Emory University SCCM Server Accidentally Reformats All Computers Campus-wide

← Back to Stories (view on slashdot.org)

Emory University SCCM Server Accidentally Reformats All Computers Campus-wide

Posted by Soulskill on Saturday May 17, 2014 @01:30AM from the that-qualifies-as-a-bad-day dept.

acidradio writes: "Somehow the SCCM application and image deployment server at Emory University in Atlanta accidentally started to repartition, reformat then install a new image of Windows 7 onto all university-managed computers. By the time this was discovered the SCCM server had managed to repartition and reformat itself. This was likely an accident. But what if it weren't? Could this have shed light on a possibly huge vulnerability in large enterprise organizations that rely heavily on automated software deployment packages like SCCM?"

20 of 564 comments (clear)

Min score:

Reason:

Sort:

Cool by rossdee · 2014-05-17 01:32 · Score: 5, Funny

Sounds like a good way to get rid of Malware
1. Re:Cool by Anonymous Coward · 2014-05-17 01:49 · Score: 5, Interesting
  
  Unfortunately, SCCM also supports Linux and Mac OSX clients. I wonder whether it tried to install Windows 7 on them also? Users would be really pissed to discover their Mac/Linux box was now lurching under Windows...
2. Re: Cool by Anonymous Coward · 2014-05-17 02:56 · Score: 5, Funny
  
  I worked at Emory for years and I have no doubts this was sheer incompetence not sabotage.
3. Re: Cool by Noah+Haders · 2014-05-17 04:54 · Score: 4, Funny
  
  I like to think it was the SCCM server itself that said fuck you all I've had enough. I'm pushing the red button and we're all going down.
4. Re:Cool by camperdave · 2014-05-17 05:46 · Score: 5, Insightful
  
  No, capability isn't enough. The student's personal computer still needs to be configured to PXE boot before hitting other boot sources. Even that wouldn't be enough. Something has to trigger a reboot. So, if the machine's boot order has PXE before hard drive, and has Wake on LAN configured, AND is powered off as opposed to merely sleeping or hibernating, then it *MIGHT* be affected. However Wake on LAN requires that the MAC address of the target computer be known by the issuer of the Wake on LAN command, the SCCM server in this case. The odds of all these prerequisites being in place for a student's personal computer is remote in the extreme.
  
  --
  When our name is on the back of your car, we're behind you all the way!
5. Re:Cool by mikael · 2014-05-17 07:49 · Score: 4, Interesting
  
  That's what some universities actually do. They have a custom built dual-boot OS partition image (Linux + Windows) will all the standard applications that have been licensed and required for lab use (Mathematica, Microsoft Word, Firefox, Opera). This image gets stomped onto the drive of every idle system every night. So even if some spyware installs itself overnight, it gets overwritten.
  
  --
  Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
SCCM server reformats itself? by Rick+Zeman · 2014-05-17 01:34 · Score: 5, Funny

Kind of sounds like a snake eating its tail....
Configuration deplorement by K.+S.+Kyosuke · 2014-05-17 01:36 · Score: 4, Funny

The configuration deployment server apparently upgraded itself into a configuration deplorement server.

--
Ezekiel 23:20
Sounds like IT incompetence by areusche · 2014-05-17 01:44 · Score: 4, Insightful

SCCM is pretty good. It makes my desktop techs jobs significantly easier to deploy assets company wide. In this case, it sounds like someone pressed some buttons without being 100% clear as to what was going on. Unfortunate someone will not be working in IT ever again.
1. Re:Sounds like IT incompetence by BitZtream · 2014-05-17 02:07 · Score: 5, Insightful
  
  Assuming it was just a mistake and not malicious ...
  Probably not. This shit happens, and that person who did it will never do something like this again. Have you ever made a massive, expensive mistake?
  I have, I was 19 years old and cost my company nearly a million dollars due to a silly misconfiguration. After I discovered it, corrected the error and notified my boss, I spent most of the night throwing up. The next morning, after everyone in the company (only 15 people or so) knew what happened, and I walked through the halls on the way to the meeting with the owner and my boss, I thought I'd pass out. As I walked into the Owner's office I didn't even bother to sit down, expecting a fairly short conversation. I was asked to sit down while my boss had this very stern look on his face. So I did, cost them that much money, I can do what they ask.
  The owner than proceeded to tell me the story of how, when working for a certain Germany car company doing CICS programming, he made a mistake that screwed up a production line and cost the company several million dollars. He knew exactly how I felt, and he knew that it would never happen again because I had already punished myself more than he possibly could.
  If they fire the person who did this, they just wasted the whole event. The person learned their lesson and will be extremely cautious in the future. Firing them now just means someone else will get to reap the benefits of this experience, and thats pretty stupid.
  People make mistakes, and in this case the software is at least partially responsible. The SCCM server should have aborted during the preflight checks when it realized it was going to take itself out in the process. The best thing this IT department can do is for the manager/director to keep the specific employe's name under wraps, stop shit from flowing down hill from above and move on. Nothing will benefit anyone if all of Emory treats the person responsible as if he deserves to pay for all the time lost in repairing the damage, he simply can't.
  The hard lesson has been learned by everyone, nothing else will make anyone any better off.
  
  --
  Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
2. Re:Sounds like IT incompetence by bitt3n · 2014-05-17 02:20 · Score: 5, Insightful
  
  Have you ever made a massive, expensive mistake?
  Glances woefully down at wedding ring...
  
  The person learned their lesson and will be extremely cautious in the future.
  Thinks back on previous three weddings...
  
  --
  how many pairs of boxer shorts should you own?
3. Re:Sounds like IT incompetence by rastos1 · 2014-05-17 02:26 · Score: 4, Funny
  
  Also known as:
  Harrisberger's Fourth Law of the Lab:
  Experience is directly proportional to the amount of equipment ruined.
4. Re:Sounds like IT incompetence by jd2112 · 2014-05-17 02:40 · Score: 5, Interesting
  
  SCCM is pretty good. It makes my desktop techs jobs significantly easier to deploy assets company wide. In this case, it sounds like someone pressed some buttons without being 100% clear as to what was going on. Unfortunate someone will not be working in IT ever again.
  Or perhaps someone decided that having a testing environment for deployment packages was an unnecessary expense combined with personnel who aren't properly trained. Just think how much money they saved by eliminating training and a test environment!
  
  --
  Any insufficiently advanced magic is indistinguishable from technology.
5. Re:Sounds like IT incompetence by bitt3n · 2014-05-17 03:15 · Score: 5, Funny
  
  Fourth unhappy one? you're not making mistakes, you have a problem
  Might as well face it, I'm addicted to love
  
  --
  how many pairs of boxer shorts should you own?
Surprisingly Infrequent by crow · 2014-05-17 01:46 · Score: 4, Interesting

I think the big surprise here is that this doesn't happen more often.
Consider how many corporations, universities, and such have huge PC deployments with automated updates. I've seen updates that drop all the PCs off the network, but I've never seen one where everything is wiped.
I'm also surprised that I haven't heard of malware that accidentally wiped a network of 100K or more machines when someone sent the wrong command.
Or maybe the news here is that it was in a more open environment where people hear about it. If a publicly traded company wiped a thousand PCs at its headquarters, you bet they would try to keep it quiet.
An...accident..? by geekmux · 2014-05-17 01:54 · Score: 5, Insightful

Knowing that people have been running various kinds of centralized update services, perhaps across multiple OSes, and spanning several years now, listening to a story about an update server literally going rogue and nuking everything attached to it, and then for the coup de grace, basically committing suicide at the end by reformatting itself, does not sound like an accident.
If it truly was, I'd hate to see what the hell purposeful intent looks like.
1. Re:An...accident..? by Anonymous Coward · 2014-05-17 02:39 · Score: 5, Funny
  
  Might be interesting to see how the Emory Board files this away.
Re:Oh man by Anonymous Coward · 2014-05-17 01:58 · Score: 5, Funny

In a résumé, "Watched in horror as images were accidentally deployed" becomes "Supervised the deployment of images on university-managed computers".
Wrong OS by Air-conditioned+cowh · 2014-05-17 02:10 · Score: 5, Funny

It reformatted the drives and put Windows on them. Eeewww! That's gross!
Only a good manager could tell the difference by Anonymous Coward · 2014-05-17 02:39 · Score: 5, Insightful

It sounds like the commenter above was teachable - he no doubt learned his lesson.
It also sounds like the company's owner knew he could learn this lesson. That's the mark of a great manager.
Whether the Emory staffer responsible for this mistake is teachable or not, I hope his boss can tell the difference. Some folks aren't teachable, some are. If the Emory boss is worth his paycheck, he should be able to tell.