Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Portables Security United States Hardware IT

FBI Investigating Mystery Laptops Sent To US Governors 329

itwbennett writes "The FBI is trying to find out who is sending laptops to state governors across the US, including the governors of Wyoming and West Virginia. The West Virginia laptops were delivered to the governor's office on August 5, according to the Charleston Gazette, which first reported the story. Kyle Schafer, West Virginia's chief technology officer, says he doesn't know what's on the laptops, but he handed them over to the authorities. 'Our expectation is that this is not a gesture of good will,' he said. 'People don't just send you five laptops for no good reason.'"
This discussion has been archived. No new comments can be posted.

FBI Investigating Mystery Laptops Sent to US Governors

Comments Filter:
  • Me (Score:5, Funny)

    by earthloop ( 449575 ) on Friday August 28, 2009 @07:02AM (#29229053) Homepage

    If the governors don't want them, I'll have them.

  • I'll take them.

    Seriously, they don't have one good tech guy who could wipe the drives/check the internals for rogue hardware?

    • by acb ( 2797 ) on Friday August 28, 2009 @07:11AM (#29229117) Homepage

      What if whoever's sending them isn't just a small-time crook but a foreign intelligence agency with the resources to custom-make chips with built-in back doors. (Such back doors have been demonstrated to be plausible; someone has built a CPU with a circuit which switches off memory protection when it finds a specific sequence on a memory bus, which means that it doesn't matter how secure the software running on it is.)

      Why would they target state governors' offices? Well, they'd presumably be easier to pwn than, say, the Department of Defence or the CIA, and a good starting point for setting up pieces.

      • by MichaelSmith ( 789609 ) on Friday August 28, 2009 @07:18AM (#29229163) Homepage Journal

        But delivering them this way is attracting too much attention. Better to deliver the machines to their normal IT supplier, perhaps by getting one of your people on the payroll.

        • by 1s44c ( 552956 ) on Friday August 28, 2009 @07:26AM (#29229235)

          But delivering them this way is attracting too much attention. Better to deliver the machines to their normal IT supplier, perhaps by getting one of your people on the payroll.

          It would be far cheaper to put malware on a USB key with a logo of some government project on the side and mail that to them. They could use the same CD autorun thing that the U3 malware uses.

          • by BenEnglishAtHome ( 449670 ) on Friday August 28, 2009 @08:02AM (#29229577)

            ...a USB key with a logo of some government project ...

            Are you kidding?

            If I wanted to guarantee that a found USB key would be plugged in somewhere, I'd label it "porn".

          • Re: (Score:2, Interesting)

            They could use the same CD autorun thing that the U3 malware uses.

            Offtopic, but does anyone know how to remove the U3 "feature" using Linux? I heard there are Win32 removal tools, but I don't trust removal tools from people who actually invented U3...

            • Good old format (insert linux equivalent) doesn't work?

            • Re: (Score:2, Informative)

              by daivzhavue ( 176962 )

              http://u3.com/support/default.aspx#CQ3 [u3.com]

              They finally came out with an uninstaller for it. Quick and easy, but back up all your data as it wipes the entire flash drive.

              • Re: (Score:3, Informative)

                by Glonoinha ( 587375 )

                Doesn't work in Linux, as the GP asserted. Have to stick it in a Windows box just to run the uninstaller.
                As far as I'm concerned it's defective from the vendor and I personally don't buy any USB thumbdrives with U3 installed on them.
                If I accidentally buy one with it on there and realize it after I get it home and open the package, I take it back. Sorry, but no.

      • a) As pointed out, somebody with the resources to do that would be a but more subtle about delivering them.

        b) In this case, the smart thing to do would be to keep things quiet and send false info.

        • Re: (Score:3, Insightful)

          by TheCarp ( 96830 ) *

          Then again.... maybe this is just QA.

          Put in your malbug, send the laptops out in a high profile way... see what happens. Do they investigate? Do they even find what you did? That, in and of itself, could be valuable information, and possibly worth 5 laptops.

          Though I do enjoy the double standard. Someone breaks into your systems, with evidence. Think the FBI is going to care unless they can be shown to have done massive damage or stolen real money?

          Here someone does something that is, on its face, perfectly

      • by LWATCDR ( 28044 ) on Friday August 28, 2009 @08:50AM (#29230155) Homepage Journal

        Really? They why state governors? They really don't have a lot of access to secret stuff. My guess is a little more amusing. Someone has figured out how to hack into HPs GSA ordering system and is pranking them. They are basically ordering laptops on the states dime from HP just to see if anyone notices. Sort of like ordering Pizzicati to be set to buddy's house as a joke. The difference is this is going to be a federal offense.

      • by rnturn ( 11092 ) on Friday August 28, 2009 @09:43AM (#29230837)

        What do the states whose governors received these laptops have in common? The referenced article didn't mention the complete list but West Virginia and Wyoming might have something commercial in common. Mining or energy for example. Wouldn't a lobbyist with some powerful clients in the mining/energy industry just love to have access to some state computer systems where they could snoop through internal emails discussing potential legislation restricting mining activities? West Virginia's had problems with mountaintop removal for years. There's been talk of stopping that for some time. Wyoming has their share of mining companies abusing the environment as well.

        On the other hand, perhaps a bunch of environmentalists shipped the laptops in the hope of getting access to state information so they could blow the whistle on state govt./industry shenanigans (bribes and the like).

        Anyone know where there's a complete list of the states where these laptops were shipped?

      • by Anonymous Coward on Friday August 28, 2009 @11:23AM (#29232235)
        I work in West Virginia state government and this came up at yesterdays staff meeting. According to the boss (not PHB) they've found that laptops had been purchased with stolen credit cards and came loaded with malware. Also some of the laptops received in other states had actually been used.
    • by 1s44c ( 552956 ) on Friday August 28, 2009 @07:12AM (#29229123)

      Seriously, they don't have one good tech guy who could wipe the drives/check the internals for rogue hardware?

      Not at a cost less than the price of one new laptop. Smart hardware people with time to prepare could hide just about any device just about anywhere. Or hide nothing at all just so people waste time looking for what isn't there.

      I get the impression this is just a prank by someone with a little too much free cash and a bad sense of humor. Either that or a marketing thing by a laptop manufacturer.

      • I get the impression this is just a prank by someone with a little too much free cash and a bad sense of humor.

        You may have meant "someone with a little too much stolen cash". This is too blunt for anyone with the resources to seriously mod the HW in a meaningful way for intelligence gathering or DoS. My gut reaction is the laptops have a trojan/worm on them, and were intended for the dumber staff to go "cool! free loot!" for the LULZ [youtube.com].

  • OLPG (Score:5, Funny)

    by MichaelSmith ( 789609 ) on Friday August 28, 2009 @07:03AM (#29229065) Homepage Journal

    Its obviously the one laptop per Governor project.

    • Re: (Score:2, Funny)

      by zoomshorts ( 137587 )

      Compaq 15.6" CQ60-410US Notebook PC, I got mine for $298.00. Not a real cost.
      Let's guess, one drunk, $1600.00 laying around and surf the web for governor's
      addresses.

      The malware? IE 8.0 plus VISTA Home edition. Instant coup.

  • by zach_the_lizard ( 1317619 ) on Friday August 28, 2009 @07:03AM (#29229067)
    "People don't just send you five laptops for no good reason."

    Are you kidding me? I've received hundreds of free laptops from total strangers. In fact, I trust them so much that I do all my banking on them. After all, this nice downtrodden Nigerian prince has personally guaranteed the security and stability of all these laptops. Now, let me go check my bank balance....OMGWTFBBQ^*#^$@))*#$!!!!!

    NO CARRIER
    • by sopssa ( 1498795 ) * <sopssa@email.com> on Friday August 28, 2009 @07:56AM (#29229503) Journal

      NO CARRIER

      I understand breaking the monitor and keyboard in such situation, but you actually went out of the house, walked to your tool shack, picked up an axe and smashed your telephone line with it? That's a little bit aggressive, dont you think?

    • "People don't just send you five laptops for no good reason."

      They do if the senders are expecting a positive review!

      At the same time, I don't think that the incoherent and vaguely grammatical comments of daft and corrupt US politicians will help sales much.

      I could be wrong, though. I was one of the ones who believed Cmdr Taco was right about the iPod.

  • by Skinkie ( 815924 ) on Friday August 28, 2009 @07:03AM (#29229069) Homepage
    ...at least give every incoming laptop to a nearby school. I mean, spying on students happens already anyway.
    • Replace and save the hard drive for legal analysis, with a good chain of ownership in case of lawsuits.

      I'd also be concerned about electromechanical key loggers. Governors handle some very sensitive data, and should not have their keystrokes logged. But scrubbing the drives with a good Linux live CD makes them safe enough for casual use.

  • by damburger ( 981828 ) on Friday August 28, 2009 @07:07AM (#29229093)

    You get the laptops delivered to a big enough organisation, whoever signs for them assumes *somebody* ordered them for a reason, but can't find out who. So they stash them somewhere. Fast forwards to when someone new joins the organisation and needs a laptop, somebody mentions there are a couple lying around in boxes and bingo, you've got malware in through the front door without touching an Internet connection.

    Makes me wonder, how often this has been done successfully to less vigilant offices, worked, and we haven't heard about it.

    • by jollyreaper ( 513215 ) on Friday August 28, 2009 @07:28AM (#29229259)

      That's an expensive hack! Especially when the typical methods are practically free. I wonder how effective it is.

      You know, it might be cheaper to just "accidentally" drop usb drives near the office or, if you're not targeting a particular office specifically, leave the drives in coffee shops and local restaurants. Someone takes it home and tries looking at it, pwnage.

      • by flynt ( 248848 )

        Expensive for whom, you? What about a large political party or the intelligence unit of a foreign country? Practically free for them.

        • Re: (Score:2, Insightful)

          by maxume ( 22995 )

          But West Virginia?

          • Re: (Score:2, Insightful)

            by MiniMike ( 234881 )
            Maybe they're trying to intercept communications to or from Senator Byrd [wikipedia.org] who, despite being from West Virginia, is a very influential Senator.

            Or they might just want the latest recipe for Varmint Pie.

          • But West Virginia?

            It's them pesky East Virginians, I'll bet!
      • Re: (Score:2, Insightful)

        by 91degrees ( 207121 )
        Yes. I can't imagine it would be worth it for businesses. You're spending a lot of cash on something that may well go to fairly junior employees who have no access to any information of any importance. Even if the Governor himself gets one, you can't be sure that he'll use it for anything that will be of any value to a third party.

        A foreign government might be willing to splash out this sort of cash but I wonder how interested they are in individual state politics.
      • Just steal the laptops then.

        Or -- I don't know -- just be the country that makes them (China) where you have virtually unlimited access to the stock, anyway.

      • Be sure to label the drives with stickers - "Your competitor's TOP SECRET data!!!" and the like.

        God knows, I've worked with people who would fall for that.

    • Re: (Score:2, Interesting)

      by scheuri ( 655355 )
      That is what I thought first, too. Well, I still think it is a very interesting angle on social engineering as you put it.

      However, if you do that with a large enough company to get "undetected" (assuming smaller companies would recognise something fishy is going on) there should be a large risk that this laptop goes to the IT-people first to get completely altered to companies standards.
      That usually should mean complete format and using an image of whatever the company is using as client OS. So there go
      • some company order systems with there image per loaded or some are so big that some think like can happen they are just sitting there ready to go (not knowing that IT did not even get to them) or they are in Small Branch Office with little to no on site IT.

      • Formatting the drive doesn't protect against malicious hardware/firmware built in (or installed before they were sent to the target). If we're talking foreign government it would be a piece of cake to get that done. The US government has done similar things to espionage targets. Organized crime would more than likely have the ability (or be able to develop the ability) to hide the face that a case had been opened and the guts altered from casual inspection.

        I don't expect it would take too much ingenuity

      • However, as some have pointed out above, this is a very expensive trojan; and if you are going to spend that kind of money it might be viable to put something nasty in hardware/firmware that wouldn't be affected by the IT nerds wiping the laptops and installing company stuff.
    • Re: (Score:2, Interesting)

      by jlmale0 ( 1087135 )
      The article notes that the seized laptops were part of an order that shipped to 10 offices; all have been tracked down. Still, you're right, we don't know about other orders. I think it's a brilliant idea, the free laptops. If it's a software only attack, they have to be wary of those departments that reimage PCs to standard images.
    • by Cassini2 ( 956052 ) on Friday August 28, 2009 @08:12AM (#29229687)

      Go for the obvious. Someone is trying to get revenge on corporation "x" by purchasing a bunch of computers and having them drop shipped. By the time accounting catches up with the paperwork, the computers will be in the hands of the FBI for a month. If the scam is done right, it is done by an ex-employee or someone with just enough access to know who the preferred suppliers are. You make a couple of phone calls, send the right paperwork, and next thing your computer vendor is drop shipping a bunch of computers somewhere.

      Having worked for distributors, I'm surprised this doesn't happen more often. Having stuff go missing for weeks on end inside factories, fairly routine ... This wouldn't be hard to do. Just ship a bunch of computers somewhere else.

      It is even difficult to get charged for doing something like this. FAXing the paperwork leaves no fingerprints. To the accounting department, the transaction looks like typical incompetence. The corporation won't request charges laid, because then they would have to admit they were incompetent too, and this stuff happens all the time. The police have a tough time charging you, because you didn't steal anything. If done right, you didn't even touch anything so there is no physical evidence. No evidence means no crime, and your revenge makes the national newspapers. Perfect revenge scheme.

    • My guess is that the laptops were purchased in some disorganized fashion -- maybe there were some interns in the governor's office who needed computers for their work, and the orders were processed twice.
    • Re: (Score:3, Interesting)

      by vertinox ( 846076 )

      You get the laptops delivered to a big enough organisation, whoever signs for them assumes *somebody* ordered them for a reason, but can't find out who.

      Hehe. I worked for a large company where on more than one occasion someone just sends their laptop in to the workshop only to be lost in the stack because they didn't put a ticket number on it. It wasn't stolen but rather just with all the other laptops in a pile and was basically unlocatable for a few months.

      Secondly, the purchasing approval process sometim

  • by Drakkenmensch ( 1255800 ) on Friday August 28, 2009 @07:08AM (#29229097)
    Sounds like the opening chapter of a John Grisham novel. Encryption hits the newspaper stands before the library shelves, it seems!
    • I think I read that book. It was by Dan Brown, not Grisham, and called Digital Fortress. Yes, it was terrible.

      • Re: (Score:3, Funny)

        by Jeremy Erwin ( 2054 )

        When the NSA's invincible code-breaking machine encounters a mysterious code it cannot break, the agency calls in its head cryptographer, Susan Fletcher, a brilliant and beautiful mathematician. What she uncovers sends shock waves through the corridors of power. The NSA is being held hostage...not by guns or bombs, but by a code so ingeniously complex that if released it will cripple U.S. intelligence.

        Egad. If I want cheap obnoxious thrillers, I'll read Greg Bear's lesser work...

  • by ChayesFSS ( 896146 ) on Friday August 28, 2009 @07:19AM (#29229177)
    Next week on CNN: Pen & Paper sent to US Governors in hopes that they'd do more work. FBI called in to investigate.
  • by LaminatorX ( 410794 ) <sabotage.praecantator@com> on Friday August 28, 2009 @07:19AM (#29229183) Homepage

    "A what? Whatever, put it in the yard next to the giant wooden horse."

    • Re: (Score:3, Insightful)

      by Culture20 ( 968837 )
      They don't sound too pleasant. Hopefully they're made with metal or plastic instead of wood. Bonuses: no breaking.
  • by Anonymous Coward on Friday August 28, 2009 @07:20AM (#29229189)

    fedex sleeping laptop
    wake at delivery time
    run superduper wi-fi haxor proggy
    phone home

  • Hacked hardware? (Score:5, Interesting)

    by tsvk ( 624784 ) on Friday August 28, 2009 @07:20AM (#29229191)
    Since the origin of the computers is unknown, the hardware cannot be trusted. The computers might be hacked and backdoored on the BIOS level. Modern BIOSes are quite sophisticated with a rich functionality, that can be misused invisibly from the OS' point of view.
  • 2 democrats (Score:4, Interesting)

    by WindBourne ( 631190 ) on Friday August 28, 2009 @07:21AM (#29229197) Journal
    I wonder if the others are dems? Perhaps it is time to check the keys themselves and see what is on them
  • by ciaran.mchale ( 1018214 ) on Friday August 28, 2009 @07:35AM (#29229315) Homepage
    This just in... It seems the governor's office was right to be wary. The FBI have confirmed that all the laptops are infected with Windows Vista Basic. Truly nasty.
  • Next question?

    • One would think that China would be more interested in states like New York, Illinois, or California -- states with a lot of big banks and financial companies. Or, perhaps a state like Colorado, where there are major military bases. What is in West Virginia that would be of interest to the Chinese?
  • by Anonymous Coward

    Real bad guys would plant a Governor or a President, not some brainless laptops...

    • Real bad guys would plant a Governor or a President, not some brainless laptops...

      What if they aren't "brainless" laptops? After all, what would Skynet do?

      (Note: Send Terminators only works for future Skynet)

  • by charliebear ( 887653 ) on Friday August 28, 2009 @07:53AM (#29229473)
    A likely explanation is that somebody either stole a credit card or cards or somehow ordered them fraudulently and is using this as a smokescreen. Send 10 laptops to 10 governors. Send 10 to random people including yourself. Profit! Or else an employee at one of the offices is in on it and wanted to cover themselves by sending them out to other offices.
    • 10 governors is not random. This is the very opposite of a smoke screen.
    • by neo ( 4625 ) on Friday August 28, 2009 @09:48AM (#29230915)

      > Send a laptop to 10 people or you will have bad luck for 7 years. If you do send laptops to 10 people you will get your greatest wish!!
      >
      > A woman in Canada didn't send the laptops and now she is in prison for cheating on her taxes.
      >
      > A man in Kansas sent the 10 laptops and now has a new laptop!
      >
      > This is not a hoax or scam!! YOu HVAE TO SEND THIS!! 10 Laptops or something horrible will happens. Send it to all your friends!!!
      > >
      > > It's TRUE!! I got cancer when I didn't send the laptops, but then I sent them and now I have a million dollars!!!11
      > >
      > > Don't think this is a trick!! Just do it !1 Wjhat do you have to lose??
      > >
      > > Jack in Fredricksburgton
      > >
      > >
      > > > I can't count the number of times I've sent out these kinds of Laptops and gotton NOTHIONG. But this is the real deal.
      > > > You can't go wrong with this one. Think about it, you already got the laptop. You already have it...
      > > > but dont' just accept the gift and not pass it on or your in for big troubles.
      > > > >
      > > > > Here is a free laptop. Pass this on to 10 friends and enjoy!
      > > > >
      > > > > Richard R.

  • OLPC (Score:3, Funny)

    by tekrat ( 242117 ) on Friday August 28, 2009 @08:21AM (#29229793) Homepage Journal

    One Laptop Per *CHILD*.

  • And they 'clicked here'

    Figures that they would find the ONE legit free gift out of all the scam.. But then again, if you are scam to the core, you can see one a mile away.

  • That's funny, corporations are constantly giving politicians much larger amounts of money for no good reason - since surely honest politicians would not let a few thousand dollars sway their administration of hundreds of millions of dollars away from the Common Good.

    • by mea37 ( 1201159 )

      Yes, but normally when you bribe a politician you do it in such a way that they know who's paying.

  • Rip out the hard drive, install a new one, perfectly good laptop for the price of a hard drive.

    If you're cheap, wipe the hard drive and reinstall (preferably some Linux distri).

    WTF is your problem, gubernator?

    • Re: (Score:3, Insightful)

      by HikingStick ( 878216 )
      Not a bad idea unless the firmware is poisoned.
    • Re: (Score:3, Insightful)

      by CodeBuster ( 516420 )
      Even with the original hard drive gone, I still wouldn't use these laptops if I were the governor. Where did they come from and who arranged the shipping? It could be that foreign intelligence agencies (the Chinese in particular) specially crafted these "gifts" and then attempted to ensure that they would fall into the hands of important people within our government. No, these laptops are best turned over to the FBI or the CIA and left unused by their recipients.
  • You'll use the laptop to finally divorce your wife, right?
  • Tech: Mr Governor, sir, have you seen those HP laptops that you asked me to order? FedEx says your secretary signed for them.

    Gov: Laptops, you say?

  • Comment removed based on user account deletion
  • by MickyTheIdiot ( 1032226 ) on Friday August 28, 2009 @09:24AM (#29230583) Homepage Journal

    All it probably just plays Rick Astley "Never Gonna Give You Up" in a loop.

  • Hackers (Score:5, Funny)

    by jjhall ( 555562 ) <slashdot@ma[ ]geeks.com ['il4' in gap]> on Friday August 28, 2009 @11:07AM (#29232053) Homepage

    When they turn 'em on, does it show some distorted video of a guy telling them to play nice, and to enjoy the new laptop?

Two can Live as Cheaply as One for Half as Long. -- Howard Kandel

Working...