Slashdot Mirror

← Back to Stories (view on slashdot.org)

German Parliament May Need To Replace All Hardware and Software To Stop Malware

Posted by samzenpus on from the wiping-it-clean dept.

jfruh writes: Trojan spyware has been running on computers in the German parliament for over four weeks, sending data to an unknown destination; and despite best efforts, nobody's been able to remove it. The German government is seriously considering replacing all hardware and software to get rid of it. From the ITWorld article: "After the attack, part of the parliament’s traffic was routed over the federal government’s more secure data network by the Federal Office For Information Security, Der Spiegel reported. Some Germans suspect that the Russian foreign intelligence service SVR is behind the attack. On Thursday, the parliament will discuss how to address the situation."

38 of 189 comments (clear)

  1. Sure by Travis+Mansbridge · · Score: 5, Insightful

    They'll replace everything, then one person will plug in their phone over USB to put some emails on their new workstation and it'll begin all over again.

    1. Re:Sure by monkeyzoo · · Score: 4, Insightful

      Seems they should track down the source of any possible hardware infections before replacing all hardware. A) So they can better understand the threat and how it was perpetrated. And B) So they can, as you say, make sure they don't reinfect themselves.

      It is hard enough to purge a single computer of tenacious malware, let alone an entire network!!

    2. Re:Sure by mikael · · Score: 2, Interesting

      Given that it is possible implant spyware into the BIOS, the firmware of graphics boards and micro-controllers of hard disk drives, replacing hardware is the only solution.

      --
      Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
    3. Re:Sure by TheGratefulNet · · Score: 2

      or, you virtualize it??

      not sure if that's better or worse. maybe its just sideways. sometimes, that can be good enough, though!

      --

      --
      "It is now safe to switch off your computer."
    4. Re:Sure by gweihir · · Score: 2

      Indeed. It also seems that some people are unwilling to let experts look at their computers. No surprise this is not stopping.

      It should also be noted that Germany is one of the countries where arrogance has long since replaced actual skill on government level.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    5. Re:Sure by mlts · · Score: 4, Insightful

      They need to look at their network's topology as well. One compromised network segment shouldn't allow an attacker complete and unfettered access to everything else.

      WAN-wise, they should look at building something like SIPRNet or NIPRNet so as little traffic as possible is on the Internet, even flying over a VPN. The ideal is physically separate cables and leased lines, coupled with some form of IPSec so that it would be very difficult for someone to set up a rogue machine and attack that network. Long term, it might be wise to even consider a different protocol than IP just because it would make hidden routers or bridges a lot more difficult.

      There are other tools that come to mind. App-V and Citrix for example, which would allow people to access and use an application, but not physically copy the data or access the OS directly on the application servers. Not a 100% solution, but it is a way to keep things separated.

      Reversing this concept, there might be offices that need to have no machines on the Internet, but workers can use App-V, RDP, or Citrix to access a terminal server so they can browse the web on a virtual desktop that cannot access the physical internal machines.

      There are a lot of security tools that are usable. VDI comes to mind as an extension to virtualization. Virtualization goes without saying because it separates what programs run on from the hardware, so if a VM is compromised, there is still a hypervisor to punch through before hardware can be re-flashed and attacked.

      The trick is defense in depth, be it at the desktop level (for machines that are terminals used by numerous people, a utility like DeepFreeze is useful), at the network topo level (so a compromise in Receiving doesn't trash Finance), at the network appliance level, the server level, and of course, the HUMINT factor with policies, and physical security.

    6. Re:Sure by rtb61 · · Score: 2

      Likely they do and they a pretty furious about it but for reasons of diplomacy they are saying nothing. They are making the issue quite public in a passive aggressive way to inform those responsible how much it will all cost and letting them know there will be repercussions. Problem with NSA back doors, once the show up in traffic other players can trace them back in, find and exploit the hole in security. Especially once the discover it in their own equipment and say nothing but seek to make use of it where they have found it elsewhere in the world, NSA effectively makes them a gift of the exploit (well done NSA). This likely ties in with that other story that US tech manufacturers are no longer trusted as a result of the actions of the US government this under the control of US corporations and are losing revenue, trickle to turn into a flood.

      --
      Chaos - everything, everywhere, everywhen
  2. Parliament will discuss this? by CrimsonAvenger · · Score: 4, Insightful

    Hmm, might make a bit more sense to have their IT guys discuss this. It's not like your average MP (or whatever they call them in Germany) knows squat about computer problems....

    --

    "I do not agree with what you say, but I will defend to the death your right to say it"
    1. Re:Parliament will discuss this? by Opportunist · · Score: 4, Funny

      They'll probably outlaw trojans infecting government PCs and that solves the issue.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:Parliament will discuss this? by Sique · · Score: 2

      The Germans call them MdB (Mitglied des Bundestages).

      --
      .sig: Sique *sigh*
    3. Re:Parliament will discuss this? by Opportunist · · Score: 2

      What they forget is that there is one important difference between politicians and engineers: Laws engineers come up with CANNOT be broken.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    4. Re:Parliament will discuss this? by bobbied · · Score: 2

      Naw. REAL engineers knows that anything can be broken. Same for politicians and lawyers.

      Support real people.

      Well... I'm an engineer and I don't agree. You won't be breaking the 2nd law of thermodynamics any time soon... However...

      That's not to say laws often cannot be OVERCOME by the application of effort, time and money in sufficient quantities.

      For instance, the law of gravity says that things fall down.... But if you try hard enough and apply enough resources, you can overcome that and build an airplane... Or launch something into deep space, never to return...

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  3. Re:This would never have happened under Hitler! by xxxJonBoyxxx · · Score: 4, Informative

    >> No computers in 1945...

    Turn in your geek card.
    (http://www.computerhistory.org/timeline/?category=cmptr - see the entry about the Z3 in 1941)

  4. Russia by Anonymous Coward · · Score: 2, Funny

    Phew...I was worried for a moment it might have been the USA. Good to know they are limiting themselves to only tapping Merkels phone.

  5. Re: This would never have happened under Hitler! by kenh · · Score: 3, Informative

    Uh, check your history - the German government used many of what were called at the time computers to keep track of their progress on certain 'projects'. IBM supplied the machinery...

    It was punched card tabulators, sorters, and printers, but they were programmed (arranged/wired) to perform calculations.

    --
    Ken
  6. Re: Are these the Germans... by kenh · · Score: 3, Informative

    Oh, they are switching back to Windows...

    http://microsoft-news.com/germ...

    --
    Ken
  7. This is the modern reality. by WSOGMM · · Score: 4, Informative

    The reality of today is that, if you communicate any secrets, you must consider the possibility of your communications being tapped/intercepted. It is even possible that hardware is compromised before you even buy it.

    With backdoors, BIOS hacking and packet sniffing being part of the daily talk on slashdot, you have to be prepared to communicate end-to-end with multiple levels of pre-planned encryption. That said, I don't think I've ever said anything that needs that much security, but a nation-state might have.

    1. Re:This is the modern reality. by Torodung · · Score: 2

      Yup. "State of the art" keeps moving forward in malware. It may well outpace security research. That's the reality. Who's next? Who can best address this issue? Do we need to fundamentally redesign computer systems with a security first mindset, and how long will that last against tomorrow's threats?

      I don't know who started the cyberwar, but I do know that the West is fully committed to perpetrating it, especially the US. Even against our own people. This was bound to come round and bite us in the ass. You reap what you sow.

    2. Re:This is the modern reality. by TheGratefulNet · · Score: 3, Interesting

      you buy a cpu chip and you get the instruction set manual. you write code to that and your code runs.

      are you sure that you are talking to hardware, or is there a virtual jail you are in and can't even know it?

      some think that intel chips are like that and what 99.999% of us see is the virtual layer that we're 'allowed' to see.

      can you prove it one way or the other? can you be sure? intel (etc) pumps out so many variations of cpu and so often, who could know?

      more tinfoil: you might submit a chip design, but is that absolutely what you are getting back? for those that could tell the diff, is their allegiance bought off?

      things are too complex. we can't know many of these things. sad but true.

      you can't do anything about hidden layers but you can design apps, networks and storage so that you assume bad behavior and make sure that it does not ruin your day. currently, WE DON'T DO THIS, and I'm of the mind that we should. assume all hardware is booby trapped and go from there. there is no other way to be secure in your systems and data. and it will costs lots of redundancy and intentional variety (if you even can do that, I'm not entirely sure it can be done) but if we don't, we really can't say we have 'trusted' computing. not in the personal sense of trust.

      --

      --
      "It is now safe to switch off your computer."
  8. Free computers by penguinoid · · Score: 3, Funny

    If you explain the situation, the NSA would be glad to give you some free computers for your parliament.

    --
    Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
  9. Getting a new computer to stop malware... by netsavior · · Score: 3, Insightful

    Getting a new computer to stop malware is like getting a new car because you refuse to buckle your seatbelt.

  10. Re:Are these the Germans... by markdavis · · Score: 4, Insightful

    >"Are these the Germans that cut over to Linux a few years ago, saving a 'ton' of money?"

    No, these are the Germans that did not and are now still suffering with tons of malware...

  11. They don't trust their own security services. by godel_56 · · Score: 4, Interesting
    From TFA:

    Parliamentarians will have to decide if they want to call in the help of counterintelligence experts from the Bundesamt für Verfassungsschutz (BfV), the domestic intelligence service of Germany.
    Some members of parliament have expressed concerns about the involvement of the BfV, Der Spiegel reported. Some are also refusing help from the foreign intelligence service, the Bundesnachrichtendienst, because the agency would gain access to the legislative process. Armin Schuster, a member of parliament for the CDU, criticized those concerns.

    Schuster told Der Spiegel that he thinks it is “crazy” that some would rather be spied upon by a foreign intelligence agency then letting their own agencies help.

    Heh, they're afraid that one set of taps would probably be replaced with another, which would probably be cc'ed to the CIA.

  12. WTF? by kosmosik · · Score: 4, Insightful

    This article is so full of WTF I just can't belive it. I guess it is some form of poor translation of german source.

    1) All software and hardware in the German parliamentary network might need to be replaced.

    So they will replace all servers, routers, switches etc.? Or just client machines?

    2) Trojans introduced to the Bundestag network are still working and are still sending data from the internal network to an unknown destination

    So maybe just fucking block all outbound traffic from the Bundestag network and enable it back on a white list basis like it should be anyway?

    3) In May, parliament IT specialists discovered hackers were trying to infiltrate the network.

    Just fucking WOW! Shouldn't it be an assumption (that hacker are trying to inflitrate government network) not a discover?

    4) Some are also refusing help from the foreign intelligence service, the Bundesnachrichtendienst, because the agency would gain access to the legislative process.

    I guess the legislative *process* should not be a secret to anyone?

    IMO this is just some bullshit article citing politicians not technical piece. I guess it is really hard to work for any central government bureau since *any* of your action no matter sane or stupid will be judged not by technical merits but by political fucking around. I really do pity the actual IT staff behind this mess.

  13. network partitioning/firewalls by Virtucon · · Score: 2

    I call BS. Their parliament is not partitioned and isolated behind firewalls so they can at least drop the malicious outgoing / incoming traffic at the perimeter?
    They don't have a spy agency capable of tracking this down and at least isolating it?
    There's no competent network/system admins?

    It's one thing to acknowledge you've been exposed, it's another to let it continue. Maybe they do deserve to be hacked.

    --
    Harrison's Postulate - "For every action there is an equal and opposite criticism"
  14. Sourceforge by sls1j · · Score: 3, Funny

    So they downloaded the GIMP from Sourceforge I see.

  15. Critical government computers by ChrisMaple · · Score: 2

    Don't connect the computers to the internet. Eliminate all inputs to computers (except for desktop systems, where they hardwire the keyboard and mouse.) Requests for information outside the network are sent to IT, and IT sanitizes all data that goes into or out of the system.

    Government security means lives, this is no place for half measures.Legislators need to learn that they have to put up with the nuisances of a truly secure system.

    --
    Contribute to civilization: ari.aynrand.org/donate
  16. So how is that DRM in hardware working out? by thogard · · Score: 3, Insightful

    If they can't remove it, it is because they can't find it. They can't find it because it is living in the boot processor code or the firmware of io devices or both.

    The best place to hide unremovable firmware is in the protected boot code of the boot processor that is only there to provide for security control for the DRM subsystem.

    There have been talks each of the last few years at Breakpoint about how broken the boot firmware is. Maybe now people will start to take notice.

    1. Re:So how is that DRM in hardware working out? by guruevi · · Score: 3, Interesting

      Or they're just incompetent. There is to date not a single virus in the wild that uses boot processor code or device firmware (plenty of proof of concepts). The problem being is that if you target a firmware, you a) have to know very well what you're doing and b) any platform differences across devices render your exploit unusable and c) it generally doesn't have a method of spreading itself. Works well if you're targeting an embedded platform and you know they're all the same (eg. PLC's for uranium centrifuges) but doesn't work very well for 10-years worth of every model Dell, HP, Acer and Gateway computer out there.

      It's simple incompetence solved by a boot disk that wipes the hard drive without interacting with it. But 'oh noes, save my documents because we haven't made backups for the last 2 decades' and the virus is right back the minute the user logs in.

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
  17. Re:Are these the Germans... by markdavis · · Score: 4, Insightful

    I doubt anyone on Slashdot believes any platform is invulnerable to malware. But if the shoe fits wear it- MS-Windows is perhaps more than a thousand times more prone to malware than Linux in the real world.

  18. Re:Infecting HD BIOS, other flash? by Fencepost · · Score: 3, Interesting

    SURELY there is somebody who has enough knowledge and skill to do it

    Absolutely there are people who could find all of it, and it may be possible to build or find a combination of tools to address all of the possible hiding spots they're able to think of. The problem is that those skilled people don't scale. As for the tool suite, while someone's attempting to assemble it, someone else is working hard at evading what's going into the suite - and even if they do put something effective together fast, how much confidence will there be that it actually got everything? It's like running a hastily cobbled together antivirus package on an already-infected system.

    XKCD 1425 is actually somewhat relevant here in that a cleaning solution is that research team project, but Germany doesn't have the time to wait for it - better to EOL some equipment 2-5 years early and replace it than to wait for a solution that won't be available until have of that equipment would be EOL anyway.

    And frankly, it's like something I tell my customers probably too often for my wallet's good: "I can fix it and I'd love to have you pay me to do so, but it's not worth you paying for my time to do so when we can replace it for around the same cost."

    --
    fencepost
    just a little off
  19. Re:Are these the Germans... by bobstreo · · Score: 2

    Are these the Germans that cut over to Linux a few years ago, saving a 'ton' of money?

    Probably not, most linux machines have little use for MSI installers.

  20. Re:Infecting HD BIOS, other flash? by bobbied · · Score: 3, Insightful

    Maybe this is the best approach, but I'd be wary about just launching a wholesale "replace it all" approach unless I knew a couple of things first.

    1. What the problem was, exactly, and where did it come from in general...

    2. How it spreads around...

    3. That the thing is contained...

    Further, before I go and start ripping out stuff to replace it, I'd want to be 100% sure that the problem will NOT infect the new hardware and systems. So when someone starts saying we have to replace stuff to get rid of this problem that's infected it, I start to get dubious.. But if like you, they say something along the lines of "Well, we could remove it from your current equipment for X and it would take us y time, or we could just replace the old infected equipment with new for less. We suggest you just replace the old stuff, it's cheaper/faster/better."

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  21. The Greens want to revert to open source software by nickweller · · Score: 5, Interesting

    'The Greens in the German parliament want the Foreign Ministry to revert back to open source software solutions on its workstations. The ministry in 2010 abandoned its open source desktop strategy, pressured by staffers struggling with interoperability problems. The Greens are now asking the ministry to justify the proprietary licence costs it has made since then.'

  22. How do they know it's the Russians, not NSA?? by Taco+Cowboy · · Score: 2

    or, you virtualize it??

    Talk about virtualization ...
     
    Who was the one tapping into Angela Merkel's phone?

    NSA or the Russians?

    Since they can't even get rid of the thing how in the world they know that thing came from Russia, not NSA?

    I always thought the Germans are equipped with critical thinking skill, apparently I couldn't be more wrong

    --
    Muchas Gracias, Señor Edward Snowden !
  23. Hidden Malware by Whiteox · · Score: 5, Interesting

    Ok so a machine came into the shop with a pile of BHOs and other malware. I did the normal scans, found 96 of them, cleaned them up and everything ok. A specific malware site came back. Now I did rootkit scans, in depth scans. Nothing found but Chrome and Firefox was clean, only IE 10 suffered.
    Busting my brains on this, I set home page to be null. Worked ok except when IE was restarted. Nothing in the registry, services, hidden files/folders that could account for this. Everytime I started IE, back it came.
    So thinking logically I realised that there was no malware on the system and that IE was calling it somehow when it loaded. A few minutes later I discovered that the shortcut link was appended with a http address to the malware site! A very simple infection that no amount of scanning could fix.

    --
    Don't be apathetic. Procrastinate!
  24. Replace everything by the same thing, sure ... by Gunstick · · Score: 2

    Replacing all windows7 installs by new windows7 installs will for sure remove the possibility of the same malware hitting again. DOH!
    Maybe change platform.
    There are 2 other OS to consider, MacOS and Linux.

    An important organization should always have 2 completely different platforms.
    Not only 2 different browsers on the same OS, but different OS. And by different I don't mean a Microsoft-different who state the XP is not NT and is not Win7. It's all windows!
    Same goes for Linux, where redhat or debian is not different, it stays Linux. Sunos may be different.

    --
    Atari rules... ermm... ruled.
  25. Re:This would never have happened under Hitler! by JBMcB · · Score: 2

    Correction: With minor hacking it's Turing complete:

    https://en.wikipedia.org/wiki/...

    --
    My Other Computer Is A Data General Nova III.