US agency baffled by modern technology, destroys mice to get rid of viruses

Started by jimmy olsen, July 09, 2013, 11:05:26 PM

Previous topic - Next topic

jimmy olsen

What the hell... :face:

http://arstechnica.com/information-technology/2013/07/us-agency-baffled-by-modern-technology-destroys-mice-to-get-rid-of-viruses/
Quote
US agency baffled by modern technology, destroys mice to get rid of viruses

$170,000 of PCs, printers, keyboards, cameras, and mice destroyed in gross overreaction.

by Peter Bright - July 9 2013, 8:00am +0900

The Economic Development Administration (EDA) is an agency in the Department of Commerce that promotes economic development in regions of the US suffering slow growth, low employment, and other economic problems. In December 2011, the Department of Homeland Security notified both the EDA and the National Oceanic and Atmospheric Administration (NOAA) that there was a possible malware infection within the two agencies' systems.

The NOAA isolated and cleaned up the problem within a few weeks.

The EDA, however, responded by cutting its systems off from the rest of the world—disabling its enterprise e-mail system and leaving its regional offices no way of accessing centrally held databases.

It then recruited an outside security contractor to look for malware and provide assurances that not only were EDA's systems clean, but also that they were impregnable against malware. The contractor, after some initial false positives, declared the systems largely clean but was unable to provide this guarantee. Malware was found on six systems, but it was easily repaired by reimaging the affected machines.

EDA's CIO, fearing that the agency was under attack from a nation-state, insisted instead on a policy of physical destruction. The EDA destroyed not only (uninfected) desktop computers but also printers, cameras, keyboards, and even mice. The destruction only stopped—sparing $3 million of equipment—because the agency had run out of money to pay for destroying the hardware.

The total cost to the taxpayer of this incident was $2.7 million: $823,000 went to the security contractor for its investigation and advice, $1,061,000 for the acquisition of temporary infrastructure (requisitioned from the Census Bureau), $4,300 to destroy $170,500 in IT equipment, and $688,000 paid to contractors to assist in development of a long-term response. Full recovery took close to a year.

The full grim story was detailed in the Department of Commerce audit released last month, subsequently reported by Federal News Radio.

The EDA's overreaction is, well, a little alarming. Although not entirely to blame—the Department of Commerce's initial communication with EDA grossly overstated the severity of the problem (though corrected its error the following day)—the EDA systematically reacted in the worst possible way. The agency demonstrated serious technical misunderstandings—it shut down its e-mail servers because some of the e-mails on the servers contained malware, even though this posed no risk to the servers themselves—and a general sense of alarmism.

The malware that was found was common stuff. There were no signs of persistent, novel infections, nor any indications that the perpetrators were nation-states rather than common, untargeted criminal attacks. The audit does, however, note that the EDA's IT infrastructure was so badly managed and insecure that no attacker would need sophisticated attacks to compromise the agency's systems.
It is far better for the truth to tear my flesh to pieces, then for my soul to wander through darkness in eternal damnation.

Jet: So what kind of woman is she? What's Julia like?
Faye: Ordinary. The kind of beautiful, dangerous ordinary that you just can't leave alone.
Jet: I see.
Faye: Like an angel from the underworld. Or a devil from Paradise.
--------------------------------------------
1 Karma Chameleon point

Berkut

"If you think this has a happy ending, then you haven't been paying attention."

select * from users where clue > 0
0 rows returned

CountDeMoney

QuoteThe audit does, however, note that the EDA's IT infrastructure was so badly managed and insecure that no attacker would need sophisticated attacks to compromise the agency's systems.

Needs more people that write in "cunt" on USAJOBS.GOV applications.

Razgovory

Sounds like they shouldn't have gone with an outside security contractor.  From the article it appears they spent over a million dollars on outside consulting when they could have spent 60,000 a year on an IT guy.  But of course that would mean another evil federal employee instead of the righteous private sector.
I've given it serious thought. I must scorn the ways of my family, and seek a Japanese woman to yield me my progeny. He shall live in the lands of the east, and be well tutored in his sacred trust to weave the best traditions of Japan and the Sacred South together, until such time as he (or, indeed his house, which will periodically require infusion of both Southern and Japanese bloodlines of note) can deliver to the South it's independence, either in this world or in space.  -Lettow April of 2011

Raz is right. -MadImmortalMan March of 2017

mongers

Quote from: Razgovory on July 10, 2013, 02:56:38 AM
Sounds like they shouldn't have gone with an outside security contractor.  From the article it appears they spent over a million dollars on outside consulting when they could have spent 60,000 a year on an IT guy.  But of course that would mean another evil federal employee instead of the righteous private sector.

:yes:
"We have it in our power to begin the world over again"

CountDeMoney

Quote from: Razgovory on July 10, 2013, 02:56:38 AM
Sounds like they shouldn't have gone with an outside security contractor.  From the article it appears they spent over a million dollars on outside consulting when they could have spent 60,000 a year on an IT guy.  But of course that would mean another evil federal employee instead of the righteous private sector.

That's always going to be the case, regardless of whether it's government or the private sector. 
The guy with the briefcase and the business card is always going to get listened to by leadership instead of the internal people.  It's the Mystique of Consultancy(tm).  THEY CHARGE MOAR THEY MUST KNOW WHAT THEY'RE DOING

Besides, the whole point is to reduce overhead, and overhead = labor. 
So what if a consultant charges 10 times as much as having someone in-house do it?  Consultants don't appear on the labor budget ledger.  That's how I lost my job, as well as the last good chance I had back in January.  We don't have the money for the position, but we're going to hire consultants who cost more instead.

Caliga

0 Ed Anger Disapproval Points

Ed Anger

Stay Alive...Let the Man Drive

CountDeMoney

You're part of the fucking problem just like you're part of the fucking population problem, so go fuck yourself, French land owner.

Ed Anger

Stay Alive...Let the Man Drive

CountDeMoney


Baron von Schtinkenbutt



KRonn

Lol, this didn't work out so well. Will they need to destroy the next office full of computers and equipment if another problem is found? Add in comedic irony if it was the NSA bugging that caused this!   ;)

viper37

Quote from: KRonn on July 10, 2013, 09:13:26 AM
Lol, this didn't work out so well. Will they need to destroy the next office full of computers and equipment if another problem is found? Add in comedic irony if it was the NSA bugging that caused this!   ;)
I wouldn't take any chances in their position.  I'd burn down the whole office, cleaning by fire and all.
I don't do meditation.  I drink alcohol to relax, like normal people.

If Microsoft Excel decided to stop working overnight, the world would practically end.