Virus Shuts Down Australian Ambulance Dispatch Service

← Back to Stories (view on slashdot.org)

Virus Shuts Down Australian Ambulance Dispatch Service

Posted by timothy on Sunday February 13, 2011 @12:32PM from the severe-spankings-called-for-in-certain-basements dept.

angry tapir writes "Computers which co-ordinate ambulances in NSW, Australia, are back online in three of the state's regions after a major virus forced staff to shut them down for more than 24 hours. The virus crept into the Ambulance Service of NSW's dispatch system, prompting staff to co-ordinate paramedics by telephone and handwritten notes. The cause and source of the virus are not yet known."

31 of 222 comments (clear)

Min score:

Reason:

Sort:

I know what caused it by Anonymous Coward · 2011-02-13 12:35 · Score: 3, Insightful

"The cause and source of the virus are not yet known."
I'm gonna take a guess at the cause: somebody decided to use a Microsoft product to control a critical system on which people's lives depend.
If a bank used an armored car made of cardboard to transport money, would you blame the inevitable robbers, or the bank?
1. Re:I know what caused it by gandhi_2 · 2011-02-13 12:42 · Score: 5, Insightful
  
  I'm gonna take a guess at the cause:
  letting mission-critical systems be used by employees to surf facebook and download cute fonts and wallpaper.
  
  --
  THL phish sticks
2. Re:I know what caused it by Tapewolf · 2011-02-13 12:54 · Score: 2
  
  I'm gonna take a guess at the cause: somebody decided to use a Microsoft product to control a critical system on which people's lives depend.
  Is that even allowed under the license agreement? I do remember Java always said it couldn't be used for ATC and nuclear power systems... doesn't Windows say something like that too?
3. Re:I know what caused it by Zancarius · 2011-02-13 13:13 · Score: 2, Interesting
  
  I'm gonna take a guess at the cause:
  letting mission-critical systems be used by employees to surf facebook and download cute fonts and wallpaper.
  Most likely: Yes.
  A friend of mine works non-emergency dispatch--not quite the same thing as an emergency service, of course--and I get the impression that their network admin has a mild case of brain damage. Apparently they're prohibited from using non-MSIE browsers. Period. End of story. If it's not MSIE, it doesn't belong on the machine. I don't know if their internal network or the sites (externally) they have to access require ActiveX, but in either case, having ActiveX and/or requiring MSIE only and putting in place policies that prohibit the use of more easily secured browsers* is just asking for trouble. I'd guess most Windows-based organizations, either by creed or contract, have similar policies.
  * Yes, I realize that Firefox is susceptible to drive-by-installs with Flash or whatever. I also realize that MSIE can be locked down fairly tightly (exploits notwithstanding) but it often isn't. Here's the catch: Locking down IE requires 1) access to the configuration which may be disabled by the network admin and 2) the majority of Windows network admins probably have zero (0) clue how to lock down the browser. Furthermore, since only recently have organizations begun shifting away from MSIE6 (!), I don't think it's possible to claim that the majority of Windows networks for small companies are sufficiently locked down.
  
  --
  He who has no .plan has small finger. ~ Confucius on UNIX
4. Re:I know what caused it by confused+one · 2011-02-13 13:18 · Score: 2
  
  There are U.S. Navy vessels that have Windows computers in their control systems. There are power plants with Windows computer in control systems. There are... I think you get the point.
5. Re:I know what caused it by fuzzyfuzzyfungus · 2011-02-13 13:28 · Score: 3, Interesting
  
  Odds are nobody "went after" them in any direct way. The viruses and worms you are most likely to run into in the wild are the ones that propagate either automatically, or through undiscriminating means like bugged ads injected into unscrupulous or incompetent 3rd-party ad networks.
  
  It is certainly conceivable that somebody mounted a direct attack, the opportunity to cause some deaths with limited chance of repercussions is probably attractive to a few people; but the odds are much greater that some automated attack mechanism hit them without knowing anything more than that the OS and services running on those hosts were vulnerable...
6. Re:I know what caused it by micheas · 2011-02-13 13:31 · Score: 3, Funny
  
  When I briefly used windows 2003 I was surprised at how easy it was to lock down IE.
  I was further surprised by the number of things that did not work when IE was locked down and security exceptions had to be added. (Quickbooks being the one that I remember, because it took a fair amount of searching to find out what the exact rule that was needed in order for it to work, most people seemed to just unlock IE, if the forum posts I was reading are any indication.
  There seems to be a common attitude about system administration that if you run everything as Administrator, chmod -R 777 ./, disable SELinux, unlock IE, or run all your server process as the same user (here's looking at you Zimbra) you have fixed the problem, instead of realizing that you have done the equivalent of jumping out the 20th floor window because the ink jet printer is on fire. You're safe for the moment, but the inevitable consequence of your action is going to suck a lot more.
  
  --
  Work bio at MMWD
7. Re:I know what caused it by Bobakitoo · 2011-02-13 13:37 · Score: 4, Insightful
  
  Unfortunately we cannot get rid of the users. Using better softwares is the next best option.
8. Re:I know what caused it by headhot · 2011-02-13 13:41 · Score: 3, Informative
  
  Yea, and at-least 2 of them were shutdown by windows crashes and were dead in the water, need a tow all the way back to port. The smart ship program started with an unix bases system until MS hired a retired admiral to loby for it.
9. Re:I know what caused it by flanktwo · 2011-02-13 13:44 · Score: 2
  
  But Microsoft themselves said they have the most secure OS in history! And less bugs and security holes than Linux!
  Yes! In fact, thanks to integer overflow they have a negative number of bugs and security holes!
10. Re:I know what caused it by antifoidulus · 2011-02-13 13:53 · Score: 5, Interesting
  
  Here's the thing about locking down Windows, it has the most pointlessly complex, convoluted security policies you could ever imagine. Something as simple as the firewall can be changed in 3 THREE different places on XP(no idea about future versions), and the way they interact and overrule each other is completely non-obvious. Now compare this with iptables, one text file, just one, and it's a text file. Boom, you have a functioning firewall and if someone needs a port opened/closed, it's just a vi command and /etc/init.d iptables reload away. I swear Microsoft makes their products pointlessly complex in order to maximize the number of people who take the MSCE test.
  
  --
  Monstar L
11. Re:I know what caused it by rtb61 · 2011-02-13 14:42 · Score: 3, Interesting
  
  More importantly with Linux you can create far more secure appliances. Where unnecessary services are completely removed and only what is required to run the appliance based server and workstations is installed and available on the installation software.
  The dispatch machines need only handle bookings, dispatch, arrival, return etc. (database) and then pass that data to accounting, nothing else. With Linux it is fairly easy for a skilled person to create a custom appliance distribution, all without infringing copyright.
  That is the biggest problem with windows the impossibility of creating completely custom installs with everything you didn't need, not just maybe, most likely, disabled but actually completely absent, on the machine and on installation software, all because go to jail copyright infringement.
  
  --
  Chaos - everything, everywhere, everywhen
12. Re:I know what caused it by randallman · 2011-02-13 15:36 · Score: 2
  
  If for no other reason, it's a bad idea to use Windows (or any proprietary OS) because the functionality should be 100% reviewable. Black boxes are a really, really bad idea in critical systems.
13. Re:I know what caused it by u.hertlein · 2011-02-13 20:42 · Score: 2
  
  Now compare this with iptables, one text file, just one, and it's a text file.
  Of course, the time you spend learning the comically baroque iptables can account for a lot of clicking in Windows...
  Then repeat that for another ten systems.
  Or just copy the same file to all of them.
  
  --
  Geek by Nature - Linux by Choice.
14. Re:I know what caused it by antifoidulus · 2011-02-13 21:57 · Score: 2
  
  This was whatever the latest and greatest XP as of 2009, so not all that ancient history. Microsoft has such a confusing maze of menus and settings that override each other it's no wonder nobody bothers to lock down their windows systems, it's so easy to either fuck something up beyond repair or completely miss something because Microsoft made it as difficult as possible to understand.
  
  --
  Monstar L
Windows by sirsnork · 2011-02-13 12:56 · Score: 3, Insightful

I'll probably get modded to hell for this, but this isn't Microsoft's fault. Their IT staff is either incompetent, or their management is. Stopping Wdinwso from getting a virus isn't a diffucult proposition.
Install decent AV in it, keep the subscription up to date, done.
You can of course go much further and lock down the OS so it doesn't let removable devices connect etc, but unless this was more than a virus, simple AV would have solved it.

--

Normal people worry me!
1. Re:Windows by thegarbz · 2011-02-13 19:44 · Score: 2
  
  I suppose one could have separate networks and computers for mission-critical applications, but is that really the best way to spend healthcare dollars?
  You tell me, you're the one sitting here complaining about this. You're the one who said security is a process not a product, but are you questioning whether physical security is worth spending an amount of money which effectively looks like a rounding error on a government department balance sheet?
  
  By the way this is exactly what we do at my workplace. Each operator has their console with 4 monitors a comfy chair, and a separate computer they can screw with as much as they want without risking anything. The operator console on the other hand has a non-standard keyboard, the box and all cabling is under lock and key, and there's not a button they can push to even consider exiting the program, shutting it down, or *shudder* access the internet, not that they'd be able to access the internet from that location on the network. What was the grand total cost of this? Probably about $2000 for each operator including network design. So given there are 5 shifts manning the place around the clock, and each operator is earning $100k/year you end up with a security solution worth 0.4% of the salary of your operation staff, or closer to 1-2% if they aren't well paid or there's less shifts.
  
  By the way NSW Healthcare budget was $16.4bn last year.
If only it was that easy.... by Anonymous Coward · 2011-02-13 13:01 · Score: 2, Insightful

....because it's not. Check an infected file on www.virustotal.com, and you'll see for yourself that at least a third won't detect the virus -- of course this always varies from virus to virus, rendering the 'one AV fits all' argument invalid... sadly.
1. Re:If only it was that easy.... by DeathElk · 2011-02-13 15:02 · Score: 3, Insightful
  
  What a sad, sad situation.
2. Re:If only it was that easy.... by vegiVamp · 2011-02-13 21:04 · Score: 2
  
  And you can still move the mouse without melting the CPU ?
  
  --
  What a depressingly stupid machine.
Re:Fools. by c0lo · 2011-02-13 13:07 · Score: 3, Insightful

Well, this is NSW. With Keneally at the helm you know that you are going down one way or another.
Funny thing, I'm not seeing the Liberal Party in NSW pushing the "Replace MS Windows with Linux" as a point on their electoral agenda. Can you please provide a link?

--
Questions raise, answers kill. Raise questions to stay alive.
Re:The cause and source of the virus are not yet k by Anonymous Coward · 2011-02-13 13:43 · Score: 2, Interesting

It's quite possible to set up an environment where Windows is safe for mission critical applications - but often users won't accept the limitations that have to be imposed. Things like no general web browsing at all (except to sites that host a business application), no removable media, no admin rights or ability to install software, email is filtered for viruses and limited to corporate emails and emails from business partners, no other email is delivered to agents.
I've worked in IT at a 100 seat call center with Windows machines, in 2 years, none of the agent computers have had virus problems (antivirus is installed, deep scans every week), but a handful of non-call center computers have had viral infections (because they don't have the same restrictions as the agent computers).
Re:If.... by Anonymous Coward · 2011-02-13 14:27 · Score: 3, Informative

Windows is such crapware, as so many of you think, why don't you guys all get together and write an emergency management system that runs on a Linux distro? Now I obviously don't know for sure, but it seems likely the reason they are using Windows is that their application is written that way. Take a way the need to use Windows before bitching and moaning about them using Windows.
Presentation at this week's North Carolina GIS Conference
Open Source Computer-Aided-Dispatch – GIS at
Work in Emergency Response,” Arnie Shore,
Anne Arundel Co, MD
Looks like Arnie will be talking about this:
http://groups.google.com/group/alt.comp.opensource/browse_thread/thread/29ba12a929bd7bd3?pli=1
Where does it say Windows? by Vorghagen · 2011-02-13 15:45 · Score: 3, Insightful

Almost every comment posted so far is bashing Microsoft or Windows for being an insecure OS but I can't find any mention of either in the article. It doesn't give any information about what kind of system the Ambulance Service was running.
1. Re:Where does it say Windows? by grcumb · 2011-02-13 18:13 · Score: 4, Interesting
  
  Almost every comment posted so far is bashing Microsoft or Windows for being an insecure OS but I can't find any mention of either in the article. It doesn't give any information about what kind of system the Ambulance Service was running.
  It said, 'Virus'. That means Windows.
  I hate to be the pee on your your empiricism, but the preponderance of evidence accumulated over the last 15 years leads to the conclusion that Windows is a necessary precondition for a virus to take down an entire system (as opposed to a single PC).
  Secondly, if this had been a Mac or Linux virus, you can bet your bottom dollar the headline would say so. In 4 inch letters. And red type. With Drudge-style cherries spinning. And a klaxon.
  Plus, the very next story would be about the spontaneous, simultaneous death by shock-and-horror of the entire editorial staff at the Register. And Wired. And boingboing.
  And then Slashdot would slashdot itself. And dogs would play with cats...
  ... And everyone would finally get their pony.
  
  --
  Crumb's Corollary: Never bring a knife to a bun fight.
Re:Fools. by mug+funky · 2011-02-13 16:09 · Score: 2

that's my view too.
but do you expect idealism to ever win against greed and self-interest with a budget and a higher profile? and media outlets in their pocket?
i understand preferential voting and vote for change rather than mediocrity, but i know that at the end of the day i can only increase a percentage with the hope of influencing the guys that actually win.
and with the performance at the vic state election - Lib and ALP colluding to force the Greens out, i don't think even my meagre percentage game is going to have an effect.
i'll keep doing it anyway, but the only way to get power is to really WANT it. and those who really want power in most cases absolutely should not have it.
Windows did not stop Navy ships by perpenso · 2011-02-13 16:36 · Score: 2

Yea, and at-least 2 of them were shutdown by windows crashes and were dead in the water, need a tow all the way back to port.
Thats urban myth. IIRC the original article that claimed that Windows was to blame was debunked. The original article was based primarily on speculation from a unix oriented developer who had not worked on the project and who was not on the ship. The publisher of the article backed away from it. The Navy officers who were on board at the time said it was the application software that controlled the propulsion system. The developers of this application software said it was their fault, although the software was a development version that did not contain the safeguards the production software would contain. Basically bad data was entered into a database, this was fed to the application that controlled propulsion, and this application failed. The operating system was not involved, it would have happened under unix too.
Boredom... by sigipickl · 2011-02-13 17:23 · Score: 3, Interesting

Having worked for many health care facilities over the years, including those with EMT/Ambulance staff, I can tell you that ambulance drivers and dispatchers suffer from periods of insane boredom while waiting for the next call to come in. During this downtime, they monkey with the PCs, browse some of the most pointless/inappropriate websites, and try plugging anything with an ethernet jack in to your network. The latter includes personal laptops, wireless access points and satellite/cable boxes. Solutions to this include 802.1x/NAP and even just getting the crews a DSL/Cable internet connection for their personal use. Like many things in I.T. (and life in general), the more you restrict someone's access to something they want, the more they will work against your efforts to restrict them.
In this case, I'll put my money on an outside computer being plugged in to the network.
I've never had to deal with I.T. in a fire station, but I can guess it's every bit as bad, if not worse.

--
Never trust anyone who takes pride in being called a 'geek'....
1. Re:Boredom... by Anonymous Coward · 2011-02-14 01:49 · Score: 2, Informative
  
  "I've never had to deal with I.T. in a fire station, but I can guess it's every bit as bad, if not worse."
  Definitely true. My department had to lock down their network and severly limit computer access after routine virus scanning picked up a bug on mission-critical systems. That many grown men and women with hours of time and nothing to do will undoubtedly end up at all sorts of crazy websites. Fortunately, the leadership recognized the "periods of insane boredom" that accompany this line of work, and agreed to purchase a second internet connection, connected to a (secured) wireless network for personal use only
2. Re:Boredom... by Anonymous Coward · 2011-02-14 02:22 · Score: 2, Interesting
  
  This would be easily solved by having a separate and segregated network for them to use their personal devices on. Then the work systems could be locked down hard, and they'd be able to do whatever they wanted on the non-critical ones, with no chance of this happening.
  It would just require management buy-in, since you'd need a little more capex outlay, as well as the correct procedures (the latter of which is probably going to be the most difficult bit to get).
Re:If.... by Noughmad · 2011-02-13 20:45 · Score: 2

Who do they call for support?
Troll.
Unfortunately, TrollTech (which is a great example of what GP described) will soon be owned by Microsoft.

--
PlusFive Slashdot reader for Android. Can post comments.