Slashdot Mirror

← Back to Stories (view on slashdot.org)

German Parliament May Need To Replace All Hardware and Software To Stop Malware

Posted by samzenpus on from the wiping-it-clean dept.

jfruh writes: Trojan spyware has been running on computers in the German parliament for over four weeks, sending data to an unknown destination; and despite best efforts, nobody's been able to remove it. The German government is seriously considering replacing all hardware and software to get rid of it. From the ITWorld article: "After the attack, part of the parliament’s traffic was routed over the federal government’s more secure data network by the Federal Office For Information Security, Der Spiegel reported. Some Germans suspect that the Russian foreign intelligence service SVR is behind the attack. On Thursday, the parliament will discuss how to address the situation."

7 of 189 comments (clear)

  1. Re:Sure by mikael · · Score: 2, Interesting

    Given that it is possible implant spyware into the BIOS, the firmware of graphics boards and micro-controllers of hard disk drives, replacing hardware is the only solution.

    --
    Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
  2. They don't trust their own security services. by godel_56 · · Score: 4, Interesting
    From TFA:

    Parliamentarians will have to decide if they want to call in the help of counterintelligence experts from the Bundesamt für Verfassungsschutz (BfV), the domestic intelligence service of Germany.
    Some members of parliament have expressed concerns about the involvement of the BfV, Der Spiegel reported. Some are also refusing help from the foreign intelligence service, the Bundesnachrichtendienst, because the agency would gain access to the legislative process. Armin Schuster, a member of parliament for the CDU, criticized those concerns.

    Schuster told Der Spiegel that he thinks it is “crazy” that some would rather be spied upon by a foreign intelligence agency then letting their own agencies help.

    Heh, they're afraid that one set of taps would probably be replaced with another, which would probably be cc'ed to the CIA.

  3. Re:This is the modern reality. by TheGratefulNet · · Score: 3, Interesting

    you buy a cpu chip and you get the instruction set manual. you write code to that and your code runs.

    are you sure that you are talking to hardware, or is there a virtual jail you are in and can't even know it?

    some think that intel chips are like that and what 99.999% of us see is the virtual layer that we're 'allowed' to see.

    can you prove it one way or the other? can you be sure? intel (etc) pumps out so many variations of cpu and so often, who could know?

    more tinfoil: you might submit a chip design, but is that absolutely what you are getting back? for those that could tell the diff, is their allegiance bought off?

    things are too complex. we can't know many of these things. sad but true.

    you can't do anything about hidden layers but you can design apps, networks and storage so that you assume bad behavior and make sure that it does not ruin your day. currently, WE DON'T DO THIS, and I'm of the mind that we should. assume all hardware is booby trapped and go from there. there is no other way to be secure in your systems and data. and it will costs lots of redundancy and intentional variety (if you even can do that, I'm not entirely sure it can be done) but if we don't, we really can't say we have 'trusted' computing. not in the personal sense of trust.

    --

    --
    "It is now safe to switch off your computer."
  4. Re:Infecting HD BIOS, other flash? by Fencepost · · Score: 3, Interesting

    SURELY there is somebody who has enough knowledge and skill to do it

    Absolutely there are people who could find all of it, and it may be possible to build or find a combination of tools to address all of the possible hiding spots they're able to think of. The problem is that those skilled people don't scale. As for the tool suite, while someone's attempting to assemble it, someone else is working hard at evading what's going into the suite - and even if they do put something effective together fast, how much confidence will there be that it actually got everything? It's like running a hastily cobbled together antivirus package on an already-infected system.

    XKCD 1425 is actually somewhat relevant here in that a cleaning solution is that research team project, but Germany doesn't have the time to wait for it - better to EOL some equipment 2-5 years early and replace it than to wait for a solution that won't be available until have of that equipment would be EOL anyway.

    And frankly, it's like something I tell my customers probably too often for my wallet's good: "I can fix it and I'd love to have you pay me to do so, but it's not worth you paying for my time to do so when we can replace it for around the same cost."

    --
    fencepost
    just a little off
  5. The Greens want to revert to open source software by nickweller · · Score: 5, Interesting

    'The Greens in the German parliament want the Foreign Ministry to revert back to open source software solutions on its workstations. The ministry in 2010 abandoned its open source desktop strategy, pressured by staffers struggling with interoperability problems. The Greens are now asking the ministry to justify the proprietary licence costs it has made since then.'

  6. Re:So how is that DRM in hardware working out? by guruevi · · Score: 3, Interesting

    Or they're just incompetent. There is to date not a single virus in the wild that uses boot processor code or device firmware (plenty of proof of concepts). The problem being is that if you target a firmware, you a) have to know very well what you're doing and b) any platform differences across devices render your exploit unusable and c) it generally doesn't have a method of spreading itself. Works well if you're targeting an embedded platform and you know they're all the same (eg. PLC's for uranium centrifuges) but doesn't work very well for 10-years worth of every model Dell, HP, Acer and Gateway computer out there.

    It's simple incompetence solved by a boot disk that wipes the hard drive without interacting with it. But 'oh noes, save my documents because we haven't made backups for the last 2 decades' and the virus is right back the minute the user logs in.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  7. Hidden Malware by Whiteox · · Score: 5, Interesting

    Ok so a machine came into the shop with a pile of BHOs and other malware. I did the normal scans, found 96 of them, cleaned them up and everything ok. A specific malware site came back. Now I did rootkit scans, in depth scans. Nothing found but Chrome and Firefox was clean, only IE 10 suffered.
    Busting my brains on this, I set home page to be null. Worked ok except when IE was restarted. Nothing in the registry, services, hidden files/folders that could account for this. Everytime I started IE, back it came.
    So thinking logically I realised that there was no malware on the system and that IE was calling it somehow when it loaded. A few minutes later I discovered that the shortcut link was appended with a http address to the malware site! A very simple infection that no amount of scanning could fix.

    --
    Don't be apathetic. Procrastinate!