FBI, US Marshals Hit By Virus

Norsefire writes "The FBI and US Marshals were forced to shut down part of their computer network after being hit by a 'mystery virus.' FBI spokesman Mike Kortan said, 'We are evaluating a network issue on our external, unclassified network that's affecting several government agencies.' Nikki Credic, spokeswoman for the US Marshals, said that no data has been compromised but the type of virus and its origin is unknown."

Linux...

[Darkness404]

Why doesn't the government switch to Linux already? Sure, you can get a Linux virus, but to get one it takes work. On the other hand merely browsing a site in IE can give you viruses in Windows.

Bold claim

[Daimanta]

"said that no data has been compromised but the type of virus and its origin is unknown."

How do they know that there was no data compromised if they don't even know the type of the virus?

Re:Bold claim

[maxume]

Perhaps the network is reasonably self contained?

The article says they shut down internet access, but it doesn't really make it clear if the computers in question have any connection to the internet or not.

Typical Bold Claim, Scenario A14

[Gary W. Longsine]

This claim is made by nearly every spokesperson for any major organization which is forced to disclose a malware attack to the public. In nearly every case the claim cannot be substantiated. Run of the mill malware often scans hard drives and uploads data to remote servers over encrypted connections. Most organizations have no way of knowing if these even happened. They don't know how long they have been infected. They don't know if the attack is directed at them, specifically (and thus might be smarter about hiding its activity). These folk really don't know yet what the extent of the damage is. The stock line should be, "we don't know", not, "nothing bad happened". Something bad happened -- malware got on your network and spread. That much is clear.

Re:They should use macs

[clang_jangle]

Yes, the amount of malware for mac's is lower than Windows...

Correct, zero is a tad less than ~ninety-three thousand.

...but so is mac userbase

Considering that UNIX-like systems are ubiquitous in the server world (and OS X is a UNIX-variant), that is a really lame argument.

However there are many OSX malware circumventing already and it seems to be just going up

[citation needed]

Re:They should use macs

[erroneus]

This should be modded up.

Generally, I also recommend Mac for brain-dead users whose computers I don't want to fix every 3 days. There is simply less chance of such problems... randomly. Most exploits target Windows and MSIE, simple as that. But that is only GENERALLY...randomly...blindly.

More and more, we are seeing targeted attacks. The targetted attack is most successful when the contents of the network are known. So get one machine compromised (advanced scout), survey the network to see what's out there, then plan the real attack. There are abundant attacks for Mac and even Linux. In the event of targeted attacks, all bets are off. "Reputation" for security only serves the attacker because the defences of the machines will likely be lower on those machines considered "more secure."

Linux is not the ultimate in security

[davidwr]

Well, maybe some hardened versions but not the run of the mill version.

If you want hardened computing, you want:

*A hardened network, with hardened human access
*A hardened computer, with hardened human access
*A hardened OS or one that comes pre-hardened by design. SELinux, OpenBSD, some specialty flavors of MS-Windows, some small/embeded-systems OSes, some Unix-style OSes, and some mainframe-type OSes qualify
*Hardened sofware all the way around
*People who are trained in security in general and trained how to use the computer properly and how to spot people who are trying to compromise it or the network

Do you really want hardened computing?

Re:Linux...

[Krneki]

They are too lazy to learn a new desktop.

They rather get infected every now and then. After all it's your money they are spending.

Re:Linux...

[TubeSteak]

Sure, Linux is vulnerable but it isn't targeted, the diversity in distros, kernel versions, browsers, etc. help keep the target moving.

1. If the Government switches to Linux, there will not be a diversity in distros, kernel versions, browsers, etc.
2. Assume that, like the current windows installation, there will be gaping security holes due to mismanagement and misconfiguration.
3. The US government is an awfully big target and if they switch, you will see significant, concentrated effort on exploiting whatever distro and apps the Feds chooses.

Re:Linux...

[Norsefire]

Step 1: Ditch a closed-source product notorious for exploits and viruses
Step 2: Choose a better open-source alternative notorious for its security and stability
Step 3: close the source

Re:Bold claim

[Psyborgue]

How do they know it's even a virus. "virus" is often a silly excuse for "embarrassing human error".

Re:They should use macs

[sopssa]

Also, most mac users think and they're told that theres no malware and they're secure, so they have the mentality of "nothing can hit me" and even tho theres a few mac av's, almost noone runs them.

Hell, there's botnets running inside _routers_. What makes it think that mac is somehow some bulletproof solution. You dont need root to send spam or ddos either.

Mac is also a standardized os, so its a lot easier to make malware for it than the tons of different linux os's. And its already true, but because of this mentality Apple and Mac users have given to everyone, they think they're safe. It's really stupid from Apple's part, because the problem keeps just rising and one day it gets hit badly and no one has prepared because of their assumptions.

Re:They should use macs

[clang_jangle]

Trojans can run on any OS, once the user is tricked into installing them. IOW,they're extremely easy to avoid. However, viruses are only found in the wild on Windows systems. And only Windows can be infected by simply visiting a web site.

Re:Linux...

[Animaether]

Step 4: watch a lower ranking employee click on the HappyFunTime executable in their mail
Step 5: Priceless.

Sure some mysterious virus.

[PieceofLavalamp]

Sure some mysterious unknown virus. Or Someone broke/deleted something and didn't know how to fix it. I mean would you want to tell the FBI you broke their computers?

Re:They should use macs

[DrgnDancer]

Every example in your list is a social engineering trojan. They all require the user to literally INSTALL the malware and enter their admin password to do it. No system can defend against that. There are proof of concept viruses and worms on the Mac, but pretty much everything in wild is a trojan and requires significant user intervention to work. That's hardly fair. Of course stupid Mac users are still stupid users. That doesn't make the system itself less secure. I'm not one of the "OMG, it's completely secure!" fanbois. There are definitely holes in OS X, and Apple has not always been quick to fix them. The fact remains, however, that their are virtually no Mac viruses or worms in the wild (for the proper, security profession, definitions of "virus" or "worm").

Re:How do they know ?

[tendrousbeastie]

Well exactly. What their spokeperson says doesn't necessarily have any correlation to what their head of IT thinks.

The spokesperson's job is to put the best spin on things. Saying "We lost loads of public data" would not be doing their job well.

Re:Maybe they recently bought some new computers?

[Anonymous Coward]

If they aren't dropping their own image on new computers they get, there's something wrong with their IT department.

Re:Bold claim

[Thad Zurich]

There would seem to be a high probability that such a network is monitored by one or more IPS' that log and archive all outbound packets. If the time of infection can be established, then it should be possible to estimate the amount of exfiltrated data.

Re:They should use macs

[TheSpoom]

While I agree with the general principle that *nix OSes (including Macs) are more secure than Windows, viruses are just as possible on other operating systems.

That said, the government could save shit-tons in licensing fees by switching to a free OS like Ubuntu, and they wouldn't have to worry about something like this happening nearly so often.