Slashdot Mirror

← Back to Stories (view on slashdot.org)

German Parliament May Need To Replace All Hardware and Software To Stop Malware

Posted by samzenpus on from the wiping-it-clean dept.

jfruh writes: Trojan spyware has been running on computers in the German parliament for over four weeks, sending data to an unknown destination; and despite best efforts, nobody's been able to remove it. The German government is seriously considering replacing all hardware and software to get rid of it. From the ITWorld article: "After the attack, part of the parliament’s traffic was routed over the federal government’s more secure data network by the Federal Office For Information Security, Der Spiegel reported. Some Germans suspect that the Russian foreign intelligence service SVR is behind the attack. On Thursday, the parliament will discuss how to address the situation."

128 of 189 comments (clear)

  1. Sure by Travis+Mansbridge · · Score: 5, Insightful

    They'll replace everything, then one person will plug in their phone over USB to put some emails on their new workstation and it'll begin all over again.

    1. Re:Sure by monkeyzoo · · Score: 4, Insightful

      Seems they should track down the source of any possible hardware infections before replacing all hardware. A) So they can better understand the threat and how it was perpetrated. And B) So they can, as you say, make sure they don't reinfect themselves.

      It is hard enough to purge a single computer of tenacious malware, let alone an entire network!!

    2. Re:Sure by monkeyzoo · · Score: 1

      They'll replace everything, then one person will plug in their phone over USB to put some emails on their new workstation and it'll begin all over again.

      Or a USB key!

    3. Re:Sure by mikael · · Score: 2, Interesting

      Given that it is possible implant spyware into the BIOS, the firmware of graphics boards and micro-controllers of hard disk drives, replacing hardware is the only solution.

      --
      Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
    4. Re:Sure by TheGratefulNet · · Score: 2

      or, you virtualize it??

      not sure if that's better or worse. maybe its just sideways. sometimes, that can be good enough, though!

      --

      --
      "It is now safe to switch off your computer."
    5. Re:Sure by gweihir · · Score: 2

      Indeed. It also seems that some people are unwilling to let experts look at their computers. No surprise this is not stopping.

      It should also be noted that Germany is one of the countries where arrogance has long since replaced actual skill on government level.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    6. Re:Sure by gweihir · · Score: 1

      Just replacing hardware is useless. It will just get re-infected (if it was infected in the first place...). You need to isolate and understand the malware first.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    7. Re:Sure by monkeyzoo · · Score: 1

      Yes, but which hardware/software!?!
      You need to figure that out first. Not only so you don't needlessly replace certain hardware, but also so you understand the source of the infection.
      You could replace every piece of hardware and get reinfected from a restored data file!!!!

    8. Re:Sure by mlts · · Score: 4, Insightful

      They need to look at their network's topology as well. One compromised network segment shouldn't allow an attacker complete and unfettered access to everything else.

      WAN-wise, they should look at building something like SIPRNet or NIPRNet so as little traffic as possible is on the Internet, even flying over a VPN. The ideal is physically separate cables and leased lines, coupled with some form of IPSec so that it would be very difficult for someone to set up a rogue machine and attack that network. Long term, it might be wise to even consider a different protocol than IP just because it would make hidden routers or bridges a lot more difficult.

      There are other tools that come to mind. App-V and Citrix for example, which would allow people to access and use an application, but not physically copy the data or access the OS directly on the application servers. Not a 100% solution, but it is a way to keep things separated.

      Reversing this concept, there might be offices that need to have no machines on the Internet, but workers can use App-V, RDP, or Citrix to access a terminal server so they can browse the web on a virtual desktop that cannot access the physical internal machines.

      There are a lot of security tools that are usable. VDI comes to mind as an extension to virtualization. Virtualization goes without saying because it separates what programs run on from the hardware, so if a VM is compromised, there is still a hypervisor to punch through before hardware can be re-flashed and attacked.

      The trick is defense in depth, be it at the desktop level (for machines that are terminals used by numerous people, a utility like DeepFreeze is useful), at the network topo level (so a compromise in Receiving doesn't trash Finance), at the network appliance level, the server level, and of course, the HUMINT factor with policies, and physical security.

    9. Re:Sure by funwithBSD · · Score: 1

      That they found on the ground in the parking lot.

      "I wonder what is on this?" - Famous last words.

      --
      Never answer an anonymous letter. - Yogi Berra
    10. Re:Sure by AK+Marc · · Score: 1

      Reversing this concept, there might be offices that need to have no machines on the Internet, but workers can use App-V, RDP, or Citrix to access a terminal server so they can browse the web on a virtual desktop that cannot access the physical internal machines.

      Why not just run "Internet" on a program on the local machine that can't access anything on the local machine? Sure, in your way, they'd be more secure because nobody would write a generic virus for a customer Citrix over Appletalk application that connects to a terminal server that gets the Internet.

      --
      Learn to love Alaska
    11. Re:Sure by Zorpheus · · Score: 1

      Why not just run "Internet" on a program on the local machine that can't access anything on the local machine?

      Isn't that how a browser is supposed to work?

    12. Re:Sure by Mashiki · · Score: 1

      Sandboxes are so 1998. Just ask Adobe and Java.

      --
      Om, nomnomnom...
    13. Re:Sure by thogard · · Score: 1

      If you need security and your local LAN network topology doesn't make one of your firewalls look like a ethernet switch, you are not doing it right. The days of a 3 zone Trust, DMZ, Untrust firewall model are long gone.

      For $5k I can buy a 34 port firewall. I've been using netscreen ^w Juniper SSG-140 with a bunch of 8 port ethernet cards with most things on their own zone. Too bad it looks like that line will soon be EOL and I haven't found anything to replace it at the right price point.

    14. Re:Sure by AK+Marc · · Score: 1

      That's why a dedicated computer for a Citrix proxy of an internet browser is silly. If the browser is broken, fix it, don't put a know bad program on a computer, then lock down that computer, and have people remotely access the presumed compromised computer.

      --
      Learn to love Alaska
    15. Re:Sure by rtb61 · · Score: 2

      Likely they do and they a pretty furious about it but for reasons of diplomacy they are saying nothing. They are making the issue quite public in a passive aggressive way to inform those responsible how much it will all cost and letting them know there will be repercussions. Problem with NSA back doors, once the show up in traffic other players can trace them back in, find and exploit the hole in security. Especially once the discover it in their own equipment and say nothing but seek to make use of it where they have found it elsewhere in the world, NSA effectively makes them a gift of the exploit (well done NSA). This likely ties in with that other story that US tech manufacturers are no longer trusted as a result of the actions of the US government this under the control of US corporations and are losing revenue, trickle to turn into a flood.

      --
      Chaos - everything, everywhere, everywhen
    16. Re:Sure by ultranova · · Score: 1

      Nuke it from orbit, it's the only way to be sure.

      Speaking of nukes, I wonder how many betrayals Germany needs to decide it has to re-arm and acquire its own arsenal since it obviously can't rely on the US anymore? Because it seems the NSA wonders too, and is determined to find out.

      --

      Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

    17. Re:Sure by guruevi · · Score: 1, Insightful

      I think you misunderstood. There is no hardware infection, they're just having problems getting their machines (a certain software, created by Microsoft) under control so they're just throwing everything out and starting from scratch. They could also go along each machine with a Linux disk and wipe the thing.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    18. Re:Sure by gweihir · · Score: 1

      While I actually doubt they understand it (the German BSI doing the analysis is not that competent with regards to technology and they are certainly not fast), I think you may be on to something with regards to what they are making public. Obviously, they are pissed, and they may be trying to tell everybody something along the lines "do this again, and forget any treaties or cooperation from us".

      Currently, they are saying it was eastern European, but they may be making that up. After all, the NSA will have zero problems finding some nice machines in the east that they can use to conduct attacks through.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    19. Re:Sure by gweihir · · Score: 1

      If BND officials knew about this and said nothing, then that would be treason. You know, the kind that used to get you shot and now gets you a decade behind bars, even in Germany. I doubt they knew. They might have been complicit in industrial espionage of the NSA though (which also is treason). They are trying to not hand over the evidence, but they have admitted to having it, so they cannot just delete it. And at this time, this is still only political, although the courts are getting involved now.

      One thing an intelligence agency cannot get away with (if caught) is spying on its own industry and leaders for a foreign power.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    20. Re:Sure by rtb61 · · Score: 1

      Likely they have caught Russia and China listening in but they know they did not create the holes in the first place (so unauthorised traffic going all over the place). So you can imagine how frustrated they are right now, made to look stupid and incompetent by a so called ally. So the whole passive aggressive reaction of claiming they have to scrap the entire system and start again because that ally refuses to come clean and tell them about all the holes they created and how they were created and how to remove them all.

      So rather than scrapping the existing, it makes sense to create a new parallel internal only network and treat the existing one as external only infotainment and non-secure communications and of course to flood that existing network with bogus data (if it was just Russia, that whole passive aggressive stance would make no sense in the current diplomatic climate but it does make sense in terms of 'see what you did, that is your fault').

      Whilst the US government is embarrassed the competing agency would simply be laughing their asses off at them. As far as they are concerned the Germans let them in by not stopping them.

      --
      Chaos - everything, everywhere, everywhen
    21. Re:Sure by hairyfeet · · Score: 1

      Bullshit its the router. I've dealt with so many of those "ZOMFG they keep getting in!" scenarios it ain't even funny and its ALWAYS the router. Five will get you ten they have some ancient router on the backend servicing shit that hasn't been mission critical in ages and its running an OS that has been pwned for years.

      I've seen it countless times, bet there is an old Cisco lying on the fringes that has access to the whole network, wouldn't surprise me a bit.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    22. Re:Sure by SmilingBoy · · Score: 1

      Not so sure. Sounds like advanced malware is used that could hide in hard disk firmware or the BIOS. And reflashing is not an option as this requires co-operation from the firmware that is already on the disk, which could simply pretend that it has been overwritten.

    23. Re:Sure by ruir · · Score: 1

      At this time of the game, it does not matter anymore who planted the holes, and they coming forward to close them. I am quite sure once other players went in down that holes, they created another set of their own.

    24. Re:Sure by painandgreed · · Score: 1

      I think you misunderstood. There is no hardware infection, they're just having problems getting their machines (a certain software, created by Microsoft) under control so they're just throwing everything out and starting from scratch. They could also go along each machine with a Linux disk and wipe the thing.

      Somebody probably figured out the cost of sending people around to each machine with a Linux disk versus an updated hardware refresh that is probably already on the budget anyway, and decided it will be cheaper to do the hardware refresh early rather than clean the computers, and then do the hardware refresh a few months later.

    25. Re:Sure by mrjimorg · · Score: 1

      I think that's from the Dictionary definition.
      Government: "where arrogance replaces actual skill"

    26. Re:Sure by TheRealLifeboy · · Score: 1

      Now, if they had been using Open Source Sofware, the process of hunting down what's happening would have infinitely easier and productive.

      Seems they have been the authors of their own misery. So replace everything and start with clean PCBSD...

    27. Re:Sure by arglebargle_xiv · · Score: 1

      Seems they should track down the source of any possible hardware infections before replacing all hardware.

      "No! Shut them *all* down, hurry! Listen to them, they're dying R2! Curse my metal body, I wasn't fast enough, it's all my fault!"

    28. Re:Sure by monkeyzoo · · Score: 1

      LOL

    29. Re:Sure by mcswell · · Score: 1

      Just in case:
                https://www.youtube.com/watch?...
      @6:00

  2. Parliament will discuss this? by CrimsonAvenger · · Score: 4, Insightful

    Hmm, might make a bit more sense to have their IT guys discuss this. It's not like your average MP (or whatever they call them in Germany) knows squat about computer problems....

    --

    "I do not agree with what you say, but I will defend to the death your right to say it"
    1. Re:Parliament will discuss this? by Opportunist · · Score: 4, Funny

      They'll probably outlaw trojans infecting government PCs and that solves the issue.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:Parliament will discuss this? by ArcadeMan · · Score: 1

      They'll probably outlaw trojans infecting government PCs, solving the issue once and for all.

      Yeah, but...

      ONCE AND FOR ALL!

      --
      Get free satoshi (Bitcoin) and Dogecoins
    3. Re:Parliament will discuss this? by bobbied · · Score: 1

      There should be a law.....

      Isn't it funny that politicians actually do think like this, or at least act like they do? "Hey I helped pass a law that made it illegal for children to starve! I CARE about children!" No one seems to mind that all the law does is issue tickets and assess fines for children who choose to starve....

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    4. Re:Parliament will discuss this? by Sique · · Score: 2

      The Germans call them MdB (Mitglied des Bundestages).

      --
      .sig: Sique *sigh*
    5. Re:Parliament will discuss this? by gweihir · · Score: 1

      The average MP in Germany is a lawyer or maybe a teacher. They do not know squat about anything concerning the real world. They also suck at being lawyers or teachers, otherwise they would not have switched careers.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    6. Re:Parliament will discuss this? by Opportunist · · Score: 2

      What they forget is that there is one important difference between politicians and engineers: Laws engineers come up with CANNOT be broken.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    7. Re:Parliament will discuss this? by Anonymous Coward · · Score: 1

      Naw. REAL engineers knows that anything can be broken. Same for politicians and lawyers.

      Support real people.

    8. Re:Parliament will discuss this? by bobbied · · Score: 2

      Naw. REAL engineers knows that anything can be broken. Same for politicians and lawyers.

      Support real people.

      Well... I'm an engineer and I don't agree. You won't be breaking the 2nd law of thermodynamics any time soon... However...

      That's not to say laws often cannot be OVERCOME by the application of effort, time and money in sufficient quantities.

      For instance, the law of gravity says that things fall down.... But if you try hard enough and apply enough resources, you can overcome that and build an airplane... Or launch something into deep space, never to return...

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    9. Re:Parliament will discuss this? by fisted · · Score: 1

      For instance, the law of gravity says that things fall down

      Oh please.

      I'm an engineer

      A "software engineer" by any chance?

      --
      CLI paste? paste.pr0.tips!
    10. Re:Parliament will discuss this? by bobbied · · Score: 1

      For instance, the law of gravity says that things fall down

      Oh please.

      I'm an engineer

      A "software engineer" by any chance?

      Electrical Engineer by degree and professional experience, Software engineer by majority of professional experience but I have dabbled in mechanical engineering, systems engineering and more at work. Don't get me started on my hobbies....

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    11. Re:Parliament will discuss this? by Dragonslicer · · Score: 1

      If you're an engineer and you can't break something, obviously you aren't trying.

    12. Re:Parliament will discuss this? by dave420 · · Score: 1

      If that's how you see gravity, you sound like a terrible engineer.

    13. Re:Parliament will discuss this? by PolygamousRanchKid+ · · Score: 1

      The German folks I know call them "Abgeordneten".

      --
      Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
    14. Re:Parliament will discuss this? by Opportunist · · Score: 1

      Here's the gravity laws. Good luck breaking them, but I'm not responsible for any injury!

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  3. Re:This would never have happened under Hitler! by xxxJonBoyxxx · · Score: 4, Informative

    >> No computers in 1945...

    Turn in your geek card.
    (http://www.computerhistory.org/timeline/?category=cmptr - see the entry about the Z3 in 1941)

  4. Russia by Anonymous Coward · · Score: 2, Funny

    Phew...I was worried for a moment it might have been the USA. Good to know they are limiting themselves to only tapping Merkels phone.

  5. Re: This would never have happened under Hitler! by kenh · · Score: 3, Informative

    Uh, check your history - the German government used many of what were called at the time computers to keep track of their progress on certain 'projects'. IBM supplied the machinery...

    It was punched card tabulators, sorters, and printers, but they were programmed (arranged/wired) to perform calculations.

    --
    Ken
  6. Re: Are these the Germans... by kenh · · Score: 3, Informative

    Oh, they are switching back to Windows...

    http://microsoft-news.com/germ...

    --
    Ken
  7. Excellent opportunities ahead by edis · · Score: 1

    Wasn't by chance somebody offering to supply replacements very attractively?

    The case demands professional investigation, subsequent steps of isolation and future prevention would become rather obvious. This can be group of professionals, delegated by several institutions. They will be addressing the problem, and not at all legislation.

    --
    Servant of karma
  8. Re:Are these the Germans... by TWX · · Score: 1

    I think that was just the City of Munich...

    --
    Do not look into laser with remaining eye.
  9. Infecting HD BIOS, other flash? by Fencepost · · Score: 1

    I can see why they'd be considering wholesale replacement, but I'm not sure it's going to be good enough for a long-term fix because of A) the scope of the problem and B) replacements that still have vulnerabilities. If the intruders have the level of access, time and resources that it sounds like and it's a "state sponsor" with substantial resources to dedicate, then they may have infected some systems at a hardware level that would be almost impossible to root out or detect.

    Some of the things that might be compromised and difficult to detect or clean if detected would be hard drives (BIOS), network equipment (firmware in managed switches, routers, access points, etc.), printers and copiers (firmware, plus internal hard drives in some cases) and any other "appliances" on the network that are really special-purpose computers just like the items I listed above. Those "appliances" may be NAS devices, document management servers (some of which have been sold as turnkey solutions but which probably run Linux and some proprietary web and services software), HVAC systems, almost anything.

    --
    fencepost
    just a little off
    1. Re:Infecting HD BIOS, other flash? by bobbied · · Score: 1

      Well darn.. I guess they will just have to replace the whole country then...

      Seriously, it may be hard to find, but SURELY there is somebody who has enough knowledge and skill to do it, no matter who is responsible or what's involved...

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    2. Re:Infecting HD BIOS, other flash? by Fencepost · · Score: 3, Interesting

      SURELY there is somebody who has enough knowledge and skill to do it

      Absolutely there are people who could find all of it, and it may be possible to build or find a combination of tools to address all of the possible hiding spots they're able to think of. The problem is that those skilled people don't scale. As for the tool suite, while someone's attempting to assemble it, someone else is working hard at evading what's going into the suite - and even if they do put something effective together fast, how much confidence will there be that it actually got everything? It's like running a hastily cobbled together antivirus package on an already-infected system.

      XKCD 1425 is actually somewhat relevant here in that a cleaning solution is that research team project, but Germany doesn't have the time to wait for it - better to EOL some equipment 2-5 years early and replace it than to wait for a solution that won't be available until have of that equipment would be EOL anyway.

      And frankly, it's like something I tell my customers probably too often for my wallet's good: "I can fix it and I'd love to have you pay me to do so, but it's not worth you paying for my time to do so when we can replace it for around the same cost."

      --
      fencepost
      just a little off
    3. Re:Infecting HD BIOS, other flash? by bobbied · · Score: 3, Insightful

      Maybe this is the best approach, but I'd be wary about just launching a wholesale "replace it all" approach unless I knew a couple of things first.

      1. What the problem was, exactly, and where did it come from in general...

      2. How it spreads around...

      3. That the thing is contained...

      Further, before I go and start ripping out stuff to replace it, I'd want to be 100% sure that the problem will NOT infect the new hardware and systems. So when someone starts saying we have to replace stuff to get rid of this problem that's infected it, I start to get dubious.. But if like you, they say something along the lines of "Well, we could remove it from your current equipment for X and it would take us y time, or we could just replace the old infected equipment with new for less. We suggest you just replace the old stuff, it's cheaper/faster/better."

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    4. Re:Infecting HD BIOS, other flash? by Fencepost · · Score: 1

      Because at the end of one expenditure they have an aging computer and at the end of the other they have something if not new then at least much newer.

      The end of Windows XP was a great example - I had customers who still had some XP boxes that were perfectly capable of running Windows 7 - PentiumM/Core/Core2 systems with 1-2 GB of RAM, etc. Adding RAM and purchasing a license for Win7Pro for those then installing, updating, installing software, etc. for 1-3 PCs per office wasn't something I could recommend to customers even though the end result would have been the same cost to them as just getting a new or off-lease machine preinstalled with Win7Pro. The cost to them would have been pretty comparable in either case, and the benefit to me in billable hours would have been higher for upgrading, but it's not something I'd do to my customers.

      Think of it as the equivalent of fiduciary duty.

      --
      fencepost
      just a little off
    5. Re:Infecting HD BIOS, other flash? by edis · · Score: 1

      Not relevant in this case, as without professionally researching what exactly had happened, there is no point just exposing more of replacement equipment to the same unclear problem.

      --
      Servant of karma
    6. Re:Infecting HD BIOS, other flash? by Fencepost · · Score: 1

      I strongly suspect that if they're doing this kind of wholesale replacement they're going to be doing a lot more hardening of it, particularly in terms of communications between sites, etc.

      They know the current system is infected, that they can't clean it (because they can still see signs of the active infection), and that effectively they're reduced to paper or ad hoc replacements to avoid using the infected system.

      Given a choice between A) work with it as-is B) Let separate groups that can't do "A" come up with their own separate workarounds or C) Replace it all, probably leaving out all the "we can't block this because of X, Y and Z" since X, Y and Z are all being replaced.

      In some ways it's almost like reinstalling your entire OS every year or two to clear out all the cruft, it's just on a much larger scale.

      --
      fencepost
      just a little off
  10. This is the modern reality. by WSOGMM · · Score: 4, Informative

    The reality of today is that, if you communicate any secrets, you must consider the possibility of your communications being tapped/intercepted. It is even possible that hardware is compromised before you even buy it.

    With backdoors, BIOS hacking and packet sniffing being part of the daily talk on slashdot, you have to be prepared to communicate end-to-end with multiple levels of pre-planned encryption. That said, I don't think I've ever said anything that needs that much security, but a nation-state might have.

    1. Re:This is the modern reality. by Torodung · · Score: 2

      Yup. "State of the art" keeps moving forward in malware. It may well outpace security research. That's the reality. Who's next? Who can best address this issue? Do we need to fundamentally redesign computer systems with a security first mindset, and how long will that last against tomorrow's threats?

      I don't know who started the cyberwar, but I do know that the West is fully committed to perpetrating it, especially the US. Even against our own people. This was bound to come round and bite us in the ass. You reap what you sow.

    2. Re:This is the modern reality. by TheGratefulNet · · Score: 3, Interesting

      you buy a cpu chip and you get the instruction set manual. you write code to that and your code runs.

      are you sure that you are talking to hardware, or is there a virtual jail you are in and can't even know it?

      some think that intel chips are like that and what 99.999% of us see is the virtual layer that we're 'allowed' to see.

      can you prove it one way or the other? can you be sure? intel (etc) pumps out so many variations of cpu and so often, who could know?

      more tinfoil: you might submit a chip design, but is that absolutely what you are getting back? for those that could tell the diff, is their allegiance bought off?

      things are too complex. we can't know many of these things. sad but true.

      you can't do anything about hidden layers but you can design apps, networks and storage so that you assume bad behavior and make sure that it does not ruin your day. currently, WE DON'T DO THIS, and I'm of the mind that we should. assume all hardware is booby trapped and go from there. there is no other way to be secure in your systems and data. and it will costs lots of redundancy and intentional variety (if you even can do that, I'm not entirely sure it can be done) but if we don't, we really can't say we have 'trusted' computing. not in the personal sense of trust.

      --

      --
      "It is now safe to switch off your computer."
  11. Free computers by penguinoid · · Score: 3, Funny

    If you explain the situation, the NSA would be glad to give you some free computers for your parliament.

    --
    Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
    1. Re:Free computers by bobbied · · Score: 1

      If you explain the situation, the NSA would be glad to give you some free computers for your parliament.

      Don't they have some now that their program has been scaled back?

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    2. Re:Free computers by 93+Escort+Wagon · · Score: 1

      If you explain the situation, the NSA would be glad to give you some free computers for your parliament.

      The computers were shipped a week ago - they overheard Ms. Merkel talking about the issue on her cell phone.

      --
      #DeleteChrome
    3. Re:Free computers by Ryanrule · · Score: 1

      also, if you want some backups, they have them going back years. of course, the german intel service is the one who supplied them to the nsa...

  12. Re: Are these the Germans... by Anonymous Coward · · Score: 1

    Oh look mummy! A troll....

  13. Good Luck With That! by Irate+Engineer · · Score: 1

    TLA spyware is probably baked right into the hardware these days. Their hardware will probably run better and they won't generally detect it. Out of sight, out of mind, right?

    --

    Left MS Windows for Linux Mint and never looked back!

    Vote for Bernie in 2016!

  14. Re:This would never have happened under Hitler! by Anonymous Coward · · Score: 1

    That wasn't a real computer.

  15. Question... by Feral+Nerd · · Score: 1

    Germans suspect that the Russian foreign intelligence service SVR is behind the attack. On Thursday, the parliament will discuss how to address the situation.

    So if this isn't enough, what constitutes an act of war these days?

    1. Re:Question... by bobbied · · Score: 1

      Germans suspect that the Russian foreign intelligence service SVR is behind the attack. On Thursday, the parliament will discuss how to address the situation.

      So if this isn't enough, what constitutes an act of war these days?

      You got to say "I break with thee.. I break with thee!" and then throw doggy dodo on their shoes to make it official...

      (Anybody know where that quote comes from?)

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    2. Re:Question... by bobbied · · Score: 1

      Correct... You can stay on my lawn because you are old enough.... The rest of you can scram before I call the McKinney police...

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  16. Getting a new computer to stop malware... by netsavior · · Score: 3, Insightful

    Getting a new computer to stop malware is like getting a new car because you refuse to buckle your seatbelt.

  17. Re:Are these the Germans... by markdavis · · Score: 4, Insightful

    >"Are these the Germans that cut over to Linux a few years ago, saving a 'ton' of money?"

    No, these are the Germans that did not and are now still suffering with tons of malware...

  18. They don't trust their own security services. by godel_56 · · Score: 4, Interesting
    From TFA:

    Parliamentarians will have to decide if they want to call in the help of counterintelligence experts from the Bundesamt für Verfassungsschutz (BfV), the domestic intelligence service of Germany.
    Some members of parliament have expressed concerns about the involvement of the BfV, Der Spiegel reported. Some are also refusing help from the foreign intelligence service, the Bundesnachrichtendienst, because the agency would gain access to the legislative process. Armin Schuster, a member of parliament for the CDU, criticized those concerns.

    Schuster told Der Spiegel that he thinks it is “crazy” that some would rather be spied upon by a foreign intelligence agency then letting their own agencies help.

    Heh, they're afraid that one set of taps would probably be replaced with another, which would probably be cc'ed to the CIA.

    1. Re:They don't trust their own security services. by Luckyo · · Score: 1

      The problem is that BfV is hopelessly penetrated by US intelligence, as news in Germany has been in last few months. It's a huge scandal, where reporters blew in the open the fact that BfV was basically helping US intelligence spy on everything and everyone in Germany, ranging from Chancellor herself to straight up industrial espionage of German companies.

      There has been a massive government effort to sweep these news under the rug, which suggests that BfV managed to get some very heavy dirt on almost everyone major in the political system, all the way to Merkel herself and then passed it on to US intelligence.

    2. Re:They don't trust their own security services. by Anonymous Coward · · Score: 1

      Nope, that wasn't the BfV, but the BND. Different animals, altogether

    3. Re:They don't trust their own security services. by Luckyo · · Score: 1

      I stand corrected.

  19. WTF? by kosmosik · · Score: 4, Insightful

    This article is so full of WTF I just can't belive it. I guess it is some form of poor translation of german source.

    1) All software and hardware in the German parliamentary network might need to be replaced.

    So they will replace all servers, routers, switches etc.? Or just client machines?

    2) Trojans introduced to the Bundestag network are still working and are still sending data from the internal network to an unknown destination

    So maybe just fucking block all outbound traffic from the Bundestag network and enable it back on a white list basis like it should be anyway?

    3) In May, parliament IT specialists discovered hackers were trying to infiltrate the network.

    Just fucking WOW! Shouldn't it be an assumption (that hacker are trying to inflitrate government network) not a discover?

    4) Some are also refusing help from the foreign intelligence service, the Bundesnachrichtendienst, because the agency would gain access to the legislative process.

    I guess the legislative *process* should not be a secret to anyone?

    IMO this is just some bullshit article citing politicians not technical piece. I guess it is really hard to work for any central government bureau since *any* of your action no matter sane or stupid will be judged not by technical merits but by political fucking around. I really do pity the actual IT staff behind this mess.

    1. Re:WTF? by Anonymous Coward · · Score: 1

      I'm German, the translation is correct and reflects exactly what is says on all (german) news pages. I had all these WTF moments before... For the german parliament, the internet is simply Neuland (reclaimed land, quote from Angela Merkel some months ago..)

    2. Re:WTF? by kosmosik · · Score: 1

      But these statements that "entire network needs to be replaced" - who said that? Their CIO or just some politician (probably from the opposition)? I *really* find it hard to belive that in order to secure your network you need to replace ALL THE HARDWARE. Such statements (REPLACE ALL THE HARDWARE) just prove that the staff (or person issuing such statements) have no idea how the breach came to life. And if they have no idea what makes them think that replacing hardware (not security policies, not the staff, not the systems, not the software) would solve the problem?

    3. Re:WTF? by WillAffleckUW · · Score: 1

      Just make sure they don't replace the printers. Those are the ones being used to root the network.

      --
      -- Tigger warning: This post may contain tiggers! --
    4. Re:WTF? by Anonymous Coward · · Score: 1

      The current generation of rootkit might not be simply erased by formatting the hard drives. I as a german totally support the idea of abandoning every piece of Hardware used and replacing it with a (sturdier | homemade | uncommon ) equivalent.

    5. Re:WTF? by kosmosik · · Score: 1

      Maybe just put all printers in separated VLAN and allow client access them only via print servers?

    6. Re:WTF? by aberglas · · Score: 1

      There is no reliable way to factory reset modern hardware.

      Everything is programmable. Everything is flashable. Everything is ridiculously complex, ugly, and impossible to really understand. And the Rusians are good at hacking -- those long hard winters.

      What I hope is that they when buy new hardware they specify that it must be truely factory resetable. That means new designs, the current stuff is useless. It would create a much overdue market.

      If you want real security use paper.

    7. Re:WTF? by aberglas · · Score: 1

      So that the printers have to be able to corrupt the print servers before attacking the clients?

  20. network partitioning/firewalls by Virtucon · · Score: 2

    I call BS. Their parliament is not partitioned and isolated behind firewalls so they can at least drop the malicious outgoing / incoming traffic at the perimeter?
    They don't have a spy agency capable of tracking this down and at least isolating it?
    There's no competent network/system admins?

    It's one thing to acknowledge you've been exposed, it's another to let it continue. Maybe they do deserve to be hacked.

    --
    Harrison's Postulate - "For every action there is an equal and opposite criticism"
    1. Re:network partitioning/firewalls by kosmosik · · Score: 1

      > I call BS.

      I call it too.

      > There's no competent network/system admins?

      I was once working under a guy trained in CS at Bundeswehr (German Federal Defence) and I recall this guy as the most sane CIO I happen to work with. It may be just the one guy was sane or more likely that his training was OK. Nevertheless in such scenario you do not relay on belief that your staff is competent - you just hire external auditing/security company to assure you (or not) about that. And that is what that guy would to. This has nothing to do with trust - it is IMO a good practice - have some guys that control each other.

    2. Re:network partitioning/firewalls by evilrip · · Score: 1

      AFAIK There is a history of hacking into german state networks by all sorts of people over the years: Everything from vandalism to espionage. While firewall and IDS and so forth are all theoretically nice things, the theory could be incomplete: 0day can happen to anyone. Identifying exploits in binary streams over the network can be quite difficult, as they can be encrypted, encoded, obfuscated, and often times are just using vanilla functionality to leverage a bug that _nobody_ knows about and this is mighty hard to find. The sad fact of the matter is that many, if not most, of people in charge of security couldn't exploit a buffer overflow so save their lives. They have little to no understanding of the underlying mechanics of attacks and are dependent on high level (snake oil) tools from 3rd party vendors to even have a fighting chance to see what is going on. Everyone talks a big game and yet the core of hackers in the world who know their stuff is nowhere near as big as the number of people in the info-sec industry, obviously someone is incompetent. Google is right: Finding bugs, well worthwhile bugs, is hard. It wouldn't be an art if it wasn't. It's fun tho :)

      --
      "To err is human, to forgive, beyond the scope of the Operating System"
  21. Proven solution by Anonymous Coward · · Score: 1

    They did this in my previous school. Some PCs got infected with adware/toolbars. So they replaced the PCs instead of cleaning them (which would have been more expensive apparently, they pay an external IT company by the hour). Needless to say, the new ones were also infected in a few days.

  22. Take the Battlestar Galactica approach by davidwr · · Score: 1

    Some tasks that may just be too sensitive to put on non-isolated networks except in extreme, carefully-controlled circumstances.

    If you don't get the reference,

    1) see https://scifi.stackexchange.co... .
    2) What are you doing on Slashdot?

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  23. Re:This would never have happened under Hitler! by WillAffleckUW · · Score: 1

    Why do you think IBM had so much money?

    --
    -- Tigger warning: This post may contain tiggers! --
  24. Should have used Kapersky.. by Irate+Engineer · · Score: 1

    Should have used Kapersky..

    Oh, wait...nevermind

    --

    Left MS Windows for Linux Mint and never looked back!

    Vote for Bernie in 2016!

  25. Re:This would never have happened under Hitler! by JBMcB · · Score: 1

    It's Turing complete. It's a computer.

    --
    My Other Computer Is A Data General Nova III.
  26. Comment removed by account_deleted · · Score: 1

    Comment removed based on user account deletion

  27. Sourceforge by sls1j · · Score: 3, Funny

    So they downloaded the GIMP from Sourceforge I see.

  28. Critical government computers by ChrisMaple · · Score: 2

    Don't connect the computers to the internet. Eliminate all inputs to computers (except for desktop systems, where they hardwire the keyboard and mouse.) Requests for information outside the network are sent to IT, and IT sanitizes all data that goes into or out of the system.

    Government security means lives, this is no place for half measures.Legislators need to learn that they have to put up with the nuisances of a truly secure system.

    --
    Contribute to civilization: ari.aynrand.org/donate
    1. Re:Critical government computers by Anonymous Coward · · Score: 1

      Government security means lives, this is no place for half measures.

      It's the parliament, not the executive administration.

  29. So how is that DRM in hardware working out? by thogard · · Score: 3, Insightful

    If they can't remove it, it is because they can't find it. They can't find it because it is living in the boot processor code or the firmware of io devices or both.

    The best place to hide unremovable firmware is in the protected boot code of the boot processor that is only there to provide for security control for the DRM subsystem.

    There have been talks each of the last few years at Breakpoint about how broken the boot firmware is. Maybe now people will start to take notice.

    1. Re:So how is that DRM in hardware working out? by guruevi · · Score: 3, Interesting

      Or they're just incompetent. There is to date not a single virus in the wild that uses boot processor code or device firmware (plenty of proof of concepts). The problem being is that if you target a firmware, you a) have to know very well what you're doing and b) any platform differences across devices render your exploit unusable and c) it generally doesn't have a method of spreading itself. Works well if you're targeting an embedded platform and you know they're all the same (eg. PLC's for uranium centrifuges) but doesn't work very well for 10-years worth of every model Dell, HP, Acer and Gateway computer out there.

      It's simple incompetence solved by a boot disk that wipes the hard drive without interacting with it. But 'oh noes, save my documents because we haven't made backups for the last 2 decades' and the virus is right back the minute the user logs in.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
  30. Re:Are these the Germans... by markdavis · · Score: 4, Insightful

    I doubt anyone on Slashdot believes any platform is invulnerable to malware. But if the shoe fits wear it- MS-Windows is perhaps more than a thousand times more prone to malware than Linux in the real world.

  31. Re:Are these the Germans... by bobstreo · · Score: 2

    Are these the Germans that cut over to Linux a few years ago, saving a 'ton' of money?

    Probably not, most linux machines have little use for MSI installers.

  32. The Greens want to revert to open source software by nickweller · · Score: 5, Interesting

    'The Greens in the German parliament want the Foreign Ministry to revert back to open source software solutions on its workstations. The ministry in 2010 abandoned its open source desktop strategy, pressured by staffers struggling with interoperability problems. The Greens are now asking the ministry to justify the proprietary licence costs it has made since then.'

  33. How do they know it's the Russians, not NSA?? by Taco+Cowboy · · Score: 2

    or, you virtualize it??

    Talk about virtualization ...
     
    Who was the one tapping into Angela Merkel's phone?

    NSA or the Russians?

    Since they can't even get rid of the thing how in the world they know that thing came from Russia, not NSA?

    I always thought the Germans are equipped with critical thinking skill, apparently I couldn't be more wrong

    --
    Muchas Gracias, Señor Edward Snowden !
    1. Re: How do they know it's the Russians, not NSA?? by allcoolnameswheretak · · Score: 1

      We have always been at war with Eastasia

      FTFY

    2. Re:How do they know it's the Russians, not NSA?? by dave420 · · Score: 1

      Your arrogance is simply astounding.

  34. Industry should outlaw reprogrammable roms by WaffleMonster · · Score: 1

    If a component ever needs new firmware it should be provided by the operating system when subsystem is initialized never to be stored anywhere except the systems main persistent store.

    This is a no-brainer win-win for everyone. Manufacturers reduce risk associated with firmware updates and reduce costs from smaller bill of materials.

    Users win by retaining the ability to recover from ownage by wiping persistent storage.

    Also please enough of the computers within computers crap. I'm looking at you Intel. Vendors never bother properly maintaining and most of these systems are defective by design.

    1. Re:Industry should outlaw reprogrammable roms by guruevi · · Score: 1

      You really have no idea how complex the software is that runs on some embedded devices? A simple hard drive has an OS in and of itself just to maintain your high speed caches. Firmware is generally not the problem though, and it isn't here either. Reprogramming the firmware to do anything useful (streaming data out of a network port it doesn't have) is nigh impossible.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    2. Re:Industry should outlaw reprogrammable roms by WaffleMonster · · Score: 1

      You really have no idea how complex the software is that runs on some embedded devices? A simple hard drive has an OS in and of itself just to maintain your high speed caches. Firmware is generally not the problem though, and it isn't here either. Reprogramming the firmware to do anything useful (streaming data out of a network port it doesn't have) is nigh impossible.

      It seems there may be confusion on my point. The point is not to ban firmware. The point is you no longer persist firmware *changes* in field reprogrammable roms. Instead any updates are loaded into volatile memory at boot just like an Intel CPU Microcode update.

      Reprogramming the firmware to do anything useful (streaming data out of a network port it doesn't have) is nigh impossible.

      The execution environment of the system is based on data obtained from those very same disk drives. It defies belief an adversary with state level money and time on their hands couldn't inject whatever they wanted into the running operating environment.

  35. Change the hardware and the operating system. by Maxo-Texas · · Score: 1

    Whatever they are currently using- the new system should be different.

    If windows- go with linux or apple.
    If apple- go with linux or windows.
    If linux- go with apple or windows.

    Or even consider a less common OS which has a working email client and can compile libre office.

    --
    She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
  36. Hidden Malware by Whiteox · · Score: 5, Interesting

    Ok so a machine came into the shop with a pile of BHOs and other malware. I did the normal scans, found 96 of them, cleaned them up and everything ok. A specific malware site came back. Now I did rootkit scans, in depth scans. Nothing found but Chrome and Firefox was clean, only IE 10 suffered.
    Busting my brains on this, I set home page to be null. Worked ok except when IE was restarted. Nothing in the registry, services, hidden files/folders that could account for this. Everytime I started IE, back it came.
    So thinking logically I realised that there was no malware on the system and that IE was calling it somehow when it loaded. A few minutes later I discovered that the shortcut link was appended with a http address to the malware site! A very simple infection that no amount of scanning could fix.

    --
    Don't be apathetic. Procrastinate!
    1. Re:Hidden Malware by BlackPignouf · · Score: 1

      Holy shit!
      Thanks a lot for the explanation. This happened to my parents a month ago, and I couldn't understand why everything looked clean, but IE was somehow infected.
      I removed every link to IE I found, and put a big Firefox icons everywhere they could be looking for Internet.

    2. Re:Hidden Malware by Whiteox · · Score: 1

      Just edit the properties of the shortcut, or better still, delete the shortcut and make a new one.

      --
      Don't be apathetic. Procrastinate!
  37. Replace everything by the same thing, sure ... by Gunstick · · Score: 2

    Replacing all windows7 installs by new windows7 installs will for sure remove the possibility of the same malware hitting again. DOH!
    Maybe change platform.
    There are 2 other OS to consider, MacOS and Linux.

    An important organization should always have 2 completely different platforms.
    Not only 2 different browsers on the same OS, but different OS. And by different I don't mean a Microsoft-different who state the XP is not NT and is not Win7. It's all windows!
    Same goes for Linux, where redhat or debian is not different, it stays Linux. Sunos may be different.

    --
    Atari rules... ermm... ruled.
    1. Re:Replace everything by the same thing, sure ... by bhiestand · · Score: 1

      Replacing all windows7 installs by new windows7 installs will for sure remove the possibility of the same malware hitting again. DOH!
      Maybe change platform.
      There are 2 other OS to consider, MacOS and Linux.

      An important organization should always have 2 completely different platforms.
      Not only 2 different browsers on the same OS, but different OS. And by different I don't mean a Microsoft-different who state the XP is not NT and is not Win7. It's all windows!
      Same goes for Linux, where redhat or debian is not different, it stays Linux. Sunos may be different.

      double the admin costs, half the interoperability... for an increased attack surface and a higher increased zero-day count on any given day?

      The way I see it, the problem isn't that % of workstations are infected. The problem is that all their data are belong to someone else. I think they'd be better off rearchitecting and rethinking things than mixing OSes for the sake of diversifying IT.

      --
      SWM seeks new sig for a brief fling
  38. Watch the finger pointing... by Anonymous Coward · · Score: 1

    So.... It's like "we don't know where the data is being sent to, but it must be the Russians"?

    Of course, Angela Merkel wouldn't want to get any dirt on her American friends, since they still have yet to reveal how widespread NSA snooping on German populace really was.

    I'm pretty much sure fingers were too quickly, too easily pointed eastwards without actually looking for the real culprit.

  39. They can't trace the source???? by kilodelta · · Score: 1

    Have they ever heard of Netstat, TCPDump, Wireshark, etc? Jesus Christ on a stick.

  40. Re:Ach! by Maritz · · Score: 1

    The neckbeard must be electrolysed immediately. Not shaved obviously.

    --
    I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
  41. Re:Are these the Germans... by Maritz · · Score: 1

    You don't do your point of view a great service by posting something so easily refuted.

    --
    I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
  42. Re: Are these the Germans... by kenh · · Score: 1

    Except "those Germans" that thought going to Linux would save them a ton of money are now going back to Windows. Apparently they found the investment involved in maintaining a 'free' operating environment too much work/too expensive.

    Huh.

    http://microsoft-news.com/germ...

    --
    Ken
  43. The usual thing: Amateurs at work. by Qbertino · · Score: 1

    We all know this: IT setups vital to work but so unprofessional words fail to describe it.

    I would smack around the people responsible so hard, they would have their head still spinning when the IT setup has been completely redone.
    I consider it bizar that taxpayers money and national security is put to risk by idiots running the parliaments IT.
    This is material for some legal repercussions by the President of the Bundestag IMHO.
    He should shaft the MPs so hard they never dare to do something like this again.

    My 2 cents.

    --
    We suffer more in our imagination than in reality. - Seneca
  44. Re:Are these the Germans... by dave420 · · Score: 1

    1. No
    2. No.
    3. No.

    So much nonsense in one post. Incredible. I'm sure everything else you say is equally awesome, and will listen intently to every word you say. /s

  45. Re:This would never have happened under Hitler! by JBMcB · · Score: 2

    Correction: With minor hacking it's Turing complete:

    https://en.wikipedia.org/wiki/...

    --
    My Other Computer Is A Data General Nova III.
  46. now is the time to get secured by WindBourne · · Score: 1

    Seriously, they would be smart to have equipment from the west, and move to Linux. They already have done that elsewhere and know what it takes.

    --
    I prefer the "u" in honour as it seems to be missing these days.
  47. Re:Are these the Germans... by MooseTick · · Score: 1

    "MS-Windows is perhaps more than a thousand times more prone to malware than Linux in the real world"

    Perhaps because it is 1000 times more likely to be user in the real world?

    --
    Ninjas don't carry tic tacs
  48. Windows by CauseBy · · Score: 1

    Stop using Windows. Problem 85% solved. Then work on the other 15%.

  49. Re: Are these the Germans... by markdavis · · Score: 1

    I am sure microsoft-news.com will give all the accurate info about what was happening and why.... not

  50. Re:Are these the Germans... by rdnetto · · Score: 1

    pfft. You've never managed a Linux web server. Especially one running gawd damned wordpress.

    Judging by the entries in my log files, a very simple but effective mitigation technique would be to run wordpress under a path like /blog instead of the root directory - most attempts are just blindly searching for vulnerabilities at the default path.

    --
    Most human behaviour can be explained in terms of identity.
  51. Re: Are these the Germans... by kenh · · Score: 1

    The conclusion was the Microsoft was a bit off with the numbers in its calculations, 17 million is way too low, that would only be the cost to upgrade from NT to XP with upgrade licenses. It doesn't include the cost for new hardware, the hours spend to upgrade, and more importantly the cost to upgrade to newer version of Windows since XP is no longer supported.

    You don't have any experience with Microsoft corporate licensing, do you?

    Microsoft doesn't have different license prices for different desktop OSes, they only offer licenses for current OSes, with downgrade rights to the previous version or two. For example, a desktop license sold today would cover Windows 8.1, with downgrade rights to Windows 7 (and maybe Vista). That same license, sold today (June 23rd, 2015) would entitle the purchaser to upgrade to Windows 10 after July 29th, or keep running Win 8.1, and Win 7 (but maybe not Vista).

    I can't speak to hardware upgrade costs, I assume the City of Munich has refreshed their hardware once or twice during this ten year experiment, and I further assume some portion of their current desktops could support Win 8.1 currently, some could probably be upgraded to support Win 8.2, and still some others would need to be replaced.

    When you sign an agreement with MS, you are licensing the software for a 12 month period - in education,the environment I'm familiar with, an annual desktop license is about $35/yr, and includes not only the current desktop OS but also the current MS Office version, with downgrade rights for both. I would assume a commercial desktop license to run about twice that number, but that is just a guess.

    --
    Ken