Slashdot Mirror
Got Malware? Get a Hammer!
FuzzNugget writes "After the Economic Development Administration (EDA) was alerted by the DHS to a possible malware infection, they took extraordinary measures. Fearing a targeted attack by a nation-state, they shut down their entire IT operations, isolating their network from the outside world, disabling their email services and leaving their regional offices high and dry, unable to access the centrally-stored databases. A security contractor ultimately declared the systems largely clean, finding only six computers infected with untargeted, garden-variety malware and easily repaired by reimaging. But that wasn't enough for the EDA: taking gross incompetence to a whole new level, they proceeded to physically destroy $170,500 worth of equipment (PDF), including uninfected systems, printers, cameras, keyboards and mice. After the destruction was halted — only because they ran out of money to continue smashing up perfectly good hardware — they had racked up a total of $2.3 million in service costs, temporary infrastructure acquisitions and equipment destruction."
Sounds more like Fucking Retards Money Wasting Administration to me.
Get free satoshi (Bitcoin) and Dogecoins
Have you seen the things that have been popping up on slashdot over the past couple years? USB drives in mice, intrusion software in power strips and keyboards, and more.
You mean I get to release my pent-up anger by destroying physical systems *and* get paid a boatload of money to do it? Where do I sign up?
... and yet I'm still furloughed on Friday...
It sounds like they were using this as an excuse to buy new equipment, so they destroyed extra equipment hoping that someone would allow them to chalk up the expense to the virus and thus give them shiny new stuff.
Sounds like a good start.
You know, to be sure?
Will that infect my lawnmower? I'd better destroy it then before it gets dangerous...
Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
If you smash computers you are going to be developing China's economy. Better smash up some US products next time.
Best Practices:
1. Take off and nuke the site from orbit, it's the only way to be sure.
like how we developed Iraq, destroy good infrastructure so contractors with gov officials in their pockets make a pile of money
or how government has developed inner cities over the past few decades, making fodder for the huge prison system business and food stamp system etc.
Just another example of why totally and blindly trusting big government with your tax dollars is not well advised. What do they care? They treat that income as totally disposable. Tax money is like Doritos, tax payers like Frito-Lay corp: "They'll make more" (obscure reference to an old advertising campaign for Doritos)
Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
Obligatory :)
With users like this, who needs Malware?
Good to see the gov. is taking things seriously.
Maybe they'll find out that some officials are corrupt, and systematically dispose of them all?
Economic Development Agency: developing the economy by breaking windows.
EDA: did you guys just smash a bunch of computers with a hammer because of viruses?
DHS: Yes, but there havent been any terrorist attacks since we smashed everything with hammers. clearly the operation was a massive success.
EDA: I dont even.....
DHS: yep. Freedom isnt free.
Good people go to bed earlier.
http://www.imdb.com/title/tt0196229/quotes
...we don't approve of how government takes our money and wastes it...
In SOVIET RUSSIA... erm...NSA AMERICA, the Internet logs onto YOU!
If you were a government office, and stuck with old crap, this makes perfect sense as a means to get new equipment!
In NSA America social networks join you!
I dont understand why u have to go about destroying hardware, Should'nt shutting down perimeter ingress and egress routers provide enough security that information is not going out of the location ? And then cleanse internal systems in your own sweet time.
The audit does, however, note that the EDA's IT infrastructure was so badly managed and insecure that no attacker would need sophisticated attacks to compromise the agency's systems.
WHAT
THE
FUCK?!?!?!
Why the hell would anyone want to give this incompetent, overweening bunch of wanna-be tyrants MORE money?
So they can buy better drones to hunt you with?
So they can buy more acres of servers to read your emails and listen to your phone calls?
So they can hand trillions of dollars over to bankers who took bad risks?
... the employees, first. Main risk of contamination, after all.
The only thing I got from this article is that if I want to make 800 000$+ quickly, I have to send a few infected emails to some 3 letter minor agency and then submit a bid to run A/V software.
also that slashdot's captcha decided I'm a robot.
OK, be honest now, who among us hasn't wanted to do this?
Admittedly, destroying mice and keyboards is a little excessive, but I bet there's not a single person here who isn't dreaming of needlessly destroying a large quantity of computer gear in a very dramatic manner.
Lost at C:>. Found at C.
It's was the dreaded "PC LOAD LETTER" virus. Smashing is the only recourse.
economic development spurred by almost two and a half million dollars, and a few hammers... we'll have the complete story live at 10.
if this is supposed to be a new economy, how come they still want my old fashioned money?
What?
It is like you don't believe Patty Murry.
Come on dude, lighten up, she is doing the best she can, maybe, well sort of.
Or not.
No brain, no pain.
I think this summary is a bit sensational. When working for large institutions (private or public) you don't have a lot of luxuries you normally take for granted. Even things like temporary storage space. Destroying everything may very well have been the most cost effective option. Trying to hang on to old equipment is often a false economy when you take in to account the cost of labor and storage.
Consider this:
You need to conduct a full infrastructure-to-end-user equipment audit.This means rebuild/re image. No, a virus scan isn't going to cut it.
You don't have a rebuilt/reimage regime in place.
Your equipment is old and is on the verge of replacement anyway
Your IT services aren't handled in house, but contracted.
Really, the best option may be to "forklift" everything out and start fresh. Some of your stuff is still good you say? Well great. Now you have to pay someone to: .. And by the time you're done with all that, what you're holding on to may very well be completely obsolete instead of almost obsolete.
Inventory everything. Yes, there may be existing inventory but you'll need to do it again anyway.
Determine what's worth keeping and what's worth getting rid of
Create an inventory of what's staying and what's going
Store what's being kept - I don't know about you, but peripherals are dirt cheap today. It's probably cheaper to buy new than store your old junk.
Imagine you've been put in charge. You walk in to a location that's had badly mismanaged IT for a for some time. It's probably not worth your time to determine what assets are worth keeping. You'll spend more time and money integrating bad infrastructure than you will burning it down and replacing it wholesale.
I don't want to work in that office if they learn most system vulnerabilities are due to humans!
It's the Incompetence Development Administration. No but seriously, this takes things to a whole new level. It's so dumb and uneducated I'm almost inclined to think there was some big contract for hardware and installations around the corner waiting to be served. Big incompetence, Big corruption? Americans do it Big.
Signature intentionally left blank.
WTF?
Is it just my observation, or are there way too many stupid people in the world?
I'm sure nothing fishy was going on in this government center. I imagine they didn't want 3rd parties looking at their computers too closely. #tinfoilhaton
In all fairness, they did generate a lot of economic activity due to their over-reaction. Another government success story!
This reminds me of religious zealots burning books,music and instruments since they might have been tools of Satan.
George W was removed for incompetence and lost the company he worked for several times and had no real job. And he moved on from each catastrophe to the next one with a pay rise.
The Guiness Directors were done for fraud and one who went to prison was diagnosed with Alzheimers therefore released on compassionate grounds (since the state would leave him living a life for only a few years more), but was later found out to merely have the APPEARANCE of severe and advanced alzheimers.
And despite being a jail bird fraudster who's brain was nonfunctioning beyond basic motor control to the opinion of a medical practitioner of full standing, he got another job as a director within weeks of being let free.
Impressive... this must be the most successful targeted social engineering malware yet.
They were due for upgrades anyway
Join the Slashcott! Feb 10 thru Feb 17!
That was probably what the anti-virus guy said when asked if he was 100% sure he'd got rid of all the malware.
So they did the second best thing they could think of...
- Peder
If you're not confident you can disinfect your computers, then selling them on eBay is a lot more cost-effective ;-)
the Movie Zoolander? The two dumb male models smashed an iMac to try and get the files out of it.
Jesus was a compassionate social conservative who called individuals to sin no more.
What was it they thought MIGHT have been on their network? It was so scary even when they found out there was nothing apparently there but there MIGHT be a breach because of garden variety malware, they destroyed the equipment before letting it progress. What kind of malware is that intimidating? And why does DHS know about it but the rest of us don't?
Just let the techies run the show.
now we need to go OSS in diesel cars
So just which "incompetent, overweening bunch of wanna-be tyrants" should we give more money?
Oh, I'm sorry sir, I thought you were referring to me, Mr. Wensleydale.
There are industries and use-cases when "smash first, don't bother asking questions later" this is the appropriate response.
However, such times are rare and they should be spelled out ahead of time and they should only include destroying equipment which either 1) is at least theoretically possible to infect in a way that cannot be cleaned, ever (e.g. an infected BIOS), or 2) is deemed too expensive to clean and the data-storage media cannot be sterilized in a cost-effective manner or at all (e.g. a very cheap but hard to sterilize device, or write-once media).
Basically, if you are one of the very few shops that would need to resort to such things, you should know ahead of time the scenarios in which:
1) after a short investigation, you know cleaning is sufficient
2) after a short investigation, you know cleaning will be insufficient so just skip it and go straight to data recovery and destruction
3) the "edge cases" where it's worth spending some amount of extra time figuring out if it's 1 or 2 or, if you still can't figure it out, assuming 2.
Unless you've got special mice and keyboard that can be infected in a way that makes them not cost effective to clean, there's no reason to destroy them just because of a virus infection. As for printers and cameras, the dumber the device, the more likely you have no reason to destroy it. As for uninfected systems - how can you be sure it's uninfected? You can be 99.999% or 99.999999% or some other "%" sure but if the system was connected to a compromised system, unless it's "infection-proof" like a dumb mouse or you are 100% sure that the compromised systems weren't infected with anything that could have been passed on to the allegedly-uninfected system, you can't really be sure.
By the way, there is one other element of the calculation I didn't mention: Unless you can be 100% sure the replacement systems aren't infected, you may be just as well off keeping a 99.999%-sure-we-are-uninfected system than buying a replacement that you are only 99.999% sure isn't uninfected. After all, if I were a state actor, and I managed to infiltrate the PC-provider for a US-government agency and was slipping in BIOS-spyware-hooks in newly-purchased equipment, and I knew that infecting 6 of agencies computers with run-of-the-mill malware would force them to buy all-new equipment... bwuhahahaha.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
It sounds like some contractors made bank in this arrangement.
After all, what if those evil viruses somehow planted listening devices in the walls? OH MY GOD NOW THE WHOLE BUILDING IS INFECTED!
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
That's hardcore paranoia. Are they an three letter agency front, or have they been pulling some hijinks?
Every single one of the morons responsible for this atrocity should be held financially responsible and fired. I hope someone comes down on them with a hammer after such unbelievable stupidity.
With the severity of the response to some basic malware infection it makes one wonder what does that organization really do? And what data to they have?
Right: NOAA, with people with a scientific background, cleaned theirs up. EDA, presumably full of MBA's, don't have a clue.
Besides, they're doing *such* a good job promoting enconomic growth in the US....
mark
I'm curious how they checked the printer FLASH memory without going through the infected firmware.
With some infectors, you really do have to down the network, or else everytime you clean a box, it get's infected the moment it reconnects to the network.
The only way to deal with network enabled infectors is to isolate EVERY infected machine. If you don't know, an infected machine is every machine you haven't PROVED is clean. Even if it was a supposedly isolated controlled box with very limited access. You'd be amazed how many of those don't get checked, and are infected.
Destroying the hardware. What kind of moron thought that up?! Probably the same idiot that's afraid of catching an airborne computer virus from his fax machine. (They actually exist, I've talked to some. That type of paranoid, not the airborne computer virus.)
Con artists are out there and they do prey upon the computer illiterate. I know one lowlife that had the cops sicked on him when one of his victims found out there was no need to "take his computer into the shop so the memory could be drained on a special machine to remove the virus". It happened. The less someone knows, the easier it is to fool them.
Now I'm not saying the EDA was conned, but it's possible. (Especially when you consider how much they were charged for the destruction of the hardware.)
this story is the lead on money.cnn.com right now !
According to their website one of the programs they offer is Local Technical Assistance. Maybe the way they help people is by smashing all of their equipment so they can get a better bulk deal when purchasing new equipment. Who knows, perhaps they have a contract with Dell and get a kickback on all of the replacement hardware sales generated after their "assistance".
Let me get this straight... If something is potentially corrupted with malicious behavior... the best solution is to render it to dust with a big hammer. Hmmmmmm, I wouldn't have gone there on my own, but suddenly D.C. is looking a whole lot more like "Whack-O-Mole".
I'll bet they were sick of trying to make do with old machines...
...of the most embarrassing departments in the world. Assuming, of course, they weren't already on it. http://news.slashdot.org/story/13/07/09/1721229/china-environment-ministry-calls-itself-one-of-four-worst-departments-in-world
It's the only way to be sure.
Please do not read this sig. Thank you.
of the old, perhaps apocryphal story, about the idiot who, when told that his floppy disk should be "cleaned", got a cotton pad and alcohol and started wiping the disk surface. Looks like he got promoted...
Security is hard. General-knowledge techies think they're much better at security than their masters, but I have my doubts. Techies don't always understand the value of assets and nature of threats to those assets. And they often overestimate their knowledge of system vulnerabilities. For example many techies think you can turn a computer into a blank slate by erasing the hard drive, but there have been demonstrations of firmware based malware. Just last year a security researcher created a proof-of-concept worm that stores itself in a computer's BIOS and the flash memory of attached devices and PCI cards. It has stealth features that make it virtually undetectable, except by pulling the flash chips and dumping their contents. If you *were* infected by a worm like this, and you wanted to eradicate it, you would *have* to physically destroy any attached device which had its own flash memory, including cameras, optical drives, and possibly even printers . Eradicating all physical traces is probably more than is needed to deactivate the worm, but it's a subtle point.
Another subtle point is that if you are worried about almost non-detectable malware, you have no assurance that the new equipment you are buying to replace the old stuff isn't factory infected. What that probably means is that trying to ensure you have a 100% guaranteed clean slate isn't cost effective for agencies, unless perhaps they are high value targets (e.g. NSA, CIA, some of the DoD). What to do instead isn't obvious. The simplistic model is you start with a clean slate and you prevent bad stuff from being introduced to your systems. That model doesn't work if you can't ensure your stuff is clean from the start, and if malware can enter your systems through channels you'd never imagined (e.g. some kind of innocuous USB device).
Destroying the equipment is almost certainly overkill in this case, but I can see why this particular agency might have chosen to do so. Given their role in advancing American competitiveness, they're probably hypersensitive to issues of industrial espionage and Advanced Persistent Threats (APT). According to the article the agency's CIO thought he was dealing with some sort of Stuxnet-like attack, which in hindsight doesn't seem to be the case.
As usual the /. summary is garbage. The agency spent 2.7 million to respond to the threat, but they didn't spend 2.7 million on hammer wielding contractors.Only $4,300 went to that, or 0.15% of the total expenditure on the event. The bulk of the rest of the money went to obtaining replacement services while their servers were offline, paying security investigators to track down the infection they did have, and developing a long term response to malware.
The physical destruction of the equipment was almost certainly overkill, as was bringing down their mail servers because they were transferrig infected emails. But one thing you have to admit is that the agency's response was swift and decisive.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
... stop paying federal taxes.
And I don't even have to look for them...
Hammer time.
Escher was the first MC and Giger invented the HR department.
Hammer-time!
All I can think of when I read this is one of those pics people keep reposting on imgur of a burning house with the caption "I thought I saw a spider..."
If nothing else, I think they probably win 'Most Expensive Overreaction 2013' hands down.
I sincerely hope the idiot responsible for making the decisions that led to this is at Staples right now, shopping for something to type up their resume on, having gone home and smashed their computer, too.
Friend: "The NIC is misconfigured..." Me: "No prob, I'll just telnet in and fix it." *Silence*
EDA smashed up all that equipment and bought replacements made in, yup, you guessed it, China.
they proceeded to physically destroy $170,500 worth of equipment, including uninfected systems, printers, cameras, keyboards and mice. OK, be honest now, who among us hasn't wanted to do this? Admittedly, destroying mice and keyboards is a little excessive, but I bet there's not a single person here who isn't dreaming of needlessly destroying a large quantity of computer gear in a very dramatic manner. -- Lost at C:>. Found at C. Reply to This Sharehttp://computersbds.blogspot.com/">please visit it