work against your efforts to restrict them.
In this case, I'll put my money on an outside computer being plugged in to the network.
I've never had to deal with I.T. in a fire station, but I can guess it's every bit as bad, if not worse.
Never trust anyone who takes pride in being called a 'geek'....
100% isolated with no Internet access, period. Bring all patches in via offline media and/or an isolated DMZ drop off point, and then bring them into a central WSUS/Secunia/Shavlik server for updates. Remove all external media methods (remove DVD/CD drives, epoxy USB ports). Install a decent piece of auditing software (Tripwire) to track all unauthorized changes. Not simple, but not hard for a competent IT team.
Add a proper test/staging lab where you evaluate all changes and track them, and you've got a fool-proof method to insure stability and uptime.
I think it's funny everyone is bitching and moaning about Windows. Never go to a hospital, guys; you'd probably be too scared to walk in the door when you realize that 80% (internet statistic) of hospitals use Windows for all sorts of mission critical applications.
Using Windows isn't as bad as people are going nuts over. I realize this is Slashdot and Windows is the devil here but Jesus Christ, people. You're acting like Bill Gates personally killed Linus and pissed on his grave or something.
OK doesn't matter what you do at some stage you are going to have a crash. Things like EMS where the budgets are quite tight (despite what people believe) do not have the money to build fail proof systems. So the manual system is more important than the actual automated system. Can they operate with complete system failure ? What failures are tolerable and what are not ?
I'm pretty sure that it was some Windows derivative that caused the problem (more to the point a Virus that was spread on a platform that is designed to spread virii). Again M$ specifically exclude Windows from being used in applications where peoples lives depend on it. So basically the staff installing the system is to blame trusting a system that writes in big bold RED-LETTERS don't use me if you life might depend on it.
Comment removed based on user account deletion
Actually the navy officers on board the ship at the time of the incident said it was not windows, rather it was an application that controlled propulsion. The developer of this software also admitted it was their software, although it was a development version not the production version that would have handled the fault more robustly.
Alright, just for the sake of argument, supposing it *was* Windows that caused the fault and not the application. Do you really think the United States Navy is going to publicly say that Windows caused this huge expense and embarrassment?
"A government is a body of people usually -- notably -- ungoverned." -Shepherd Book
... does that mean we can *finally* start classing the Israelis as terrorists and maybe even "liberate" them?
Actually the navy officers on board the ship at the time of the incident said it was not windows, rather it was an application that controlled propulsion. The developer of this software also admitted it was their software, although it was a development version not the production version that would have handled the fault more robustly.
Alright, just for the sake of argument, supposing it *was* Windows that caused the fault and not the application. Do you really think the United States Navy is going to publicly say that Windows caused this huge expense and embarrassment?
What expense and embarrassment? The ship was a development platform at the time, not an operational ship. The testing they were doing was to simulate equipment failures (as in pumps and motors not chips and hard drives). IIRC, when they manually entered data into the database to simulate a failure some of the client applications reading that data crashed. I think they had everything back up in a few hours. So they fed a LAN environment under development unexpected data and found nodes with applications that crashed. Shocking, truly shocking. :-)
These are exactly the incidents which will give chromeos fertile territory to plant in.
but why are computers with such vital responsibility not shielded? why are the users permitted to surf the web? why doesnt the state provide some sort of spam remediation or other countermeasure? when i was in managed support, we prevented people who werent administrators of the domain from using the internet for anything but email, and we did not allow HTML in our emails. all this robust content is rippling with risk.
"I'm gonna take a guess at the cause: somebody decided to use a Microsoft product to control a critical system on which people's lives depend." by Anonymous Coward on Sunday February 13, @07:35PM (#35195520)
---
Security Warning Over Web-Based Android Market:
http://mobile.slashdot.org/story/11/02/04/181204/Security-Warning-Over-Web-Based-Android-Market
---
or better yet, seeing as how "secure" (not, lmao) Linux is really showing itself to be? Try this one on for size too:
---
USB Autorun Attacks Against Linux:
http://linux.slashdot.org/story/11/02/07/1742246/USB-Autorun-Attacks-Against-Linux
---
Both links are very recent.
(Oh yes, watch the "Pro-*NIX" F.U.D. & "spin tactics crew" come in and try to "make those better", lol!)
The last one's hilarious though - The Linux crew literally COPIED a Windows feature, and blew it themselves no less, despite their always bitching about it!
(You could shut that down in windows, for more than a decade & 1/2 via TweakUI, or via registry hacks too... not on Linux though, apparently!)
"(Oh yes, watch the "Pro-*NIX" F.U.D. & "spin tactics crew" come in and try to "make those better", lol!)" by Anonymous Coward on Monday February 14, @01:25PM (#35201316)
Please, hurry Penguins and downmod his post and its facts to oblivion. We can't let others read documented facts that show Linux is a security-weak piece of shit, because it will screw our "FUD" campaigns! After all, facts undo our FUD bullshit and we can't have that can we? Of course not, even though we GIVE AWAY OUR OS, it's still in "last place" as usual. Gosh I often wonder why, but when all the "Linux is secure" horsecrap gets blown away as that ac showed, our FUD goes out the window and we can't take advantage of the suckers anymore that believe our FUD b.s.!
Comment removed based on user account deletion
We're arguing that they picked the wrong tool.