Slashdot Mirror

← Back to Stories (view on slashdot.org)

German Parliament May Need To Replace All Hardware and Software To Stop Malware

Posted by samzenpus on from the wiping-it-clean dept.

jfruh writes: Trojan spyware has been running on computers in the German parliament for over four weeks, sending data to an unknown destination; and despite best efforts, nobody's been able to remove it. The German government is seriously considering replacing all hardware and software to get rid of it. From the ITWorld article: "After the attack, part of the parliament’s traffic was routed over the federal government’s more secure data network by the Federal Office For Information Security, Der Spiegel reported. Some Germans suspect that the Russian foreign intelligence service SVR is behind the attack. On Thursday, the parliament will discuss how to address the situation."

7 of 189 comments (clear)

  1. Sure by Travis+Mansbridge · · Score: 5, Insightful

    They'll replace everything, then one person will plug in their phone over USB to put some emails on their new workstation and it'll begin all over again.

    1. Re:Sure by monkeyzoo · · Score: 4, Insightful

      Seems they should track down the source of any possible hardware infections before replacing all hardware. A) So they can better understand the threat and how it was perpetrated. And B) So they can, as you say, make sure they don't reinfect themselves.

      It is hard enough to purge a single computer of tenacious malware, let alone an entire network!!

    2. Re:Sure by mlts · · Score: 4, Insightful

      They need to look at their network's topology as well. One compromised network segment shouldn't allow an attacker complete and unfettered access to everything else.

      WAN-wise, they should look at building something like SIPRNet or NIPRNet so as little traffic as possible is on the Internet, even flying over a VPN. The ideal is physically separate cables and leased lines, coupled with some form of IPSec so that it would be very difficult for someone to set up a rogue machine and attack that network. Long term, it might be wise to even consider a different protocol than IP just because it would make hidden routers or bridges a lot more difficult.

      There are other tools that come to mind. App-V and Citrix for example, which would allow people to access and use an application, but not physically copy the data or access the OS directly on the application servers. Not a 100% solution, but it is a way to keep things separated.

      Reversing this concept, there might be offices that need to have no machines on the Internet, but workers can use App-V, RDP, or Citrix to access a terminal server so they can browse the web on a virtual desktop that cannot access the physical internal machines.

      There are a lot of security tools that are usable. VDI comes to mind as an extension to virtualization. Virtualization goes without saying because it separates what programs run on from the hardware, so if a VM is compromised, there is still a hypervisor to punch through before hardware can be re-flashed and attacked.

      The trick is defense in depth, be it at the desktop level (for machines that are terminals used by numerous people, a utility like DeepFreeze is useful), at the network topo level (so a compromise in Receiving doesn't trash Finance), at the network appliance level, the server level, and of course, the HUMINT factor with policies, and physical security.

  2. Parliament will discuss this? by CrimsonAvenger · · Score: 4, Insightful

    Hmm, might make a bit more sense to have their IT guys discuss this. It's not like your average MP (or whatever they call them in Germany) knows squat about computer problems....

    --

    "I do not agree with what you say, but I will defend to the death your right to say it"
  3. Re:Are these the Germans... by markdavis · · Score: 4, Insightful

    >"Are these the Germans that cut over to Linux a few years ago, saving a 'ton' of money?"

    No, these are the Germans that did not and are now still suffering with tons of malware...

  4. WTF? by kosmosik · · Score: 4, Insightful

    This article is so full of WTF I just can't belive it. I guess it is some form of poor translation of german source.

    1) All software and hardware in the German parliamentary network might need to be replaced.

    So they will replace all servers, routers, switches etc.? Or just client machines?

    2) Trojans introduced to the Bundestag network are still working and are still sending data from the internal network to an unknown destination

    So maybe just fucking block all outbound traffic from the Bundestag network and enable it back on a white list basis like it should be anyway?

    3) In May, parliament IT specialists discovered hackers were trying to infiltrate the network.

    Just fucking WOW! Shouldn't it be an assumption (that hacker are trying to inflitrate government network) not a discover?

    4) Some are also refusing help from the foreign intelligence service, the Bundesnachrichtendienst, because the agency would gain access to the legislative process.

    I guess the legislative *process* should not be a secret to anyone?

    IMO this is just some bullshit article citing politicians not technical piece. I guess it is really hard to work for any central government bureau since *any* of your action no matter sane or stupid will be judged not by technical merits but by political fucking around. I really do pity the actual IT staff behind this mess.

  5. Re:Are these the Germans... by markdavis · · Score: 4, Insightful

    I doubt anyone on Slashdot believes any platform is invulnerable to malware. But if the shoe fits wear it- MS-Windows is perhaps more than a thousand times more prone to malware than Linux in the real world.