Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Got Malware? Get a Hammer!

timothy posted about a year ago | from the sorry-but-it's-the-only-way dept.

Government 254

FuzzNugget writes "After the Economic Development Administration (EDA) was alerted by the DHS to a possible malware infection, they took extraordinary measures. Fearing a targeted attack by a nation-state, they shut down their entire IT operations, isolating their network from the outside world, disabling their email services and leaving their regional offices high and dry, unable to access the centrally-stored databases. A security contractor ultimately declared the systems largely clean, finding only six computers infected with untargeted, garden-variety malware and easily repaired by reimaging. But that wasn't enough for the EDA: taking gross incompetence to a whole new level, they proceeded to physically destroy $170,500 worth of equipment (PDF), including uninfected systems, printers, cameras, keyboards and mice. After the destruction was halted — only because they ran out of money to continue smashing up perfectly good hardware — they had racked up a total of $2.3 million in service costs, temporary infrastructure acquisitions and equipment destruction."

Sorry! There are no comments related to the filter you selected.

Economic Development Administration? (1, Flamebait)

ArcadeMan (2766669) | about a year ago | (#44224981)

Sounds more like Fucking Retards Money Wasting Administration to me.

Re:Economic Development Administration? (2, Insightful)

ArcadeMan (2766669) | about a year ago | (#44225041)

And why the hell would there be $2.3 million in service costs to destroy $170,500 worth of equipment?

Re:Economic Development Administration? (2)

gl4ss (559668) | about a year ago | (#44225075)

And why the hell would there be $2.3 million in service costs to destroy $170,500 worth of equipment?

best buddy system.

that's why.

Re:Economic Development Administration? (3, Informative)

egamma (572162) | about a year ago | (#44225729)

And why the hell would there be $2.3 million in service costs to destroy $170,500 worth of equipment?

RTFS.

service costs, temporary infrastructure acquisitions and equipment destruction

Or, RTFA for the details:

The total cost to the taxpayer of this incident was $2.7 million: $823,000 went to the security contractor for its investigation and advice, $1,061,000 for the acquisition of temporary infrastructure (requisitioned from the Census Bureau), $4,300 to destroy $170,500 in IT equipment, and $688,000 paid to contractors to assist in development a long-term response. Full recovery took close to a year.

Still outrageously stupid, but I think $4,300 to destroy $170,500 is a reasonable cost. I think the other costs--the ones with 6 or 7 figures--are the ones you should focus on.

But really, isn't giving US companies #2.3 million what the Economic Development Administration is supposed to be doing anyways? Better than spending it on the salaries for these government employees.

Re:Economic Development Administration? (1, Funny)

Anonymous Coward | about a year ago | (#44225153)

Which part of "Microsoft product" did you not understand?

Re:Economic Development Administration? (1)

omnichad (1198475) | about a year ago | (#44225233)

The actual destruction costs were only: $4,300 (still too much). The rest of that price tag is the total cost of doing the destruction - temporary infrastructure and so on. Not sure why a temporary replacement would cost 10x what was being replaced, though. Still plenty of government waste in the story.

Re:Economic Development Administration? (5, Insightful)

Tridus (79566) | about a year ago | (#44225291)

Because, RTFA?

"The total cost to the taxpayer of this incident was $2.7 million: $823,000 went to the security contractor for its investigation and advice, $1,061,000 for the acquisition of temporary infrastructure (requisitioned from the Census Bureau), $4,300 to destroy $170,500 in IT equipment, and $688,000 paid to contractors to assist in development a long-term response. Full recovery took close to a year."

Re:Economic Development Administration? (1)

JDG1980 (2438906) | about a year ago | (#44225379)

And why the hell would there be $2.3 million in service costs to destroy $170,500 worth of equipment?

From the original article:

The total cost to the taxpayer of this incident was $2.7 million: $823,000 went to the security contractor for its investigation and advice, $1,061,000 for the acquisition of temporary infrastructure (requisitioned from the Census Bureau), $4,300 to destroy $170,500 in IT equipment, and $688,000 paid to contractors to assist in development a long-term response. Full recovery took close to a year.

So it "only" cost them $4,300 to destroy the equipment, but over $1 million to continue working after the damage. And they wasted an additional $1.5 million paying various "contractors" who apparently didn't know what they were doing.

Re:Economic Development Administration? (2)

FuzzNugget (2840687) | about a year ago | (#44225457)

And they wasted an additional $1.5 million paying various "contractors" who apparently didn't know what they were doing.

Or maybe they did, if you get my drift.

Re:Economic Development Administration? (3, Insightful)

Impy the Impiuos Imp (442658) | about a year ago | (#44225583)

Yeah baby, it's a great way to stimulate the economy. We know whst gets done is less important than things get done, and money gets pushed from person to person.

Buying computers to destroy employs people, as does destroying them. Hell, what we should do is just increase taxes and hire the tens of millions of unemployed to dig ditches and then fill them back in over and over.

Re:Economic Development Administration? (1)

isopropanol (1936936) | about a year ago | (#44225669)

obligatory Zorg [youtube.com] speech

Re:Economic Development Administration? (1)

Anonymous Coward | about a year ago | (#44225043)

Sounds more like Fucking Retards Money Wasting Administration to me.

Are there any other kinds?

Re:Economic Development Administration? (1)

amiga3D (567632) | about a year ago | (#44225073)

The feds are pretty much incompetent at almost everything. The only thing that works is Department of Defense who's primary purpose is to blow things apart. Even they can't seem to buy new hardware without 3000% cost over runs although I think that's actually more of a corruption thing. All we need now is to completely federalize health care which should do wonders for ending the danger of overpopulation.

Re:Economic Development Administration? (2, Informative)

Anonymous Coward | about a year ago | (#44225287)

Most cost overruns are due to scope creep. Customer solicits bids, contractors bid, one wins, shortly after contract is awarded the customer changes requirements.

General cycle is:
Customer asks if they can change a requirement
Contractor says it'll cost $$$ (usually a pretty big number, because many requirements are difficult to change after you've architected your system to the original requirements)
Customer says "sure"
Costs skyrocket.

As an example, with the last presidential helicopter.
Government requested bids
Companies submitted bids
Lockheed won
Shortly after contract award, White House came up with a list of "we need this, this, and this, or THE TERRORISTS WILL WIN!" - effectively wanting to transform the new aircraft from an executive transport aircraft to a flying tank
Lockheed gave a pretty big number because these new requirements blew the original weight budget of the selected aircraft
Customer said "sure"
Aircraft now needs uprated engines, an improved transmission, strengthened rotors, etc. - original bid was a minimally modified airframe, just avionics systems integration.
Costs went through the roof.

Re:Economic Development Administration? (1)

benjfowler (239527) | about a year ago | (#44225389)

Changing requirements from fickle customer will do that every time.

That story is told over, and over and over again. Why is this ever news?

Re:Economic Development Administration? (2)

Entropius (188861) | about a year ago | (#44225819)

A bit OT, but:

It seems to be a symptom of some underlying pathology in a democracy when so much effort is put into protecting the head of government. At least in the ideal it doesn't matter who is president; they're ultimately a representative of the popular will and, to first order, one will do just as well as the next. There is even ideological continuity, since the vice president is selected by the president (you couldn't shoot Bush to end the Iraq war, since then you'd get Cheney). Historically assassinations have had little effect on the policy course of the nation. From the perspective of the citizenry, getting a president shot is really not all that big of a deal -- we just elect a new one and go about our way. This isn't saying that we should have no security around POTUS, but it seems rather disingenuous to pay for massive security for him, with its huge cost and disruption to people's lives, when that money, invested in health care or education or police presence in the worst neighborhoods, would reduce the death rate far more than the reduction in the (already small) assassination rate provided by the presidential security apparatus.

Re:Economic Development Administration? (2)

Tridus (79566) | about a year ago | (#44225317)

The feds are over reliant on contractors for everything. Contractors are there to just milk as much money as they can out of the system. They do a pretty good job.

Re:Economic Development Administration? (5, Insightful)

mellon (7048) | about a year ago | (#44225409)

Yup. Likely what happened here is that the million-dollar security contractors gave the advice to do this bug hunt in the first place, and then provided the temporary replacement infrastructure, and walked away from the whole fiasco with a tidy profit. The reason this happens is because the government isn't generally allowed to hire people to do work like this, because "private industry is better." Of course, this sort of private industry is just a mechanism for siphoning off tax dollars, and the people who believe that hiring government employees to do government work is wasteful are actually responsible for fiascos like this, which are depressingly common.

Even when the contractors aren't crooked, the cost of employing them instead of federal employees is typically several times higher. But "corporations good, government wasteful." If we keep repeating that long enough maybe it will come true.

Re:Economic Development Administration? (0)

the_B0fh (208483) | about a year ago | (#44225955)

Hey, you don't believe that even if you lose money per unit, you can make it up on volume?! What is wrong with you?!

Re:Economic Development Administration? (5, Informative)

Anonymous Coward | about a year ago | (#44225361)

Devil's advocate:

I've worked at private companies, for education institutions, in the public sector, and in the Federal government. None are perfect, none are completely horri-bad.

All places have had those people who I had zero clue what their function was, but they always had a nice office.

It is easy to pick on government, but go to almost any work environment, and you will find the same thing.

Re:Economic Development Administration? (1)

ArsonSmith (13997) | about a year ago | (#44225571)

the main difference when things go bad either people get fired or businesses go under, in government when things go bad those people with no real job get raises.

Re:Economic Development Administration? (3, Insightful)

Chickan (1070300) | about a year ago | (#44225753)

Not always true. I've seen many incompetent people continue to get promoted in industry. The government ones just get more press.

So just like private industry, then. (0)

Anonymous Coward | about a year ago | (#44225865)

George W was removed for incompetence and lost the company he worked for several times and had no real job. And he moved on from each catastrophe to the next one with a pay rise.

The Guiness Directors were done for fraud and one who went to prison was diagnosed with Alzheimers therefore released on compassionate grounds (since the state would leave him living a life for only a few years more), but was later found out to merely have the APPEARANCE of severe and advanced alzheimers.

And despite being a jail bird fraudster who's brain was nonfunctioning beyond basic motor control to the opinion of a medical practitioner of full standing, he got another job as a director within weeks of being let free.

Re:Economic Development Administration? (0)

Anonymous Coward | about a year ago | (#44225569)

And that exactly one of the key items in Agenda 21, eliminating the overpopulation. If that can be carried out by creating a grossly expensive and incompetent medical system that loses more lives than it saves while paying contractors huge amounts of money in the process, it's a WIN-WIN.

Agenda 21 is not, as is popularly believed, a system of eco-socialism being imposed on the world. It is actually run by the banks. It's actually an eco-plutocracy.

Re:Economic Development Administration? (-1)

Anonymous Coward | about a year ago | (#44225881)

The feds are pretty much incompetent at almost everything.

That depends on the people at the top. When Katrina hit, FEMA's response was a clusterfuck, because its head was not qualified to do the job; he was a political crony chosen by an incompetent President who believed, as you do, that "government is always the problem and never the solution." We voted for change because of the previous President's utterly shameful incompetence, but unfortunately we got little change. had the Republicans not nominated the primary enemy of the 99%, a wall street pirate whose riches were from inheretance and impoverishing the middle class, maybe we would have gotten someone better than Obama. When your choice is between Donald Duck and Hannibal Lecter, who do you vote for? The duck, of course.

Competence and incompetence both start at the top. If the CEO is a moron, it doesn't matter how smart his employees are, the company will fail. If the CEO is competent he will assemble a competent team. It goes for any organization, including the Federal government.

The only thing that works is Department of Defense who's primary purpose is to blow things apart.

That's whose. "Who's" is a contraction for "who is". If you're going to comment on an English language messageboard, learn written English or be thought uneducated. But as to the statement, how about the IRS? They seem to do an excellent job. In fact, you can't back your assertion up at all. My dad's pretty happy with his Medicare. The interstate highway system is pretty damned good, an I've driven on most of it. In fact, besides FEMA under Bush, name a government agency that's showed any incompetence?

Re:Economic Development Administration? (0)

Anonymous Coward | about a year ago | (#44225095)

I wouldn't say that. They seems to be extremely effective at promoting the economic development of South Korea and other hardware manufacturers's countries. I'm also sure if you dig deep enough, you'll find a few American citizen which benefit from this act. Try the relatives and friends of said administration's management, and so on...

Re:Economic Development Administration? (1)

dsparil (844576) | about a year ago | (#44225199)

According to the article, DHS overstated the severity of the problem and corrected themselves later. Of course, everyone remembers the false report and never the correction. God knows what EDA was told by DHS at first.

Re:Economic Development Administration? (3, Insightful)

timeOday (582209) | about a year ago | (#44225309)

Either that or the hardware was outdated and/or soon-to-be replaced anyways (like the CRT photo in the accompanying story), so they just went with the upgrade instead of spending money to verify old stuff.

Any IT upgrade could be spun exactly like this story, if you wanted... "why did you get a new mouse with that new system, the old one was working perfectly fine and now it's going in the trash!"

mission accomplished!! (1)

swschrad (312009) | about a year ago | (#44225403)

economic development spurred by almost two and a half million dollars, and a few hammers... we'll have the complete story live at 10.

Re:Economic Development Administration? (1)

synapse7 (1075571) | about a year ago | (#44225483)

Possibly, or were they trying to hide something substantial?

Re:Economic Development Administration? (2)

ArsonSmith (13997) | about a year ago | (#44225521)

Hopefully they'll be the ones in charge of healthcare.

Re:Economic Development Administration? (0)

Anonymous Coward | about a year ago | (#44225991)

Sounds more like Fucking Retards Money Wasting Administration to me.

Oh, come now, you can't fully blame them for this. It's just the confusing terminology involved. They were simply told they had to quarantine the computers that had malware on them, but unfortunately, the only definition of "quarantine" they ever learned related to the government's standard procedure on how to treat human beings with an "unknown" infection they need to cover up*. It's an easy mistake to make, clearly.

*: Citation: Any zombie movie ever made. Those ARE all documentaries, right?

Not entirely incompetent (1)

Anonymous Coward | about a year ago | (#44224999)

Have you seen the things that have been popping up on slashdot over the past couple years? USB drives in mice, intrusion software in power strips and keyboards, and more.

Re:Not entirely incompetent (2)

gl4ss (559668) | about a year ago | (#44225049)

Have you seen the things that have been popping up on slashdot over the past couple years? USB drives in mice, intrusion software in power strips and keyboards, and more.

I don't think in this scale though. I suppose it drives the economy though - which is to say that they should seriously check what kind of benefits the guy in charge was receiving from their vendor-to-be.

Re:Not entirely incompetent (0)

Anonymous Coward | about a year ago | (#44225203)

I suppose it drives the economy though

It souds like Windows was already broken though...

Re:Not entirely incompetent (1)

omnichad (1198475) | about a year ago | (#44225279)

Sure, it's possible. But there were 6 infected workstations. No reason to believe it wasn't cleaned up. Instead, $170,000 in equipment was destroyed. I think they skipped a step somewhere. They were being thorough, but they also caused more damage than the malware.

Re:Not entirely incompetent (1)

Ultracrepidarian (576183) | about a year ago | (#44225449)

Kind of like the way a handful of terrorists with 19 box cutters and 19 one-way airline tickets brought down the most powerful country on the planet.

Re:Not entirely incompetent (3, Insightful)

localman57 (1340533) | about a year ago | (#44225497)

No reason to believe it wasn't cleaned up.

If they truly believe that it was the work of a nation-state, there is every reason to think it isn't cleaned up. Stuxnet didn't even reside just in computers. It infected programmable logic controllers attached to centrifuges, and then could re-infect computers on the network after they've been cleaned. If you really believe that Russia, or China has really compromised their network, and you have information that's worth more than a million dollars to them, then you should assume that everything (printers, routers, video-conferencing equipment, everything with a jack, plus the bios of all your computers) may be infected.

People tend to view $170,000 as a lot of money. But it's not. Computers for office workers can easily run under $1000. Hourly labor to clean things may be $50 per hour when you include overhead and benefits. And you're not even sure you got rid of the infection. If you mostly run apps that are resident on hardened servers, use imaging to make it easy to deploy new PCs, and don't have a lot of high end hardware, it may make sense to just replace everything with clean hardware. Honestly, for departments where you do think that there's stuff that sophisticated attackers may want, it may make sense to occasionally do this kind of purge occasionally even if you don't know there's been an attack. Take a look at the Sony Playstation breach for an idea of what getting compromised can cost. It's a hell of a lot more than $170,000.

Re:Not entirely incompetent (1)

omnichad (1198475) | about a year ago | (#44225599)

But the infection was already determined to be common malware before they started destroying things.

Re:Not entirely incompetent (1)

localman57 (1340533) | about a year ago | (#44225639)

That's the point. If you have low tech, script kiddie type malware, which you found, it means that you were very, very vulnerable to uncommon, highly targeted malware. The stealthy kind that even nuclear physicists don't notice.

Wow! (5, Funny)

Enry (630) | about a year ago | (#44225003)

You mean I get to release my pent-up anger by destroying physical systems *and* get paid a boatload of money to do it? Where do I sign up?

Re:Wow! (1)

chill (34294) | about a year ago | (#44225051)

... *and* get paid a boatload of money to do it?

You sound like you actually read the report. Of the $2.74 million spent, close to $1.5 million was on contractors.

PC Load Letter? (1, Funny)

Overzeetop (214511) | about a year ago | (#44225629)

WTF?

We Still Have a Budget for This Crap... (3, Insightful)

Anonymous Coward | about a year ago | (#44225005)

... and yet I'm still furloughed on Friday...

Outdated Equipment (4, Insightful)

Anonymous Coward | about a year ago | (#44225015)

It sounds like they were using this as an excuse to buy new equipment, so they destroyed extra equipment hoping that someone would allow them to chalk up the expense to the virus and thus give them shiny new stuff.

Re:Outdated Equipment (1)

K. S. Kyosuke (729550) | about a year ago | (#44225039)

Or it was the IT equivalent of a German wedding.

Re:Outdated Equipment (1)

GodInHell (258915) | about a year ago | (#44225119)

It sounds like they were using this as an excuse to buy new equipment, so they destroyed extra equipment hoping that someone would allow them to chalk up the expense to the virus and thus give them shiny new stuff.

That was my first thought as well. Particularly given the picture associated with the article is an old 13 or 14" NEC tube monitor.

Re:Outdated Equipment (1)

emho24 (2531820) | about a year ago | (#44225245)

... old 13 or 14" NEC tube monitor

HA! I read the article thinking about such monumental waste of taxpayer money, but after I saw the old 50lb crt I felt empathy for their technology rage. I enjoy a good smashing of cheap electronic crap as much as the next guy.

Re:Outdated Equipment (2)

drainbramage (588291) | about a year ago | (#44225367)

1> Take almost new 24 inch flat screen home
2> Bring old CRT to the office as replacement
3> Have taxpayers pay to destroy the evidence
4> Get brand new flat screen at work
5> profit!

This is just more evidence of the systemic indulgence attitude that permeates big government.
Hey IRS, ever find those receipts you lost?

Re:Outdated Equipment (1)

omnichad (1198475) | about a year ago | (#44225293)

Must have been really shiny - it cost them over $1,000,000 to replace $107,000 in destroyed equipment.

Re:Outdated Equipment (1)

Lumpy (12016) | about a year ago | (#44225427)

Government computers, all of them are chromed.

Re:Outdated Equipment (3, Funny)

K. S. Kyosuke (729550) | about a year ago | (#44225535)

I thought that government computers were usually IE6ed?

Re:Outdated Equipment (1)

mellon (7048) | about a year ago | (#44225439)

That's because the price of computers has been rising over time, doubling roughly every 1.5 years.

Oh, wait, I got the numerator and the denominator reversed. Dammit!

Shutting down one entire government agency? (3, Insightful)

jeffb (2.718) (1189693) | about a year ago | (#44225045)

Sounds like a good start.

Re:Shutting down one entire government agency? (1)

Impy the Impiuos Imp (442658) | about a year ago | (#44225597)

Why do you want firemen to not have oxygen masks?

Re:Shutting down one entire government agency? (0)

jeffb (2.718) (1189693) | about a year ago | (#44225677)

Because using my tax dollars to buy them conflicts with my deeply-held faith in the phlogiston theory. Teach The Controversy!

Re:Shutting down one entire government agency? (1)

TheCarp (96830) | about a year ago | (#44225911)

Perhaps because for every dollar generated by the desire to have oxygen masks for firefighters, only a fraction of a penny goes towards the firefighters and equipment, whereas 20 cents goes to the military to buy equipment they don't need and prepare for wars they don't need to fight, and the rest gets split between poorly run social programs and interest on the debt that, no matter how much they get, keeps rising.

Overall, more lives, globally, would be saved by not funding their wars than by equiping the firemen.
So maybe we need to take the hit and not be as protected, so others can actually live.

Couldn't they just have nuked the site from orbit. (5, Funny)

Serif (87265) | about a year ago | (#44225055)

You know, to be sure?

garden-variety malware (3, Funny)

Errol backfiring (1280012) | about a year ago | (#44225059)

Will that infect my lawnmower? I'd better destroy it then before it gets dangerous...

Re:garden-variety malware (2)

tgd (2822) | about a year ago | (#44225607)

Will that infect my lawnmower? I'd better destroy it then before it gets dangerous...

You should get a shovel and double check ... your lawn may be full of worms.

Re:garden-variety malware (1)

K. S. Kyosuke (729550) | about a year ago | (#44225773)

Will that infect my lawnmower?

No, but it could infect your lawnmower man. No great loss anyway, though.

missed their target (0)

Anonymous Coward | about a year ago | (#44225065)

If you smash computers you are going to be developing China's economy. Better smash up some US products next time.

A Ripleydyne Security LLC Whitepaper! (2, Funny)

fuzzyfuzzyfungus (1223518) | about a year ago | (#44225077)

Best Practices:

1. Take off and nuke the site from orbit, it's the only way to be sure.

Re:A Ripleydyne Security LLC Whitepaper! (0)

Anonymous Coward | about a year ago | (#44225329)

And yet I'm sure in the same breath you'd tell people that their system, once infected by a virus, is ultimately compromised. Without having the right knowledge and equipment to really analyze things on the level that Secure Boot is supposed to "protect" us from (I use that term as loosely as possible because I doubt Microsoft's motives in that department), some change could have been made to the virus scanner...the operating system...hell, even the firmware, then it would be nigh undetectable except by a specialist.

As funny as the story sounds, from an IT department perspective, if you were concerned about a serious security compromise that could have affected any piece of equipment in the building...what would you do? What's your best recommendation if this is the worst one?

Re:A Ripleydyne Security LLC Whitepaper! (3, Insightful)

fuzzyfuzzyfungus (1223518) | about a year ago | (#44225739)

Oh, don't get me wrong, I'm combining my love for Alien and my inexplicable whoring for 'funny' upmods(that don't even net me the 'karma' I don't care about), rather than phoning in a reliable 'insightful' rant about THem Gummunit Union Beurocrats! in part because it amuses me more, and in part because (especially if your hardware is old shit) a sledgehammer is probably the best approach if you actually think that a state-caliber attacker is on your ass(for larger jobs consider a shredder [ssiworld.com] rather than a hammer).

In this specificcase, given that their analysis found only a small quantity of chickenshit malware, and because the EDA is kind of a low-priority target for the really cool attacks, I strongly suspect that it was an overrreaction(and, if it wasn't an overreaction, doing more aggressive analysis, in order to better understand the adversary's capabilities, in terms of OS, Application, and hardware/firmware level malware would have been more responsible than just shredding it all).

That said, though, you'd be hard pressed to be paranoid enough about the potential for even seemingly innocuous devices, in the hands of a capable attacker, to be malicious. The BIOS has had slightly unnerving powers ever since SMM [wikipedia.org] ; but these days it's a second OS, more or less, USB devices are highly likely to be full, potentially reprogrammable, devices that are just implementing whatever they are supposed to be in software(OEM cost-cutting reduces the risk that there would be space/power to hide anything really cool; but some pretty weedy microcontrollers can handle being whatever flavor of USB slave device they are set to emulate. Even monitors get a full i2c bus for DDC, no idea how well your graphics driver, occupying its position of relative privilege within the system, watches that interface...

I would say that they screwed up, because if they genuinely suspected the worst, shredding the evidence rather than analyzing it is unhelpful in preventing future attacks, and if they didn't suspect the worst, dumping clean images on the systems and getting on with life would have been a lot cheaper; but it is true that, if you suspect a genuinely capable attacker, you are sufficiently fucked that just burning it with fire is probably the cheapest option...

Re:A Ripleydyne Security LLC Whitepaper! (0)

Anonymous Coward | about a year ago | (#44225435)

They mostly come at night. Mostly.

Re:A Ripleydyne Security LLC Whitepaper! (1)

omnichad (1198475) | about a year ago | (#44225481)

The infection could have come from the outside - they really need to destroy all the computers on the Internet.

Re:A Ripleydyne Security LLC Whitepaper! (1)

JBMcB (73720) | about a year ago | (#44225809)

And destroy all computer manufacturing facilities. And burn all books about computer science, so nobody accidentally builds another computer.

that's how u.s. government "develops" (2)

rubycodez (864176) | about a year ago | (#44225081)

like how we developed Iraq, destroy good infrastructure so contractors with gov officials in their pockets make a pile of money

or how government has developed inner cities over the past few decades, making fodder for the huge prison system business and food stamp system etc.

Re:that's how u.s. government "develops" (1, Informative)

Anonymous Coward | about a year ago | (#44225239)

A person once told me, if you country is in ruins, pick a fight with the US. They will destroy your country but build it up better than it was before, truer words never spoken.

Re:that's how u.s. government "develops" (1)

rubycodez (864176) | about a year ago | (#44225719)

if you don't mind a few hundred thousand dead innocent civilians, being owned by the western banking/petro-dollar cartel, being told whom you'll do import/export with, being subject to U.S. intellectual property cartels, having all your countries comm going through the NSA/CIA, and having your government saying "how high" on the way up when Washington DC says "jump"....why it's a great deal

Just another example (1)

cyberchondriac (456626) | about a year ago | (#44225093)

Just another example of why totally and blindly trusting big government with your tax dollars is not well advised. What do they care? They treat that income as totally disposable. Tax money is like Doritos, tax payers like Frito-Lay corp: "They'll make more" (obscure reference to an old advertising campaign for Doritos)

Obligatory.. (1)

snowball21 (2186378) | about a year ago | (#44225113)

Obligatory :) [youtube.com]

Id10T error at its finest! (2)

Greg01851 (720452) | about a year ago | (#44225115)

With users like this, who needs Malware?

Greater Things (0)

Anonymous Coward | about a year ago | (#44225131)

Good to see the gov. is taking things seriously.

Maybe they'll find out that some officials are corrupt, and systematically dispose of them all?

Re:Greater Things (1)

gl4ss (559668) | about a year ago | (#44225273)

Good to see the gov. is taking things seriously.

Maybe they'll find out that some officials are corrupt, and systematically dispose of them all?

You mean like night of the long knives?

breaking windows (0)

Anonymous Coward | about a year ago | (#44225147)

Economic Development Agency: developing the economy by breaking windows.

the discourse as it stood (5, Funny)

nimbius (983462) | about a year ago | (#44225169)

EDA: did you guys just smash a bunch of computers with a hammer because of viruses?
DHS: Yes, but there havent been any terrorist attacks since we smashed everything with hammers. clearly the operation was a massive success.
EDA: I dont even.....
DHS: yep. Freedom isnt free.

Re:the discourse as it stood (0)

Anonymous Coward | about a year ago | (#44225485)

EDA: did you guys just smash a bunch of computers with a hammer because of viruses?

DHS: Yes, but there havent been any terrorist attacks since we smashed everything with hammers. clearly the operation was a massive success.

EDA: I dont even.....

DHS: yep. Freedom isnt free.

You don't read do you?

Oh, the files are *in* the computer? (1)

aoeusnth (101740) | about a year ago | (#44225173)

http://www.imdb.com/title/tt0196229/quotes

They wonder why... (1)

intermodal (534361) | about a year ago | (#44225177)

...we don't approve of how government takes our money and wastes it...

Actually... (1)

froth-bite (2777385) | about a year ago | (#44225223)

If you were a government office, and stuck with old crap, this makes perfect sense as a means to get new equipment!

I dont understand why u have to go about (1)

sundru (709023) | about a year ago | (#44225225)

I dont understand why u have to go about destroying hardware, Should'nt shutting down perimeter ingress and egress routers provide enough security that information is not going out of the location ? And then cleanse internal systems in your own sweet time.

Best Part (1)

Paperweight (865007) | about a year ago | (#44225247)

The audit does, however, note that the EDA's IT infrastructure was so badly managed and insecure that no attacker would need sophisticated attacks to compromise the agency's systems.

How many want to give this gov't *MORE* money?!?!? (0)

Anonymous Coward | about a year ago | (#44225251)

WHAT

THE

FUCK?!?!?!

Why the hell would anyone want to give this incompetent, overweening bunch of wanna-be tyrants MORE money?

So they can buy better drones to hunt you with?

So they can buy more acres of servers to read your emails and listen to your phone calls?

So they can hand trillions of dollars over to bankers who took bad risks?

Re:How many want to give this gov't *MORE* money?! (1)

drainbramage (588291) | about a year ago | (#44225405)

What?
It is like you don't believe Patty Murry.
Come on dude, lighten up, she is doing the best she can, maybe, well sort of.
Or not.

They should have cleaned... (1)

Jimpqfly (790794) | about a year ago | (#44225283)

... the employees, first. Main risk of contamination, after all.

well... (0)

Anonymous Coward | about a year ago | (#44225331)

The only thing I got from this article is that if I want to make 800 000$+ quickly, I have to send a few infected emails to some 3 letter minor agency and then submit a bid to run A/V software.

also that slashdot's captcha decided I'm a robot.

LOL ... (2)

gstoddart (321705) | about a year ago | (#44225337)

they proceeded to physically destroy $170,500 worth of equipment, including uninfected systems, printers, cameras, keyboards and mice.

OK, be honest now, who among us hasn't wanted to do this?

Admittedly, destroying mice and keyboards is a little excessive, but I bet there's not a single person here who isn't dreaming of needlessly destroying a large quantity of computer gear in a very dramatic manner.

Re:LOL ... (1)

vikingpower (768921) | about a year ago | (#44225451)

Amen. I recently acquired an old Sund V1280 Fire server. [slashdot.org] The beast is 130+ kgs heavy, and I sometimes wake up in the middle of the night, screaming and covered in sweat: one more dream of throwing the thing out of the window à la "One flew over the Cuckoo's nest".

Re:LOL ... (1)

gstoddart (321705) | about a year ago | (#44225511)

The beast is 130+ kgs heavy

Holy crap. The biggest thing we ever had to take delivery of was an HP-9000 server, but in a case with a built in UPS and a giant backplane for the disks.

It was the size of a fridge, rolled on wheels, and needed to be wired in special because it was 220V and took a lot of juice.

My guess is there was almost 100kg of batteries alone, but it was mostly a rolling rack with a computer inside.

I know that malware. (3, Funny)

JeanCroix (99825) | about a year ago | (#44225373)

It's was the dreaded "PC LOAD LETTER" virus. Smashing is the only recourse.

Purge and rebuild - Sometimes your best option (0)

Anonymous Coward | about a year ago | (#44225453)

I think this summary is a bit sensational. When working for large institutions (private or public) you don't have a lot of luxuries you normally take for granted. Even things like temporary storage space. Destroying everything may very well have been the most cost effective option. Trying to hang on to old equipment is often a false economy when you take in to account the cost of labor and storage.

Consider this:
You need to conduct a full infrastructure-to-end-user equipment audit.This means rebuild/re image. No, a virus scan isn't going to cut it.
You don't have a rebuilt/reimage regime in place.
Your equipment is old and is on the verge of replacement anyway
Your IT services aren't handled in house, but contracted.

Really, the best option may be to "forklift" everything out and start fresh. Some of your stuff is still good you say? Well great. Now you have to pay someone to:
Inventory everything. Yes, there may be existing inventory but you'll need to do it again anyway.
Determine what's worth keeping and what's worth getting rid of
Create an inventory of what's staying and what's going
Store what's being kept - I don't know about you, but peripherals are dirt cheap today. It's probably cheaper to buy new than store your old junk. .. And by the time you're done with all that, what you're holding on to may very well be completely obsolete instead of almost obsolete.

Imagine you've been put in charge. You walk in to a location that's had badly mismanaged IT for a for some time. It's probably not worth your time to determine what assets are worth keeping. You'll spend more time and money integrating bad infrastructure than you will burning it down and replacing it wholesale.

Humans... (1)

FlopEJoe (784551) | about a year ago | (#44225545)

I don't want to work in that office if they learn most system vulnerabilities are due to humans!

IDA (1)

Reliable Windmill (2932227) | about a year ago | (#44225553)

It's the Incompetence Development Administration. No but seriously, this takes things to a whole new level. It's so dumb and uneducated I'm almost inclined to think there was some big contract for hardware and installations around the corner waiting to be served. Big incompetence, Big corruption? Americans do it Big.

Fishy (2)

paxprobellum (2521464) | about a year ago | (#44225723)

I'm sure nothing fishy was going on in this government center. I imagine they didn't want 3rd parties looking at their computers too closely. #tinfoilhaton

Correct agency naming (0)

Anonymous Coward | about a year ago | (#44225725)

In all fairness, they did generate a lot of economic activity due to their over-reaction. Another government success story!

Dark ages (1)

Pendletoncils (2834733) | about a year ago | (#44225763)

This reminds me of religious zealots burning books,music and instruments since they might have been tools of Satan.

Impressive (1)

MadKeithV (102058) | about a year ago | (#44225953)

Impressive... this must be the most successful targeted social engineering malware yet.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?