Got Malware? Get a Hammer!

FuzzNugget writes "After the Economic Development Administration (EDA) was alerted by the DHS to a possible malware infection, they took extraordinary measures. Fearing a targeted attack by a nation-state, they shut down their entire IT operations, isolating their network from the outside world, disabling their email services and leaving their regional offices high and dry, unable to access the centrally-stored databases. A security contractor ultimately declared the systems largely clean, finding only six computers infected with untargeted, garden-variety malware and easily repaired by reimaging. But that wasn't enough for the EDA: taking gross incompetence to a whole new level, they proceeded to physically destroy $170,500 worth of equipment (PDF), including uninfected systems, printers, cameras, keyboards and mice. After the destruction was halted — only because they ran out of money to continue smashing up perfectly good hardware — they had racked up a total of $2.3 million in service costs, temporary infrastructure acquisitions and equipment destruction."

Economic Development Administration?

[ArcadeMan]

Sounds more like Fucking Retards Money Wasting Administration to me.

Re:

[ArcadeMan]

And why the hell would there be $2.3 million in service costs to destroy $170,500 worth of equipment?

Re:

[gl4ss]

And why the hell would there be $2.3 million in service costs to destroy $170,500 worth of equipment?

best buddy system.

that's why.

Re:Economic Development Administration?

[egamma]

And why the hell would there be $2.3 million in service costs to destroy $170,500 worth of equipment?

RTFS.

service costs, temporary infrastructure acquisitions and equipment destruction

Or, RTFA for the details:

The total cost to the taxpayer of this incident was $2.7 million: $823,000 went to the security contractor for its investigation and advice, $1,061,000 for the acquisition of temporary infrastructure (requisitioned from the Census Bureau), $4,300 to destroy $170,500 in IT equipment, and $688,000 paid to contractors to assist in development a long-term response. Full recovery took close to a year.

Still outrageously stupid, but I think $4,300 to destroy $170,500 is a reasonable cost. I think the other costs--the ones with 6 or 7 figures--are the ones you should focus on.

But really, isn't giving US companies #2.3 million what the Economic Development Administration is supposed to be doing anyways? Better than spending it on the salaries for these government employees.

Re:

[gmuslera]

$823,000 for the security contractor that adviced them to do that destruction? I know that for police not having high IQ is a requirement [go.com], but seems that the standards are even lower in other places.

Re:Economic Development Administration?

[icebike]

$823,000 for the security contractor that adviced them to do that destruction?

Read the story, or at least read the summary.
The contractor did not tell them to do that. The contractor found exactly 6 machines, which they recommended by re-imaged.

This stupidity was not the contractors fault.

Re:

[Darinbob]

The stupidity appears to be with the CIO firmly convinced that there is persistent malware present that can't be removed with reimaging. Ie, assumed that the worst case scenario exists with malware from a nation state that remains hidden and undetectable. There was also some confusion that advice to "rebuild your network" meant destroying the existing infrastructure.

Sort of reminds me of the scene in Zoolander when the two idiots say "she said the files are IN the computer!" and then proceed to literally

Re:Economic Development Administration?

[icebike]

You should read the report.

The contractor was on site for months, because EDA asked them to do the impossible, Prove that it was impossible for them to be infected.

The whole report is an amazing clusterfuck of misunderstandings and agencies speaking to each other in government-cover-your-ass-ees.

The DHS CIRT team told the EDA initially that 146 systems were infected with highly persistent malware. Then they sent them another report
with the exact same name that said only 2 systems were infected.

Within 2 weeks of beginning its incident response activities, EDA’s cybersecurity
contractor found the initial indications of extremely persistent malware were false
positives—not actual malware infections. However, EDA’s CIO sought guaranteed
assurance that the components were infection-free and no malware could persist.
External incident responders were unable to provide the assurance EDA’s CIO sought,
because doing so involved proving that an infection could not exist rather than that one
did not exist. By April 16, 2012, despite months of searching, EDA’s cybersecurity
contractor was unable to find any extremely persistent malware or indications of a
targeted attack on EDA’s systems. Further, the NSA and US-CERT did not find nationstate activity or extremely persistent malware.

If anything it appears there were only a few (2 or 6 depending on what part of the report you read) machines infected, but
worrywart EDA management insisted that the contractor keep looking.

The more you look at it the less the contractor seems to be at fault.
Had they just walked away, do you think they would ever get hired again?

Re:Economic Development Administration?

[parkinglot777]

best buddy system.

that's why.

That could be true; however, have you read the audit paper written by OIG in PDF (http://www.oig.doc.gov/OIGPublications/OIG-13-027-A.pdf)? It is very interesting and contains what the auditor (OIG) thinks where to blame (although those who are at fault simply brush the responsibility to others). Everything seems to be from miscommunication between DOC CIRT and EDA, and both did not know about this miscommunication until too late (the end of 2012, about a year after the incident).

What happened (from the audit paper) was that the incident handlers from DOC CIRT sent out 2 notifications to EDA regarding the US CERT notification. The first notification simply listed all 146 components, and EDA thought all of them were infected. Then the incident handlers from DOC CIRT sent the 2nd notification with accurate analysis of only 2 infected commponents, but the notification did not clarify or mention that the 1st notification was inaccurate (wrong). As a result EDA thought all 146 components were still infected.

Then the EDA selected and submitted 2 components to the DOC CIRT as a process to verify whether they were infected. Apparently, the EDA submitted the 2 components mentioned in the 2nd notification, and the result came back positive. As a result, the EDA thought that all 146 components were infected.

It got worse when EDA already knew that their IT system is outdated and needed a lot of updates/patches (since 2006 from NSA and OIG system reviewed) but they never fixed the issues. They believed this incident was an attack from nation-state actors (hackers), so their system could be extremely vulnerable to the attack. As a result, their system could open a hole to other systems' access. Therefore, the system was isolated.

Keep in mind, the Chief Information Officer (CIO) believed that this incident is from hackers. Then the EDA hired an external security company (contractor) to come in and assess the situation/system. The contractor found no actual malware infections. However, the CIO of EDA asked for a guarantee that there is non-existing of infection at all in the system [CIO is trying to safe his behind because of his belief]. The contractor could not give a guarantee due to the different between "could not exist" and "did not exist" of infections. That let to destroying the hardware part.

During the wait for recovery, the EDA entered into an agreement with Census to use their resources (e-mail, Internet, laptops, etc).

This is not done yet (and not included in the summary of this topic). The EDA did not listen to the recommendation from NSA or DHS about recovery plan -- quickly & fully recovery IT system. The EDA wanted a whole new system. This would cost $26 millions in total and won't be finished until the end of FY2014.

In summary, the miscommunication and other factors escalate the issue to be worse and worse. 1.DOC CIRT incorrectly handled the notification
1.DOC CIRT did not admit that their 1st notification was wrong to EDA
2.EDA did not verify the 2nd notification against the 1st with DOC CIRT
3.EDA did not submit random components (from 146) for verification
4.EDA IT system is outdated and has never been fixed/patched
5.CIO of EDA wanted to cover his behind by asking for a guarantee which is unrealistic
6.EDA wanted a whole new IT system which cost $26 millions

What do these people learn from the incident? No punishment but simply recommendations Deputy Assistant Secretary and the CIO of EDA (page 17 of the report/page 22 of the PDF file)! This situation is very similar to a big corporation making a mistake, and as a result, tax payers paid the price and nobody who were involved in the incident was punished.

Re:

[omnichad]

The actual destruction costs were only: $4,300 (still too much). The rest of that price tag is the total cost of doing the destruction - temporary infrastructure and so on. Not sure why a temporary replacement would cost 10x what was being replaced, though. Still plenty of government waste in the story.

Re:Economic Development Administration?

[icebike]

The actual destruction costs were only: $4,300 (still too much). The rest of that price tag is the total cost of doing the destruction - temporary infrastructure and so on. Not sure why a temporary replacement would cost 10x what was being replaced, though. Still plenty of government waste in the story.

Well except for the mice. You know how mice breed. Destroying those infected mice can take forever, because you find them breeding in closets, junk drawers, sometimes in their original boxes if bought at a TwoFer sale. And the wireless ones can be found a long way away from their nest, under desks, leaving their dongles everywhere.

They were lucky they managed to nip the infestation in the bud. It could have gotten totally out of hand had they owned any traveling laptops with mice. Entire countries might need quarantine. One mouse on a plane, and its game over.

Re:Economic Development Administration?

[Tridus]

Because, RTFA?

"The total cost to the taxpayer of this incident was $2.7 million: $823,000 went to the security contractor for its investigation and advice, $1,061,000 for the acquisition of temporary infrastructure (requisitioned from the Census Bureau), $4,300 to destroy $170,500 in IT equipment, and $688,000 paid to contractors to assist in development a long-term response. Full recovery took close to a year."

Re:

[JDG1980]

And why the hell would there be $2.3 million in service costs to destroy $170,500 worth of equipment?

From the original article:

The total cost to the taxpayer of this incident was $2.7 million: $823,000 went to the security contractor for its investigation and advice, $1,061,000 for the acquisition of temporary infrastructure (requisitioned from the Census Bureau), $4,300 to destroy $170,500 in IT equipment, and $688,000 paid to contractors to assist in development a long-term response. Full recovery took

Re:

[FuzzNugget]

And they wasted an additional $1.5 million paying various "contractors" who apparently didn't know what they were doing.

Or maybe they did, if you get my drift.

Re:

[Impy the Impiuos Imp]

Yeah baby, it's a great way to stimulate the economy. We know whst gets done is less important than things get done, and money gets pushed from person to person.

Buying computers to destroy employs people, as does destroying them. Hell, what we should do is just increase taxes and hire the tens of millions of unemployed to dig ditches and then fill them back in over and over.

Re:

[isopropanol]

obligatory Zorg [youtube.com] speech

Re:

[sizzzzlerz]

Welcome to the magical world of government contract accounting and a little accounting term we like to call overhead.

Re:

[amiga3D]

The feds are pretty much incompetent at almost everything. The only thing that works is Department of Defense who's primary purpose is to blow things apart. Even they can't seem to buy new hardware without 3000% cost over runs although I think that's actually more of a corruption thing. All we need now is to completely federalize health care which should do wonders for ending the danger of overpopulation.

Re:

[Anonymous Coward]

Most cost overruns are due to scope creep. Customer solicits bids, contractors bid, one wins, shortly after contract is awarded the customer changes requirements.

General cycle is:
Customer asks if they can change a requirement
Contractor says it'll cost $$$ (usually a pretty big number, because many requirements are difficult to change after you've architected your system to the original requirements)
Customer says "sure"
Costs skyrocket.

As an example, with the last presidential helicopter.
Government requested

Re:

[Entropius]

A bit OT, but:

It seems to be a symptom of some underlying pathology in a democracy when so much effort is put into protecting the head of government. At least in the ideal it doesn't matter who is president; they're ultimately a representative of the popular will and, to first order, one will do just as well as the next. There is even ideological continuity, since the vice president is selected by the president (you couldn't shoot Bush to end the Iraq war, since then you'd get Cheney). Historically assassin

Re:Economic Development Administration?

[The Rizz]

It seems to be a symptom of some underlying pathology in a democracy when so much effort is put into protecting the head of government. At least in the ideal it doesn't matter who is president;

You're completely missing the point of protecting the Head of State - it's not because an assassination would cause a change in policies, but to keep extremists from using threat of assassination to to blackmail a Head of State into changing those policies.

In other words, if the POTUS has to fear for his life as a result of every decision he makes, he is going to be pressured to cater to the most radical and violent groups.

Re:

[MysteriousPreacher]

That and candidates are going to be pretty interesting personality types if security isn't visibly high. Sure though it could be interesting to have a president whose security consists of keeping a well practiced Colt at his side and his back always to the wall.

Re:

[lgw]

Chester Arthur is one of the few really impressive presidents in American history. When James Garfield was assassinated, Arthur declared that assassins would not be allowed to steer the course of US politics, and adopted Garfield's stance on the issue the assassin cared about (spoils system), obviously putting his life at risk by doing so.

It's hard to imagine a modern president doing that, and sadly as you point out he's been the exception, not the rule.

Re:

[Tridus]

The feds are over reliant on contractors for everything. Contractors are there to just milk as much money as they can out of the system. They do a pretty good job.

Re:Economic Development Administration?

[mellon]

Yup. Likely what happened here is that the million-dollar security contractors gave the advice to do this bug hunt in the first place, and then provided the temporary replacement infrastructure, and walked away from the whole fiasco with a tidy profit. The reason this happens is because the government isn't generally allowed to hire people to do work like this, because "private industry is better." Of course, this sort of private industry is just a mechanism for siphoning off tax dollars, and the people who believe that hiring government employees to do government work is wasteful are actually responsible for fiascos like this, which are depressingly common.

Even when the contractors aren't crooked, the cost of employing them instead of federal employees is typically several times higher. But "corporations good, government wasteful." If we keep repeating that long enough maybe it will come true.

Re:

[Motard]

The problem here is moron CIO's and the people who prey on them.

Re:Economic Development Administration?

[Anonymous Coward]

Devil's advocate:

I've worked at private companies, for education institutions, in the public sector, and in the Federal government. None are perfect, none are completely horri-bad.

All places have had those people who I had zero clue what their function was, but they always had a nice office.

It is easy to pick on government, but go to almost any work environment, and you will find the same thing.

Re:

[ArsonSmith]

the main difference when things go bad either people get fired or businesses go under, in government when things go bad those people with no real job get raises.

Re:Economic Development Administration?

[Chickan]

Not always true. I've seen many incompetent people continue to get promoted in industry. The government ones just get more press.

Re:

[luis_a_espinal]

the main difference when things go bad either people get fired or businesses go under, in government when things go bad those people with no real job get raises.

Not true. Just look at all the Motorola execs who drove the company to the ground, all playing golf and going "caaachiiiiiin!". On a more plebeian note, people do not get fired for chronic incompetence in general. They get shuffled somewhere else.

More to the point, in general very few people are actually utterly incompetent. There are occasional or at worst chronic incompetent people who by sheer brute force gets by. Sometimes their incompetence gets contained by giving them narrow tasks, like ant soldier

Re:

[Solandri]

Difference is when a private company pulls a stunt like taking down its entire IT system [slashdot.org], customers start to abandon it and head to a competitor. If they screw up badly enough, they go bankrupt and everyone who worked there is out of a job. That creates a huge incentive to do things in a manner least disruptive to their customers.

When a government agency pulls the same stunt, they tell the customers "f- you, wait in line like a good citizen while we get everything worked out, because we're the governme

Re:

[MysteriousPreacher]

The EDA?

Re:

[Wookact]

Loosen up that tin foil a little, I think you are cutting off blood flow.

Re:Economic Development Administration?

[timeOday]

Either that or the hardware was outdated and/or soon-to-be replaced anyways (like the CRT photo in the accompanying story), so they just went with the upgrade instead of spending money to verify old stuff.

Any IT upgrade could be spun exactly like this story, if you wanted... "why did you get a new mouse with that new system, the old one was working perfectly fine and now it's going in the trash!"

mission accomplished!!

[swschrad]

economic development spurred by almost two and a half million dollars, and a few hammers... we'll have the complete story live at 10.

Re:

[synapse7]

Possibly, or were they trying to hide something substantial?

Re:

[ArsonSmith]

Hopefully they'll be the ones in charge of healthcare.

Wow!

[Enry]

You mean I get to release my pent-up anger by destroying physical systems *and* get paid a boatload of money to do it? Where do I sign up?

Re:

[chill]

... *and* get paid a boatload of money to do it?

You sound like you actually read the report. Of the $2.74 million spent, close to $1.5 million was on contractors.

Re:

[Rockoon]

Of the $2.74 million spent, close to $1.5 million was on contractors.

So instead of me getting paid a boatload of money, its my wifes brother?

Let me ask his question again: "Where do I sign up?"

Re:

[chill]

Right here: http://www.boozallen.com/careers [boozallen.com] :-)

PC Load Letter?

[Overzeetop]

WTF?

Re:

[jittles]

You mean I get to release my pent-up anger by destroying physical systems *and* get paid a boatload of money to do it? Where do I sign up?

I used to work for the CA Attorney General's office and I got to destroy equipment all the time. They'd give me a big sledge hammer, I'd take it down to the loading dock, and beat my frustrations out on it. Perfectly good systems that, due to information security requirements, were not allowed to be recycled for anything. I objected and said we should only destroy the drives, but that was CA policy at the time.

We Still Have a Budget for This Crap...

[Anonymous Coward]

... and yet I'm still furloughed on Friday...

Outdated Equipment

[Anonymous Coward]

It sounds like they were using this as an excuse to buy new equipment, so they destroyed extra equipment hoping that someone would allow them to chalk up the expense to the virus and thus give them shiny new stuff.

Re:

[K. S. Kyosuke]

Or it was the IT equivalent of a German wedding.

Re:

[GodInHell]

It sounds like they were using this as an excuse to buy new equipment, so they destroyed extra equipment hoping that someone would allow them to chalk up the expense to the virus and thus give them shiny new stuff.

That was my first thought as well. Particularly given the picture associated with the article is an old 13 or 14" NEC tube monitor.

Re:

[drainbramage]

1> Take almost new 24 inch flat screen home
2> Bring old CRT to the office as replacement
3> Have taxpayers pay to destroy the evidence
4> Get brand new flat screen at work
5> profit!

This is just more evidence of the systemic indulgence attitude that permeates big government.
Hey IRS, ever find those receipts you lost?

Re:

[omnichad]

Must have been really shiny - it cost them over $1,000,000 to replace $107,000 in destroyed equipment.

Re:

[Lumpy]

Government computers, all of them are chromed.

Re:Outdated Equipment

[K. S. Kyosuke]

I thought that government computers were usually IE6ed?

Re:

[mellon]

That's because the price of computers has been rising over time, doubling roughly every 1.5 years.

Oh, wait, I got the numerator and the denominator reversed. Dammit!

Re:

[pepty]

It sounds like they were using this as an excuse to buy new equipment, so they destroyed extra equipment hoping that someone would allow them to chalk up the expense to the virus and thus give them shiny new stuff.

Or one of the higher ups really wanted to destroy some of his files.

http://www.theregister.co.uk/2007/12/01/official_purges_agency_computers/ [theregister.co.uk]

Shutting down one entire government agency?

[jeffb (2.718)]

Sounds like a good start.

Re:

[TheCarp]

Perhaps because for every dollar generated by the desire to have oxygen masks for firefighters, only a fraction of a penny goes towards the firefighters and equipment, whereas 20 cents goes to the military to buy equipment they don't need and prepare for wars they don't need to fight, and the rest gets split between poorly run social programs and interest on the debt that, no matter how much they get, keeps rising.

Overall, more lives, globally, would be saved by not funding their wars than by equiping the f

Couldn't they just have nuked the site from orbit.

[Serif]

You know, to be sure?

garden-variety malware

[Errol backfiring]

Will that infect my lawnmower? I'd better destroy it then before it gets dangerous...

Re:

[tgd]

Will that infect my lawnmower? I'd better destroy it then before it gets dangerous...

You should get a shovel and double check ... your lawn may be full of worms.

Re:

[K. S. Kyosuke]

Will that infect my lawnmower?

No, but it could infect your lawnmower man. No great loss anyway, though.

A Ripleydyne Security LLC Whitepaper!

[fuzzyfuzzyfungus]

Best Practices:

1. Take off and nuke the site from orbit, it's the only way to be sure.

Re:

[omnichad]

The infection could have come from the outside - they really need to destroy all the computers on the Internet.

Re:

[JBMcB]

And destroy all computer manufacturing facilities. And burn all books about computer science, so nobody accidentally builds another computer.

Re:A Ripleydyne Security LLC Whitepaper!

[fuzzyfuzzyfungus]

Oh, don't get me wrong, I'm combining my love for Alien and my inexplicable whoring for 'funny' upmods(that don't even net me the 'karma' I don't care about), rather than phoning in a reliable 'insightful' rant about THem Gummunit Union Beurocrats! in part because it amuses me more, and in part because (especially if your hardware is old shit) a sledgehammer is probably the best approach if you actually think that a state-caliber attacker is on your ass(for larger jobs consider a shredder [ssiworld.com] rather than a hammer).

In this specificcase, given that their analysis found only a small quantity of chickenshit malware, and because the EDA is kind of a low-priority target for the really cool attacks, I strongly suspect that it was an overrreaction(and, if it wasn't an overreaction, doing more aggressive analysis, in order to better understand the adversary's capabilities, in terms of OS, Application, and hardware/firmware level malware would have been more responsible than just shredding it all).

That said, though, you'd be hard pressed to be paranoid enough about the potential for even seemingly innocuous devices, in the hands of a capable attacker, to be malicious. The BIOS has had slightly unnerving powers ever since SMM [wikipedia.org]; but these days it's a second OS, more or less, USB devices are highly likely to be full, potentially reprogrammable, devices that are just implementing whatever they are supposed to be in software(OEM cost-cutting reduces the risk that there would be space/power to hide anything really cool; but some pretty weedy microcontrollers can handle being whatever flavor of USB slave device they are set to emulate. Even monitors get a full i2c bus for DDC, no idea how well your graphics driver, occupying its position of relative privilege within the system, watches that interface...

I would say that they screwed up, because if they genuinely suspected the worst, shredding the evidence rather than analyzing it is unhelpful in preventing future attacks, and if they didn't suspect the worst, dumping clean images on the systems and getting on with life would have been a lot cheaper; but it is true that, if you suspect a genuinely capable attacker, you are sufficiently fucked that just burning it with fire is probably the cheapest option...

Re:

[ozbon]

Aliens, not Alien.
</pedantry>

Re:

[fuzzyfuzzyfungus]

Sir, sir, Aliens [wikipedia.org] is a pretty good movie; but quite distinct from Alien [wikipedia.org]. The rest of the series is... unfortunate(Though the original AvP game was pretty good).

that's how u.s. government "develops"

[rubycodez]

like how we developed Iraq, destroy good infrastructure so contractors with gov officials in their pockets make a pile of money

or how government has developed inner cities over the past few decades, making fodder for the huge prison system business and food stamp system etc.

Re:

[Digicrat]

That doesn't always work. See http://en.wikipedia.org/wiki/The_Mouse_That_Roared [wikipedia.org]

Re:

[CrimsonAvenger]

Mugawd! Someone else still remembers that story?!

Re:

[ozbon]

I remember the film, but didn't know it was originally a book!

Re:

[rubycodez]

if you don't mind a few hundred thousand dead innocent civilians, being owned by the western banking/petro-dollar cartel, being told whom you'll do import/export with, being subject to U.S. intellectual property cartels, having all your countries comm going through the NSA/CIA, and having your government saying "how high" on the way up when Washington DC says "jump"....why it's a great deal

Re:

[schnell]

having your government saying "how high" on the way up when Washington DC says "jump"

Neither the governments of Iraq or Afghanistan seem to care in the slightest what the US government wants them to do. Hamid Karzai in particular seems to take great joy in jabbing the US whenever possible. Historically speaking, the governments of other US-reconstructed countries (Japan, South Korea, Germany, etc.) haven't lacked in independence either.

Clearly, nobody would seriously want to be invaded by the US and "reconstructed" ... but leaving behind post-invasion puppet governments is not something the

Just another example

[cyberchondriac]

Just another example of why totally and blindly trusting big government with your tax dollars is not well advised. What do they care? They treat that income as totally disposable. Tax money is like Doritos, tax payers like Frito-Lay corp: "They'll make more" (obscure reference to an old advertising campaign for Doritos)

Id10T error at its finest!

[Greg01851]

With users like this, who needs Malware?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Anubis IV]

Couldn't even be bothered to comprehend the first sentence of the summary, eh?

Contrary to what we typically expect, it wasn't the DHS engaging in idiocy this time around. I know it's fun to bash the DHS, but at least do it for valid reasons.

LOL ...

[gstoddart]

they proceeded to physically destroy $170,500 worth of equipment, including uninfected systems, printers, cameras, keyboards and mice.

OK, be honest now, who among us hasn't wanted to do this?

Admittedly, destroying mice and keyboards is a little excessive, but I bet there's not a single person here who isn't dreaming of needlessly destroying a large quantity of computer gear in a very dramatic manner.

Re:

[vikingpower]

Amen. I recently acquired an old Sund V1280 Fire server. [slashdot.org] The beast is 130+ kgs heavy, and I sometimes wake up in the middle of the night, screaming and covered in sweat: one more dream of throwing the thing out of the window à la "One flew over the Cuckoo's nest".

Re:

[gstoddart]

The beast is 130+ kgs heavy

Holy crap. The biggest thing we ever had to take delivery of was an HP-9000 server, but in a case with a built in UPS and a giant backplane for the disks.

It was the size of a fridge, rolled on wheels, and needed to be wired in special because it was 220V and took a lot of juice.

My guess is there was almost 100kg of batteries alone, but it was mostly a rolling rack with a computer inside.

I know that malware.

[JeanCroix]

It's was the dreaded "PC LOAD LETTER" virus. Smashing is the only recourse.

Humans...

[FlopEJoe]

I don't want to work in that office if they learn most system vulnerabilities are due to humans!

Fishy

[paxprobellum]

I'm sure nothing fishy was going on in this government center. I imagine they didn't want 3rd parties looking at their computers too closely. #tinfoilhaton

Judging by that NEC monitor

[sl4shd0rk]

They were due for upgrades anyway

well, that's just stupid

[sribe]

If you're not confident you can disinfect your computers, then selling them on eBay is a lot more cost-effective ;-)

Does this remind anyone of that scene from..

[aristotle-dude]

the Movie Zoolander? The two dumb male models smashed an iMac to try and get the files out of it.

This big problem is management

[Skapare]

Just let the techies run the show.

Don't laugh

[davidwr]

There are industries and use-cases when "smash first, don't bother asking questions later" this is the appropriate response.

However, such times are rare and they should be spelled out ahead of time and they should only include destroying equipment which either 1) is at least theoretically possible to infect in a way that cannot be cleaned, ever (e.g. an infected BIOS), or 2) is deemed too expensive to clean and the data-storage media cannot be sterilized in a cost-effective manner or at all (e.g. a very che

incompetence? or something else?

[Khashishi]

It sounds like some contractors made bank in this arrangement.

What super top secret stuff do they do?

[Culture20]

That's hardcore paranoia. Are they an three letter agency front, or have they been pulling some hijinks?

Re:

[gl4ss]

Have you seen the things that have been popping up on slashdot over the past couple years? USB drives in mice, intrusion software in power strips and keyboards, and more.

I don't think in this scale though. I suppose it drives the economy though - which is to say that they should seriously check what kind of benefits the guy in charge was receiving from their vendor-to-be.

Re:

[omnichad]

Sure, it's possible. But there were 6 infected workstations. No reason to believe it wasn't cleaned up. Instead, $170,000 in equipment was destroyed. I think they skipped a step somewhere. They were being thorough, but they also caused more damage than the malware.

Re:

[Ultracrepidarian]

Kind of like the way a handful of terrorists with 19 box cutters and 19 one-way airline tickets brought down the most powerful country on the planet.

Re:

[The Rizz]

Kind of like the way a President's fear-mongering reaction to a handful of terrorists with 19 box cutters and 19 one-way airline tickets brought down the most powerful country on the planet.

FTFY.

FDR vs. GWB, indeed.

Re:Not entirely incompetent

[localman57]

No reason to believe it wasn't cleaned up.

If they truly believe that it was the work of a nation-state, there is every reason to think it isn't cleaned up. Stuxnet didn't even reside just in computers. It infected programmable logic controllers attached to centrifuges, and then could re-infect computers on the network after they've been cleaned. If you really believe that Russia, or China has really compromised their network, and you have information that's worth more than a million dollars to them, then you should assume that everything (printers, routers, video-conferencing equipment, everything with a jack, plus the bios of all your computers) may be infected.

People tend to view $170,000 as a lot of money. But it's not. Computers for office workers can easily run under $1000. Hourly labor to clean things may be $50 per hour when you include overhead and benefits. And you're not even sure you got rid of the infection. If you mostly run apps that are resident on hardened servers, use imaging to make it easy to deploy new PCs, and don't have a lot of high end hardware, it may make sense to just replace everything with clean hardware. Honestly, for departments where you do think that there's stuff that sophisticated attackers may want, it may make sense to occasionally do this kind of purge occasionally even if you don't know there's been an attack. Take a look at the Sony Playstation breach for an idea of what getting compromised can cost. It's a hell of a lot more than $170,000.

Re:

[omnichad]

But the infection was already determined to be common malware before they started destroying things.

Re:

[localman57]

That's the point. If you have low tech, script kiddie type malware, which you found, it means that you were very, very vulnerable to uncommon, highly targeted malware. The stealthy kind that even nuclear physicists don't notice.

Re:

[The Rizz]

That's the point. If you have low tech, script kiddie type malware, which you found, it means that you were very, very vulnerable to uncommon, highly targeted malware. The stealthy kind that even nuclear physicists don't notice.

I hate to tell you, but nuclear physicists generally don't notice malware better than anyone else outside the IT field, either. This isn't rocket science, after all...

Re:

[gl4ss]

Good to see the gov. is taking things seriously.

Maybe they'll find out that some officials are corrupt, and systematically dispose of them all?

You mean like night of the long knives?

Re:

[drainbramage]

What?
It is like you don't believe Patty Murry.
Come on dude, lighten up, she is doing the best she can, maybe, well sort of.
Or not.

Re:

[LeadSongDog]

So just which "incompetent, overweening bunch of wanna-be tyrants" should we give more money?

Re:

[bonehead]

And then cleanse internal systems in your own sweet time.

The problem is that cleansing the systems isn't as simple as it sounds. Even some "regular" malware that everyday folks get can be insanely hard to remove. And then just when you're sure you've got it all, you reboot and it's back. There are a few out there that A/V tools just don't seem to be able to deal with well.

Now, imagine your systems contain data that would be a "high priority target" for a nation-state able to fund the development of a sophisticated attack targeted specifically at you. And that