Slashdot Mirror
German Parliament May Need To Replace All Hardware and Software To Stop Malware
jfruh writes: Trojan spyware has been running on computers in the German parliament for over four weeks, sending data to an unknown destination; and despite best efforts, nobody's been able to remove it. The German government is seriously considering replacing all hardware and software to get rid of it. From the ITWorld article: "After the attack, part of the parliament’s traffic was routed over the federal government’s more secure data network by the Federal Office For Information Security, Der Spiegel reported. Some Germans suspect that the Russian foreign intelligence service SVR is behind the attack. On Thursday, the parliament will discuss how to address the situation."
They'll replace everything, then one person will plug in their phone over USB to put some emails on their new workstation and it'll begin all over again.
Hmm, might make a bit more sense to have their IT guys discuss this. It's not like your average MP (or whatever they call them in Germany) knows squat about computer problems....
"I do not agree with what you say, but I will defend to the death your right to say it"
No computers in 1945....
Phew...I was worried for a moment it might have been the USA. Good to know they are limiting themselves to only tapping Merkels phone.
Oh, they are switching back to Windows...
http://microsoft-news.com/germ...
Ken
Wasn't by chance somebody offering to supply replacements very attractively?
The case demands professional investigation, subsequent steps of isolation and future prevention would become rather obvious. This can be group of professionals, delegated by several institutions. They will be addressing the problem, and not at all legislation.
Servant of karma
I think that was just the City of Munich...
Do not look into laser with remaining eye.
I can see why they'd be considering wholesale replacement, but I'm not sure it's going to be good enough for a long-term fix because of A) the scope of the problem and B) replacements that still have vulnerabilities. If the intruders have the level of access, time and resources that it sounds like and it's a "state sponsor" with substantial resources to dedicate, then they may have infected some systems at a hardware level that would be almost impossible to root out or detect.
Some of the things that might be compromised and difficult to detect or clean if detected would be hard drives (BIOS), network equipment (firmware in managed switches, routers, access points, etc.), printers and copiers (firmware, plus internal hard drives in some cases) and any other "appliances" on the network that are really special-purpose computers just like the items I listed above. Those "appliances" may be NAS devices, document management servers (some of which have been sold as turnkey solutions but which probably run Linux and some proprietary web and services software), HVAC systems, almost anything.
fencepost
just a little off
The reality of today is that, if you communicate any secrets, you must consider the possibility of your communications being tapped/intercepted. It is even possible that hardware is compromised before you even buy it.
With backdoors, BIOS hacking and packet sniffing being part of the daily talk on slashdot, you have to be prepared to communicate end-to-end with multiple levels of pre-planned encryption. That said, I don't think I've ever said anything that needs that much security, but a nation-state might have.
No, different Germans.
These are the ones that thought they didn't need to since saving money is for non-parliament people.
If you explain the situation, the NSA would be glad to give you some free computers for your parliament.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
Oh look mummy! A troll....
TLA spyware is probably baked right into the hardware these days. Their hardware will probably run better and they won't generally detect it. Out of sight, out of mind, right?
Left MS Windows for Linux Mint and never looked back!
Vote for Bernie in 2016!
Germans suspect that the Russian foreign intelligence service SVR is behind the attack. On Thursday, the parliament will discuss how to address the situation.
So if this isn't enough, what constitutes an act of war these days?
Getting a new computer to stop malware is like getting a new car because you refuse to buckle your seatbelt.
Going with lowest-bidder and other typical bureaucratic bullshit instead of doing this stuff in-house gets you in this exact position.
No sympathy. Get your shit off the global internet too, fucking morons.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
>"Are these the Germans that cut over to Linux a few years ago, saving a 'ton' of money?"
No, these are the Germans that did not and are now still suffering with tons of malware...
Parliamentarians will have to decide if they want to call in the help of counterintelligence experts from the Bundesamt für Verfassungsschutz (BfV), the domestic intelligence service of Germany.
Some members of parliament have expressed concerns about the involvement of the BfV, Der Spiegel reported. Some are also refusing help from the foreign intelligence service, the Bundesnachrichtendienst, because the agency would gain access to the legislative process. Armin Schuster, a member of parliament for the CDU, criticized those concerns.
Schuster told Der Spiegel that he thinks it is “crazy” that some would rather be spied upon by a foreign intelligence agency then letting their own agencies help.
Heh, they're afraid that one set of taps would probably be replaced with another, which would probably be cc'ed to the CIA.
This article is so full of WTF I just can't belive it. I guess it is some form of poor translation of german source.
1) All software and hardware in the German parliamentary network might need to be replaced.
So they will replace all servers, routers, switches etc.? Or just client machines?
2) Trojans introduced to the Bundestag network are still working and are still sending data from the internal network to an unknown destination
So maybe just fucking block all outbound traffic from the Bundestag network and enable it back on a white list basis like it should be anyway?
3) In May, parliament IT specialists discovered hackers were trying to infiltrate the network.
Just fucking WOW! Shouldn't it be an assumption (that hacker are trying to inflitrate government network) not a discover?
4) Some are also refusing help from the foreign intelligence service, the Bundesnachrichtendienst, because the agency would gain access to the legislative process.
I guess the legislative *process* should not be a secret to anyone?
IMO this is just some bullshit article citing politicians not technical piece. I guess it is really hard to work for any central government bureau since *any* of your action no matter sane or stupid will be judged not by technical merits but by political fucking around. I really do pity the actual IT staff behind this mess.
I call BS. Their parliament is not partitioned and isolated behind firewalls so they can at least drop the malicious outgoing / incoming traffic at the perimeter?
They don't have a spy agency capable of tracking this down and at least isolating it?
There's no competent network/system admins?
It's one thing to acknowledge you've been exposed, it's another to let it continue. Maybe they do deserve to be hacked.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
They did this in my previous school. Some PCs got infected with adware/toolbars. So they replaced the PCs instead of cleaning them (which would have been more expensive apparently, they pay an external IT company by the hour). Needless to say, the new ones were also infected in a few days.
If they posted some details maybe the collective we could help them sort it out. There is no information at all about the actual issue or what has been attempted. This should be kicked back to tier 1 for more info before being escalated to international news. Did they even contact their helpdesk?
Thanks for being so predictable.
Some tasks that may just be too sensitive to put on non-isolated networks except in extreme, carefully-controlled circumstances.
If you don't get the reference,
1) see https://scifi.stackexchange.co... .
2) What are you doing on Slashdot?
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
...on zee German desktop!
Should have used Kapersky..
Oh, wait...nevermind
Left MS Windows for Linux Mint and never looked back!
Vote for Bernie in 2016!
It's like the malware in Germany focused into a coherent beam of suck.
Chromium might work for them as well.
Comment removed based on user account deletion
This isn't a German problem it's a world-wide problem and it's leading to a catastrophe in security. We've let capitalism, governments, and feature-mania destroy any security and all we're left with is imaginary "security". This didn't happen overnight. It's taken the entire existence of the PC to get here. What we need to do is quite simple. We need to reduce the complexity of systems and audit everything. From the core CPU and graphics components to hard disk controllers. There shouldn't be anything in the system that isn't thoroughly understood by hundreds of people who've thoroughly analysed the code. There shouldn't be writeable chips in most components and the chips that are used should be cheap enough and designed to be easily replaced. We don't need quad core CPUs. We want quad core CPUs. We don't need 3d accelerated graphics. We want 3d accelerated graphics. The code for everything should be available and every government and industry should be paying significantly to audit the code. You shouldn't adopt a platform that you're not able to audit from the ground up. There's sadly no system like this though. The core components from AND, Intel, and others have lots of secret proprietary pieces.
So they downloaded the GIMP from Sourceforge I see.
That the slashdot collective thinks only Windows is vulnerable to malware is cute and sad at the same time.
Don't connect the computers to the internet. Eliminate all inputs to computers (except for desktop systems, where they hardwire the keyboard and mouse.) Requests for information outside the network are sent to IT, and IT sanitizes all data that goes into or out of the system.
Government security means lives, this is no place for half measures.Legislators need to learn that they have to put up with the nuisances of a truly secure system.
Contribute to civilization: ari.aynrand.org/donate
And for you to say that, that means you aren't real geek. Now turn in your damned card and your kilt!
If they can't remove it, it is because they can't find it. They can't find it because it is living in the boot processor code or the firmware of io devices or both.
The best place to hide unremovable firmware is in the protected boot code of the boot processor that is only there to provide for security control for the DRM subsystem.
There have been talks each of the last few years at Breakpoint about how broken the boot firmware is. Maybe now people will start to take notice.
I doubt anyone on Slashdot believes any platform is invulnerable to malware. But if the shoe fits wear it- MS-Windows is perhaps more than a thousand times more prone to malware than Linux in the real world.
Are these the Germans that cut over to Linux a few years ago, saving a 'ton' of money?
Probably not, most linux machines have little use for MSI installers.
'The Greens in the German parliament want the Foreign Ministry to revert back to open source software solutions on its workstations. The ministry in 2010 abandoned its open source desktop strategy, pressured by staffers struggling with interoperability problems. The Greens are now asking the ministry to justify the proprietary licence costs it has made since then.'
Seriously.. You just need to restore the OS to a previous state that didn't have the malware... The hardware, other than maybe Hard drives, have next to nothing to do with malware... If it affected the bios, that's more than just a simple malware. And most of the time that should be fixed by changing the bios chip or restoring the flash on it... there's really no need to replace everything.
That you believe this to be true tells us more about you than it tells you about us.
Troll much?
or, you virtualize it??
Talk about virtualization ...
Who was the one tapping into Angela Merkel's phone?
NSA or the Russians?
Since they can't even get rid of the thing how in the world they know that thing came from Russia, not NSA?
I always thought the Germans are equipped with critical thinking skill, apparently I couldn't be more wrong
Muchas Gracias, Señor Edward Snowden !
If a component ever needs new firmware it should be provided by the operating system when subsystem is initialized never to be stored anywhere except the systems main persistent store.
This is a no-brainer win-win for everyone. Manufacturers reduce risk associated with firmware updates and reduce costs from smaller bill of materials.
Users win by retaining the ability to recover from ownage by wiping persistent storage.
Also please enough of the computers within computers crap. I'm looking at you Intel. Vendors never bother properly maintaining and most of these systems are defective by design.
Whatever they are currently using- the new system should be different.
If windows- go with linux or apple.
If apple- go with linux or windows.
If linux- go with apple or windows.
Or even consider a less common OS which has a working email client and can compile libre office.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
In general, this is true, but this is targeted. If the Germans were running Linux instead, they would've been attacked anyway, just through a different vector. For casting wide nets in the hope of fooling common folk or stealing sensitive information, aiming for Windows is the logical choice due to the size of its user base alone. For targeted attacks, though, any platform is vulnerable.
Or could it be an inside job from someone associated with one of their fringe parties?
http://articles.latimes.com/20...
I'm guessing that it's an inside job, a worm by someone that wasn't as clever as they thought they were (spyware should not be so obvious) and it was a worm that got out of control.
pfft. You've never managed a Linux web server. Especially one running gawd damned wordpress.
The more people that are hosted by it, the exponential source of malware infection. Virtualized systems only make it harder to get rid of.
Let me tell you this... I had to literately find the source of a malware infection on a linux machine by using nmap, because somehow, some site managed to execute a rootkit binary that was invisible to everything because it made use of Linux's equivalent of "rundll" so it wasn't showing up in anything. We only managed to get rid of it because while the binary was hard to locate, the message and email logs were dead give aways that it was still present.
Ok so a machine came into the shop with a pile of BHOs and other malware. I did the normal scans, found 96 of them, cleaned them up and everything ok. A specific malware site came back. Now I did rootkit scans, in depth scans. Nothing found but Chrome and Firefox was clean, only IE 10 suffered.
Busting my brains on this, I set home page to be null. Worked ok except when IE was restarted. Nothing in the registry, services, hidden files/folders that could account for this. Everytime I started IE, back it came.
So thinking logically I realised that there was no malware on the system and that IE was calling it somehow when it loaded. A few minutes later I discovered that the shortcut link was appended with a http address to the malware site! A very simple infection that no amount of scanning could fix.
Don't be apathetic. Procrastinate!
what do you expect from a government where the evil bad arch-chancelloress Merkel called the internet "neuland" (unknown land)...
these guys have little to no education, many of them bought their titles - they are busy with tricking and cheating the population.
Replacing all windows7 installs by new windows7 installs will for sure remove the possibility of the same malware hitting again. DOH!
Maybe change platform.
There are 2 other OS to consider, MacOS and Linux.
An important organization should always have 2 completely different platforms.
Not only 2 different browsers on the same OS, but different OS. And by different I don't mean a Microsoft-different who state the XP is not NT and is not Win7. It's all windows!
Same goes for Linux, where redhat or debian is not different, it stays Linux. Sunos may be different.
Atari rules... ermm... ruled.
So.... It's like "we don't know where the data is being sent to, but it must be the Russians"?
Of course, Angela Merkel wouldn't want to get any dirt on her American friends, since they still have yet to reveal how widespread NSA snooping on German populace really was.
I'm pretty much sure fingers were too quickly, too easily pointed eastwards without actually looking for the real culprit.
you earned it!
"The Raspberry Pi Foundation have received a sizable order of 9000 units from an undisclosed German party. We are ecstatic for the opportunity to fund our next project with the funds from a single deal alone, although it is not surprising as the next Picademy is already at the eleven."
Have they ever heard of Netstat, TCPDump, Wireshark, etc? Jesus Christ on a stick.
You don't do your point of view a great service by posting something so easily refuted.
I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
Except "those Germans" that thought going to Linux would save them a ton of money are now going back to Windows. Apparently they found the investment involved in maintaining a 'free' operating environment too much work/too expensive.
Huh.
http://microsoft-news.com/germ...
Ken
We all know this: IT setups vital to work but so unprofessional words fail to describe it.
I would smack around the people responsible so hard, they would have their head still spinning when the IT setup has been completely redone.
I consider it bizar that taxpayers money and national security is put to risk by idiots running the parliaments IT.
This is material for some legal repercussions by the President of the Bundestag IMHO.
He should shaft the MPs so hard they never dare to do something like this again.
My 2 cents.
We suffer more in our imagination than in reality. - Seneca
1. No
2. No.
3. No.
So much nonsense in one post. Incredible. I'm sure everything else you say is equally awesome, and will listen intently to every word you say. /s
Seriously, they would be smart to have equipment from the west, and move to Linux. They already have done that elsewhere and know what it takes.
I prefer the "u" in honour as it seems to be missing these days.
Except that news you are linking to is not true. Munich is still using Linux. What happened though was to calculate the cost to switch to Windows and the cost to stay on Linux. This was demanded by the opposition who was backed by Microsoft. Microsoft did an independent calculation and came to the conclusion that Microsoft would be a lot cheaper
According to Munich the cost to switch to Linux was 23 million, while they saved 10 million on licensing costs if they stayed with Windows NT. But they also avoided the 34 million cost to upgrade to Windows 7.
Microsoft calculated that the cost to switch to Linux was 60.6 million and that the cost to upgrade to the lasted Windows would be only 17 million.
It are quite different numbers and that's why a report was requested by the city.
The conclusion was the Microsoft was a bit off with the numbers in its calculations, 17 million is way too low, that would only be the cost to upgrade from NT to XP with upgrade licenses. It doesn't include the cost for new hardware, the hours spend to upgrade, and more importantly the cost to upgrade to newer version of Windows since XP is no longer supported. On the other hand, Microsoft assumed to0 high prices for the Linux professionals, who cost only a fraction of the numbers Microsoft used in their calculations.
"MS-Windows is perhaps more than a thousand times more prone to malware than Linux in the real world"
Perhaps because it is 1000 times more likely to be user in the real world?
Ninjas don't carry tic tacs
Stop using Windows. Problem 85% solved. Then work on the other 15%.
and here Canberra is selling ICON. http://mobile.itnews.com.au/News/400468,icon-network-sell-off-to-begin-in-june.aspx
I am sure microsoft-news.com will give all the accurate info about what was happening and why.... not
Oh, they are switching back to Windows...
Are they?
This is the city of Munchen, not the German Government as the article is trying rather fraudulently to imply, got a new mayor that is a Microdoft fanboy, but seems he got a reality check imposed upon him.
http://www.zdnet.com/article/munich-sheds-light-on-the-cost-of-dropping-linux-and-returning-to-windows/
http://www.techrepublic.com/blog/european-technology/mayor-of-city-that-threw-out-microsoft-told-to-end-attacks-on-linux/
Apparently the cost of returning to Microsoft was too high...
http://www.zdnet.com/article/munich-sheds-light-on-the-cost-of-dropping-linux-and-returning-to-windows/
This is all based on an opinion by a local politician. No Windows in sight.
And yes, the article is about Munich district, not the parliament, which uses Windows workstations.
pfft. You've never managed a Linux web server. Especially one running gawd damned wordpress.
Judging by the entries in my log files, a very simple but effective mitigation technique would be to run wordpress under a path like /blog instead of the root directory - most attempts are just blindly searching for vulnerabilities at the default path.
Most human behaviour can be explained in terms of identity.
You don't have any experience with Microsoft corporate licensing, do you?
Microsoft doesn't have different license prices for different desktop OSes, they only offer licenses for current OSes, with downgrade rights to the previous version or two. For example, a desktop license sold today would cover Windows 8.1, with downgrade rights to Windows 7 (and maybe Vista). That same license, sold today (June 23rd, 2015) would entitle the purchaser to upgrade to Windows 10 after July 29th, or keep running Win 8.1, and Win 7 (but maybe not Vista).
I can't speak to hardware upgrade costs, I assume the City of Munich has refreshed their hardware once or twice during this ten year experiment, and I further assume some portion of their current desktops could support Win 8.1 currently, some could probably be upgraded to support Win 8.2, and still some others would need to be replaced.
When you sign an agreement with MS, you are licensing the software for a 12 month period - in education,the environment I'm familiar with, an annual desktop license is about $35/yr, and includes not only the current desktop OS but also the current MS Office version, with downgrade rights for both. I would assume a commercial desktop license to run about twice that number, but that is just a guess.
Ken