Slashdot Mirror

← Back to Stories (view on slashdot.org)

German Parliament May Need To Replace All Hardware and Software To Stop Malware

Posted by samzenpus on from the wiping-it-clean dept.

jfruh writes: Trojan spyware has been running on computers in the German parliament for over four weeks, sending data to an unknown destination; and despite best efforts, nobody's been able to remove it. The German government is seriously considering replacing all hardware and software to get rid of it. From the ITWorld article: "After the attack, part of the parliament’s traffic was routed over the federal government’s more secure data network by the Federal Office For Information Security, Der Spiegel reported. Some Germans suspect that the Russian foreign intelligence service SVR is behind the attack. On Thursday, the parliament will discuss how to address the situation."

11 of 189 comments (clear)

  1. Sure by Travis+Mansbridge · · Score: 5, Insightful

    They'll replace everything, then one person will plug in their phone over USB to put some emails on their new workstation and it'll begin all over again.

    1. Re:Sure by monkeyzoo · · Score: 4, Insightful

      Seems they should track down the source of any possible hardware infections before replacing all hardware. A) So they can better understand the threat and how it was perpetrated. And B) So they can, as you say, make sure they don't reinfect themselves.

      It is hard enough to purge a single computer of tenacious malware, let alone an entire network!!

    2. Re:Sure by mlts · · Score: 4, Insightful

      They need to look at their network's topology as well. One compromised network segment shouldn't allow an attacker complete and unfettered access to everything else.

      WAN-wise, they should look at building something like SIPRNet or NIPRNet so as little traffic as possible is on the Internet, even flying over a VPN. The ideal is physically separate cables and leased lines, coupled with some form of IPSec so that it would be very difficult for someone to set up a rogue machine and attack that network. Long term, it might be wise to even consider a different protocol than IP just because it would make hidden routers or bridges a lot more difficult.

      There are other tools that come to mind. App-V and Citrix for example, which would allow people to access and use an application, but not physically copy the data or access the OS directly on the application servers. Not a 100% solution, but it is a way to keep things separated.

      Reversing this concept, there might be offices that need to have no machines on the Internet, but workers can use App-V, RDP, or Citrix to access a terminal server so they can browse the web on a virtual desktop that cannot access the physical internal machines.

      There are a lot of security tools that are usable. VDI comes to mind as an extension to virtualization. Virtualization goes without saying because it separates what programs run on from the hardware, so if a VM is compromised, there is still a hypervisor to punch through before hardware can be re-flashed and attacked.

      The trick is defense in depth, be it at the desktop level (for machines that are terminals used by numerous people, a utility like DeepFreeze is useful), at the network topo level (so a compromise in Receiving doesn't trash Finance), at the network appliance level, the server level, and of course, the HUMINT factor with policies, and physical security.

    3. Re:Sure by guruevi · · Score: 1, Insightful

      I think you misunderstood. There is no hardware infection, they're just having problems getting their machines (a certain software, created by Microsoft) under control so they're just throwing everything out and starting from scratch. They could also go along each machine with a Linux disk and wipe the thing.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
  2. Parliament will discuss this? by CrimsonAvenger · · Score: 4, Insightful

    Hmm, might make a bit more sense to have their IT guys discuss this. It's not like your average MP (or whatever they call them in Germany) knows squat about computer problems....

    --

    "I do not agree with what you say, but I will defend to the death your right to say it"
  3. Getting a new computer to stop malware... by netsavior · · Score: 3, Insightful

    Getting a new computer to stop malware is like getting a new car because you refuse to buckle your seatbelt.

  4. Re:Are these the Germans... by markdavis · · Score: 4, Insightful

    >"Are these the Germans that cut over to Linux a few years ago, saving a 'ton' of money?"

    No, these are the Germans that did not and are now still suffering with tons of malware...

  5. WTF? by kosmosik · · Score: 4, Insightful

    This article is so full of WTF I just can't belive it. I guess it is some form of poor translation of german source.

    1) All software and hardware in the German parliamentary network might need to be replaced.

    So they will replace all servers, routers, switches etc.? Or just client machines?

    2) Trojans introduced to the Bundestag network are still working and are still sending data from the internal network to an unknown destination

    So maybe just fucking block all outbound traffic from the Bundestag network and enable it back on a white list basis like it should be anyway?

    3) In May, parliament IT specialists discovered hackers were trying to infiltrate the network.

    Just fucking WOW! Shouldn't it be an assumption (that hacker are trying to inflitrate government network) not a discover?

    4) Some are also refusing help from the foreign intelligence service, the Bundesnachrichtendienst, because the agency would gain access to the legislative process.

    I guess the legislative *process* should not be a secret to anyone?

    IMO this is just some bullshit article citing politicians not technical piece. I guess it is really hard to work for any central government bureau since *any* of your action no matter sane or stupid will be judged not by technical merits but by political fucking around. I really do pity the actual IT staff behind this mess.

  6. So how is that DRM in hardware working out? by thogard · · Score: 3, Insightful

    If they can't remove it, it is because they can't find it. They can't find it because it is living in the boot processor code or the firmware of io devices or both.

    The best place to hide unremovable firmware is in the protected boot code of the boot processor that is only there to provide for security control for the DRM subsystem.

    There have been talks each of the last few years at Breakpoint about how broken the boot firmware is. Maybe now people will start to take notice.

  7. Re:Are these the Germans... by markdavis · · Score: 4, Insightful

    I doubt anyone on Slashdot believes any platform is invulnerable to malware. But if the shoe fits wear it- MS-Windows is perhaps more than a thousand times more prone to malware than Linux in the real world.

  8. Re:Infecting HD BIOS, other flash? by bobbied · · Score: 3, Insightful

    Maybe this is the best approach, but I'd be wary about just launching a wholesale "replace it all" approach unless I knew a couple of things first.

    1. What the problem was, exactly, and where did it come from in general...

    2. How it spreads around...

    3. That the thing is contained...

    Further, before I go and start ripping out stuff to replace it, I'd want to be 100% sure that the problem will NOT infect the new hardware and systems. So when someone starts saying we have to replace stuff to get rid of this problem that's infected it, I start to get dubious.. But if like you, they say something along the lines of "Well, we could remove it from your current equipment for X and it would take us y time, or we could just replace the old infected equipment with new for less. We suggest you just replace the old stuff, it's cheaper/faster/better."

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101