Slashdot Mirror

← Back to Stories (view on slashdot.org)

German Parliament May Need To Replace All Hardware and Software To Stop Malware

Posted by samzenpus on from the wiping-it-clean dept.

jfruh writes: Trojan spyware has been running on computers in the German parliament for over four weeks, sending data to an unknown destination; and despite best efforts, nobody's been able to remove it. The German government is seriously considering replacing all hardware and software to get rid of it. From the ITWorld article: "After the attack, part of the parliament’s traffic was routed over the federal government’s more secure data network by the Federal Office For Information Security, Der Spiegel reported. Some Germans suspect that the Russian foreign intelligence service SVR is behind the attack. On Thursday, the parliament will discuss how to address the situation."

13 of 189 comments (clear)

  1. Sure by Travis+Mansbridge · · Score: 5, Insightful

    They'll replace everything, then one person will plug in their phone over USB to put some emails on their new workstation and it'll begin all over again.

    1. Re:Sure by monkeyzoo · · Score: 4, Insightful

      Seems they should track down the source of any possible hardware infections before replacing all hardware. A) So they can better understand the threat and how it was perpetrated. And B) So they can, as you say, make sure they don't reinfect themselves.

      It is hard enough to purge a single computer of tenacious malware, let alone an entire network!!

    2. Re:Sure by mlts · · Score: 4, Insightful

      They need to look at their network's topology as well. One compromised network segment shouldn't allow an attacker complete and unfettered access to everything else.

      WAN-wise, they should look at building something like SIPRNet or NIPRNet so as little traffic as possible is on the Internet, even flying over a VPN. The ideal is physically separate cables and leased lines, coupled with some form of IPSec so that it would be very difficult for someone to set up a rogue machine and attack that network. Long term, it might be wise to even consider a different protocol than IP just because it would make hidden routers or bridges a lot more difficult.

      There are other tools that come to mind. App-V and Citrix for example, which would allow people to access and use an application, but not physically copy the data or access the OS directly on the application servers. Not a 100% solution, but it is a way to keep things separated.

      Reversing this concept, there might be offices that need to have no machines on the Internet, but workers can use App-V, RDP, or Citrix to access a terminal server so they can browse the web on a virtual desktop that cannot access the physical internal machines.

      There are a lot of security tools that are usable. VDI comes to mind as an extension to virtualization. Virtualization goes without saying because it separates what programs run on from the hardware, so if a VM is compromised, there is still a hypervisor to punch through before hardware can be re-flashed and attacked.

      The trick is defense in depth, be it at the desktop level (for machines that are terminals used by numerous people, a utility like DeepFreeze is useful), at the network topo level (so a compromise in Receiving doesn't trash Finance), at the network appliance level, the server level, and of course, the HUMINT factor with policies, and physical security.

  2. Parliament will discuss this? by CrimsonAvenger · · Score: 4, Insightful

    Hmm, might make a bit more sense to have their IT guys discuss this. It's not like your average MP (or whatever they call them in Germany) knows squat about computer problems....

    --

    "I do not agree with what you say, but I will defend to the death your right to say it"
    1. Re:Parliament will discuss this? by Opportunist · · Score: 4, Funny

      They'll probably outlaw trojans infecting government PCs and that solves the issue.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  3. Re:This would never have happened under Hitler! by xxxJonBoyxxx · · Score: 4, Informative

    >> No computers in 1945...

    Turn in your geek card.
    (http://www.computerhistory.org/timeline/?category=cmptr - see the entry about the Z3 in 1941)

  4. This is the modern reality. by WSOGMM · · Score: 4, Informative

    The reality of today is that, if you communicate any secrets, you must consider the possibility of your communications being tapped/intercepted. It is even possible that hardware is compromised before you even buy it.

    With backdoors, BIOS hacking and packet sniffing being part of the daily talk on slashdot, you have to be prepared to communicate end-to-end with multiple levels of pre-planned encryption. That said, I don't think I've ever said anything that needs that much security, but a nation-state might have.

  5. Re:Are these the Germans... by markdavis · · Score: 4, Insightful

    >"Are these the Germans that cut over to Linux a few years ago, saving a 'ton' of money?"

    No, these are the Germans that did not and are now still suffering with tons of malware...

  6. They don't trust their own security services. by godel_56 · · Score: 4, Interesting
    From TFA:

    Parliamentarians will have to decide if they want to call in the help of counterintelligence experts from the Bundesamt für Verfassungsschutz (BfV), the domestic intelligence service of Germany.
    Some members of parliament have expressed concerns about the involvement of the BfV, Der Spiegel reported. Some are also refusing help from the foreign intelligence service, the Bundesnachrichtendienst, because the agency would gain access to the legislative process. Armin Schuster, a member of parliament for the CDU, criticized those concerns.

    Schuster told Der Spiegel that he thinks it is “crazy” that some would rather be spied upon by a foreign intelligence agency then letting their own agencies help.

    Heh, they're afraid that one set of taps would probably be replaced with another, which would probably be cc'ed to the CIA.

  7. WTF? by kosmosik · · Score: 4, Insightful

    This article is so full of WTF I just can't belive it. I guess it is some form of poor translation of german source.

    1) All software and hardware in the German parliamentary network might need to be replaced.

    So they will replace all servers, routers, switches etc.? Or just client machines?

    2) Trojans introduced to the Bundestag network are still working and are still sending data from the internal network to an unknown destination

    So maybe just fucking block all outbound traffic from the Bundestag network and enable it back on a white list basis like it should be anyway?

    3) In May, parliament IT specialists discovered hackers were trying to infiltrate the network.

    Just fucking WOW! Shouldn't it be an assumption (that hacker are trying to inflitrate government network) not a discover?

    4) Some are also refusing help from the foreign intelligence service, the Bundesnachrichtendienst, because the agency would gain access to the legislative process.

    I guess the legislative *process* should not be a secret to anyone?

    IMO this is just some bullshit article citing politicians not technical piece. I guess it is really hard to work for any central government bureau since *any* of your action no matter sane or stupid will be judged not by technical merits but by political fucking around. I really do pity the actual IT staff behind this mess.

  8. Re:Are these the Germans... by markdavis · · Score: 4, Insightful

    I doubt anyone on Slashdot believes any platform is invulnerable to malware. But if the shoe fits wear it- MS-Windows is perhaps more than a thousand times more prone to malware than Linux in the real world.

  9. The Greens want to revert to open source software by nickweller · · Score: 5, Interesting

    'The Greens in the German parliament want the Foreign Ministry to revert back to open source software solutions on its workstations. The ministry in 2010 abandoned its open source desktop strategy, pressured by staffers struggling with interoperability problems. The Greens are now asking the ministry to justify the proprietary licence costs it has made since then.'

  10. Hidden Malware by Whiteox · · Score: 5, Interesting

    Ok so a machine came into the shop with a pile of BHOs and other malware. I did the normal scans, found 96 of them, cleaned them up and everything ok. A specific malware site came back. Now I did rootkit scans, in depth scans. Nothing found but Chrome and Firefox was clean, only IE 10 suffered.
    Busting my brains on this, I set home page to be null. Worked ok except when IE was restarted. Nothing in the registry, services, hidden files/folders that could account for this. Everytime I started IE, back it came.
    So thinking logically I realised that there was no malware on the system and that IE was calling it somehow when it loaded. A few minutes later I discovered that the shortcut link was appended with a http address to the malware site! A very simple infection that no amount of scanning could fix.

    --
    Don't be apathetic. Procrastinate!