Forgot your password?
typodupeerror
Security Government United States News

FBI, US Marshals Hit By Virus 156

Posted by Soulskill
from the nothing-tommy-lee-jones-can't-handle dept.
Norsefire writes "The FBI and US Marshals were forced to shut down part of their computer network after being hit by a 'mystery virus.' FBI spokesman Mike Kortan said, 'We are evaluating a network issue on our external, unclassified network that's affecting several government agencies.' Nikki Credic, spokeswoman for the US Marshals, said that no data has been compromised but the type of virus and its origin is unknown."
This discussion has been archived. No new comments can be posted.

FBI, US Marshals Hit By Virus

Comments Filter:
  • by Anonymous Coward

    You wanna know how you do it? Here's how, they hit you with a virus, you pull a gun. He sends one of your servers to the IT department, you send one of his to the morgue. That's the Chicago way, and that's how you get Capone! Now do you want to do that? Are you ready to do that?

  • Linux... (Score:1, Insightful)

    by Darkness404 (1287218)
    Why doesn't the government switch to Linux already? Sure, you can get a Linux virus, but to get one it takes work. On the other hand merely browsing a site in IE can give you viruses in Windows.
    • by Gary W. Longsine (124661) on Saturday May 23, 2009 @10:40AM (#28066623) Homepage Journal
      Please copy this file to your hard drive, decompress it, untar it, chmod it, and place an entry in the root crontab... so I can have your advice.
    • Re: (Score:2, Interesting)

      by santax (1541065)
      Don't get me wrong, I love linux, Debian-fanboy for many a year. Everyday I have to run apt-get update && apt-get upgrade to keep my system secure. Not everyday it is a possible remote exploit, but there is always some security related bug to fix. Linux may have a better implementation to keep those risks from escalating quickly compared to windows, but I would not run nation-critical apps on it. Not at this point in time. I would look at Openbsd. And saying that, I noticed a lot of comments about o
      • by wh1pp3t (1286918)
        Large organizations and especially the government would disable sudo sysadmin_command for users (so, no apt-get/aptitude/etc..); furthermore, patches are tested prior to deployment; which happens on a scheduled basis. We all know how dynamic IT project management is...
        They (IT) would have to work closely with a vendor, such as RedHat or Novell to manage patch rollouts.

        Good bye quick and timely security updates.
      • BSD would be too hard and expensive to implement. Why not a commercial distro with SELinux to make sure it is an extremely hard nut to crack? I think that would be the best way to spend tax-payer monies.

        There is many consultants and support vendors for Linux and many people to create and run the systems. Linux admins are generally much more aware of how systems work so with good admins, enterprise grade distro and SELinux I think Linux can run "nation-critical" systems just fine... Just as long as you don'

      • Re: (Score:3, Interesting)

        by Niten (201835)

        Everyday I have to run apt-get update && apt-get upgrade to keep my system secure. Not everyday it is a possible remote exploit, but there is always some security related bug to fix. Linux may have a better implementation to keep those risks from escalating quickly compared to windows, but I would not run nation-critical apps on it. Not at this point in time.

        I think you're making the classic mistake of equating the number of patches seen with the actual number, and severity, of vulnerabilities. Of course Debian gets more patches more often than Windows: the Debian security team sends out fixes for security vulnerabilities as soon as they're discovered, rather than leaving users exposed by waiting up to a month and fixing (some, but often not all) of the most critical known vulnerabilities in monthly roll-ups. And of course Debian sees more patches, when nearl

    • Well, maybe some hardened versions but not the run of the mill version.

      If you want hardened computing, you want:

      *A hardened network, with hardened human access
      *A hardened computer, with hardened human access
      *A hardened OS or one that comes pre-hardened by design. SELinux, OpenBSD, some specialty flavors of MS-Windows, some small/embeded-systems OSes, some Unix-style OSes, and some mainframe-type OSes qualify
      *Hardened sofware all the way around
      *People who are trained in security in general and trained how t

      • by Mashiki (184564)

        You seemed to have forgotten something: You don't want it connected to the internet.

    • Re: (Score:3, Insightful)

      by Krneki (1192201)
      They are too lazy to learn a new desktop.

      They rather get infected every now and then. After all it's your money they are spending.
      • by mrmeval (662166)

        Geektas are too elitist to design a comfortable desktop for people switching from winodws. If it all "Just worked" like windows no one would give a fuck in a locked down environment. Same look and feel, same hot keys in every app.

        FUCKING CUT AND PASTE THAT FUCKING WORKS.

        • by Krneki (1192201)
          I give you that, but surely the security issues outweighs the comfort of the users. At least for critical systems like this one.
          • by mrmeval (662166)

            I've complained about cut and paste for more than a decade. It's not been fixed, it's never been fixed and I'm sure it won't be fixed.

            Linux is secure. All the crap you see is overlay and that does not much effect security. Linux has so many security tools that you have to work to create an insecure system.

            I let a friend use Ubuntu the "zOMG KILLAH OS", they're now running Pista. The Luddites will never come to a Linux desktop unless you cater to them. No one gets that and they piss themselves when you sugge

    • Because of two key applications. Microsoft Word, which many bureaucrats throughout the world but especially in civil services use to write their paperwork. And Microsoft Exchange, which although it is a security issue is widely deployed and has a pretty good calendar function.
    • Lawyers. The government does not really recognize the concept of FOSS, only "COTS" and "GOTS". If the government didn't write it, then the lawyers insist on having a vendor to sue, even if that vendor can disclaim all liability, and/or limit remedies to "refund of purchase price". The number of government-operated facilities capable of GOTSifying FOSS is relatively limited, and doing so is not part of their mission. Finally, there is no political incentive to do this (quite the reverse, thanks to vendor lob
  • by davidwr (791652) on Saturday May 23, 2009 @10:25AM (#28066485) Homepage Journal

    More and more, sensitive corporate and government networks will need to be isolated or at least mostly isolated from non-sensitive networks and the Internet.

    They may not need an air gap [wikipedia.org] but they will need to be isolated enough to prevent general problems like viruses.

    They also need to be run with the philosophy of "every other machine or user on my network could become compromised (infected or bribed) at any time."

    A couple of possible solutions:
    *Give employees 2 computers with a KVM, one for surfing the web and access to non-secure data, one to access secure data.
    *Give employees a multi-homed, ROM+read-only-USB-stick-for-configuration-data-boot "thin client" that's stripped down and hardened, with no copy-and-paste, no network bridging, and other designed way for one remote server to influence the other. Then have them connect to different servers on different networks for different needs.

    If your security requirements are extreme, use an air gap.

    In either case, don't forget to take countermeasures against human idiocy, ignorance, and bribery/blackmail.

    • by mbone (558574)

      Security regs in the USG mandate this sort of stuff for Classified information.

      • by davidwr (791652)

        True, US-government-classified material does have to be regulated.

        But what about the human resource database of the United States Postal Service, with its employee birth dates and social security numbers? What about the customer database at American Airlines, with its juicy collection of credit card numbers? What about your medical insurer, which may have lots of information about your or your children's health you don't want entering the public domain? What about the bank teller whose terminal let's her

    • multilevel security (Score:1, Interesting)

      by Anonymous Coward

      *Give employees 2 computers with a KVM, one for surfing the web and access to non-secure data, one to access secure data.

      Or use one operating system that allows different levels of security on one system, with different applications each running at different levels, and with access to variously segmented networks spanning from unclassified to top secret:

      http://en.wikipedia.org/wiki/Trusted_Solaris

      It's called multi-level security, and the DoD already uses it.

  • What I want from each and every one of you is a hard-target search of every JPEG, MPEG, EXE, PXE, hard drive, flash drive and floppy drive in that area. Firewalls go up on every computer. Your fugitive's name is Neeris. Go get him.

  • Bold claim (Score:5, Insightful)

    by Daimanta (1140543) on Saturday May 23, 2009 @10:26AM (#28066503) Journal

    "said that no data has been compromised but the type of virus and its origin is unknown."

    How do they know that there was no data compromised if they don't even know the type of the virus?

    • Re: (Score:2, Insightful)

      by maxume (22995)

      Perhaps the network is reasonably self contained?

      The article says they shut down internet access, but it doesn't really make it clear if the computers in question have any connection to the internet or not.

    • by Gary W. Longsine (124661) on Saturday May 23, 2009 @10:46AM (#28066687) Homepage Journal
      This claim is made by nearly every spokesperson for any major organization which is forced to disclose a malware attack to the public. In nearly every case the claim cannot be substantiated. Run of the mill malware often scans hard drives and uploads data to remote servers over encrypted connections. Most organizations have no way of knowing if these even happened. They don't know how long they have been infected. They don't know if the attack is directed at them, specifically (and thus might be smarter about hiding its activity). These folk really don't know yet what the extent of the damage is. The stock line should be, "we don't know", not, "nothing bad happened". Something bad happened -- malware got on your network and spread. That much is clear.
      • Libel (Score:1, Funny)

        by Anonymous Coward
        They're the government, they're not supposed to lie.
    • Re: (Score:3, Insightful)

      by Psyborgue (699890)
      How do they know it's even a virus. "virus" is often a silly excuse for "embarrassing human error".
      • Dood, these people are the FBI -- they know EVERYTHING (DCS 1000, plus gruvy software by number one intel contractor, S.A.I.C.). Also, I have the same false positives whenever I download porn, too......
    • Compromised can mean various things, according to the context. Flexible English is wonderful, isn't it?

      In the mental context of a person who deals with valuable data (like criminal scenes and such), compromised data is missing data. And what would you know, the FBI and the US Marshal's offices both deal with valuable data.

      In the mental context of say... a spy, compromised data is known (copied) data. The FBI isn't a spy agency, and the US Marshal's office isn't either, even if they can be secretive.

    • Re: (Score:2, Insightful)

      by Thad Zurich (1376269)
      There would seem to be a high probability that such a network is monitored by one or more IPS' that log and archive all outbound packets. If the time of infection can be established, then it should be possible to estimate the amount of exfiltrated data.
    • So basically, "We aren't aware of any compromised data, so we're assuming there are none. Also, we don't know the type of virus or its origin, so we're likewise assuming it has no type and came from nowhere."
    • Re: (Score:3, Interesting)

      How do they know that there was no data compromised if they don't even know the type of the virus?

      For the same reason that if I got a virus, none of your data would be comporomised. Seperate network, like it said in the summary. :P

  • We need to start looking for destroyed helicopters in order to find John McLane!!
  • by sk999 (846068) on Saturday May 23, 2009 @10:28AM (#28066517)
    "Malware found on brand new Windows netbook"

    http://www.itbusiness.ca/it/client/en/home/news.asp?id=53225 [itbusiness.ca]

    • Re: (Score:1, Funny)

      by ImYourVirus (1443523)
      Yeah it's called windows *laughs*
    • Re: (Score:1, Insightful)

      by Anonymous Coward

      If they aren't dropping their own image on new computers they get, there's something wrong with their IT department.

  • How do they know ? (Score:4, Interesting)

    by mbone (558574) on Saturday May 23, 2009 @10:37AM (#28066589)

    The spokeswoman said :

    "no data has been compromised but the type of virus and its origin is unknown"

    That is an extraordinary statement. How would they know ?

    If I was head of IT there I would assume that that was not true. Even if there was a completely different computer system for any sensitive information, data has a way of leaking to where it shouldn't be. Of thousands of people, not one put notes or passwords or whatever on the insecure side of the line ?

    Regardless of what they tell the press, I hope that internally they are assuming that this is a breach, and acting accordingly.

    • Compromised data isn't always copied data; sometimes it's missing data.

      To someone who forgot some of the meaning of their college English lessons, they may have also forgotten there's a difference between the two.

    • Re: (Score:3, Insightful)

      Well exactly. What their spokeperson says doesn't necessarily have any correlation to what their head of IT thinks.

      The spokesperson's job is to put the best spin on things. Saying "We lost loads of public data" would not be doing their job well.

      • What their spokeperson says doesn't necessarily have any correlation to what their head of IT thinks.

        From my experience, what the PR people say is correlated with what the IT people think. However, the correlation is negative.

  • US Air Force General Kevin Chilton, head of US Strategic Command, has said that attacks on the United States via the Internet could merit a conventional military response [today.com].

    "I don't think you take anything off the table. We're particularly looking toward one group in Seattle."

    The Seattle-based insurgent group is thought to have seeded American government and military computers with millions of copies of malware that allows attackers easy access to any data stored on the computer, or indeed to take complete control of the computer and use it for their own ends as part of a massive "botnet" to mount further attacks. The malware, "Windows," makes securing a computer running it almost impossible.

    "Turning Seattle into a glass crater would only be undertaken strictly as the minimum required surgical military action," emphasised Chilton, "and not in any way out of twenty-five years' bitter resentment and frustration at computing machinery."

    Chilton stressed that members of the US military must begin to think of their computers as the front lines. "Do you realize that in addition to adding Windows to computers, why, there are studies underway to Windowsize salt, flour, fruit juices, soup, sugar, milk ... ice cream. Ice cream, Mandrake, children's ice cream! I can no longer sit back and allow Windows infiltration, Windows indoctrination, Windows subversion and the international enterprise licensing conspiracy to sap and impurify all of our precious bodily fluids!"

    The Obama administration is currently reviewing the United States' cyberspace defense policy. "We're considering all options thoroughly," said the President, closing his MacBook and looking lingeringly at the red button on his desk.

  • Or does this sound like a cheap stunt to cook up funding for "cyber warface" and somesuch. Virus my butt... Some idiot probably tripped over a server power cord, sent half the FBI down, and now the bozos in charge are trying to use it as an excuse to get more taxpayer cash.
  • Sure some mysterious unknown virus. Or Someone broke/deleted something and didn't know how to fix it. I mean would you want to tell the FBI you broke their computers?
  • Any known vaccines ? And what is the fatality rate ?
  • Check with the lads at the CIA.
  • somehow this seems related to the urine candid camera post earlier today
  • __STOP__ USING WINDOWS, and don't allow users to get root.
  • I wonder if Microsoft and some of the organizations it has hired to produce Total Cost of Ownership (TCO) reports take things like this into account.

    If we're betting, I'll take "no."

Never trust a computer you can't repair yourself.

Working...