Feeds

back to article Leaked memo says Conficker pwns Parliament

The House of Commons IT systems has reportedly been infected by the infamous Conficker superworm, which has previously infected millions of Windows PCs and affected the operation of hospitals, military and large corporate systems. Political blog Dizzy Thinks first reported that a memo (below) sent out to parliamentary IT network …

COMMENTS

This topic is closed for new posts.

Page:

Thumb Down

WTF?

"We therefore ask that if you are running a PC or portable computer not authorised to be on the Network that you take it off immediately."

And which fucking idiot let them put unauthorised devices on the network in the first place?

So not only are our MPs pretty much technically useless but the IT department that set their network up is a stupid as they are.

0
0
Thumb Up

Superb...

"If you have an infected mobile device or USB key, please remove it until we clean the rest of the devices on the network, at which time you can use these devices and infect the network again."

0
0
Thumb Down

And there's more..

On a sort of unrelated article on the BBC (about access to the Daily Sport being blocked on the Parliamentary Network) :

"Guidance issued to all MPs in December 2007 warns MPs they have a duty to ensure the Parliamentary network is used properly "by themselves and their staff" and to avoid actions that "threaten the integrity of the system or bring it into disrepute"."

Hmmm, I guess that the whole thing is a complete fuck up and maybe they should scrap it all and start again.

0
0
IT Angle

Is this for real?

Now, I am not a native English-language speaker, but even I can see that the English language of this memo... well, leaves a bit to be desired.

Also, "An additional characteristic of this virus is that for some types of files it can skip direct to the Network from a USB memory stick or other portable storage device (e.g. mp3 players) without hitting the virus checker software."? Duh, I guess they are using the wrong "virus checker software", then.

0
0
Alien

Well, look at it this way:

At least they will save some paper by not having to print out state secrets and leave them on the train - now the hackers will be able to fetch what they want, right from the source.

Isn't technology wonderful?

0
0
Black Helicopters

White House

There you go Mr Bush. You can now account for all those "Missing Emails".

0
0
Silver badge

Incompetence

Bear in mind this is a government system and due to the sensitivity/confidentiality of some of the data, I found the following excerpts from the leaked memo shocking to say the least.

"We are unable to clean PCs and portable computers which are either not switched on or which are not authorised devices. We therefore ask that if you are running a PC or portable computer not authorised to be on the Network that you take it off immediately."

They allow unauthorised harware to connect to the network! Anyone connecting unauthorised hardware to the network should be given a written warning. Any network ports on walls etc. that are not in use should be locked out at the switch or disconnected physically from the switch. All wireless access should be authorised by MAC address. If Internet access is desired for visitors it should be on a physically separate network

"An additional characteristic of this virus is that for some types of files it can skip direct to the Network from a USB memory stick or other portable storage device (e.g. mp3 players) without hitting the virus checker software. We ask that for the time being you do not use memory sticks or any other portable storage devices on the Parliamentary Network."

They allow staff to connect memory sticks and MP3 players to the PC's! All PC's should have USB/Firewire ports disabled in BIOS, physically disconnected where possible and the BIOS locked by password. The AV software should be configured to scan files transferred via USB (even if disabled) devices, and if it can't then someone chose the wrong AV product.

Perhaps our government's IT dept don't take security seriously.

Who ever drew up the security policy should be sacked. Unless of course security policy is in fact solid and just being ignored. In which case those who are supposed to enforce policy should be sacked.

0
0
Linux

stop wasting my money

Dear Govt.

PLEASE STOP SPENDING MY MONEY ON CRAP SOFTWARE - free is cheaper..

regards

0
0
Paris Hilton

WTF

And the reason the IT Team at parliament can't disable access USB Storage devices automatically is?.

Paris, because even she can't figure out why disabling usb storage devices is not a default policy?

0
0
NB
Linux

bring on..

the penguin! This would never have happened had they been running linux. Seriously, MS Windows is just not fit for purpose in any environment.

0
0
Unhappy

Eh?

> We are unable to clean PCs and portable computers which are either not switched on or which are not authorised devices. We therefore ask that if you are running a PC or portable computer not authorised to be on the Network that you take it off immediately

So they actually allow "unauthorised devices" to do anything on the network at all? FFS what bunch of clueless f***wits have our MPs chosen to run their IT?

Any unauthorised device on our network gets firewalled into uselessness upon connection, closely followed up with a visit from a PFY after we've told him we're cutting his curry budget.

0
0
Thumb Down

Clowns

If a device isn't authorised then the network port should be blocked. Authorised machines should detect if unauthorised usb devices are attached and flag it with security.

The company I work for does this and it's not tasked with running the country.

Incompetent fools.

0
0

Better clean-up needed

It's not only their systems that are infested by worms. The whole place is full of them. Some elected, some not. Clear the whole damned place.

0
0
Ray

Dear oh Dear . . . When will we learn

This after the build up with either turn out to be highly significant or a damp squibb.

5 days and counting . . . and two lost to a weekend . . .

Just the fact that MOD and Parliamentary systems are infected is enough even before the known activation date.

Just adds to the appalling government data security and safety record.

SECURITY SECURITY & SECURITY

PROTECTION PROTECTION PROTECTION

SAFETY SAFETY SAFETY

Whenever we will learn before we are faced with a really big problem?

Hopefully 1st April will pass without too much upset . . .

0
0
Bronze badge
Thumb Up

A result!

Maybe this will prompt parliamentarians to think again about the proposed children's database, where plain reasoning so far seems to have failed.

0
0
Black Helicopters

Good job they don't do anything important

So anyone can plug any device into the houses of commons network with no LAN access management, USB autorun is still enabled and encryption banned

So basically a 5 year old could get onto the network at the heart of our government?

You'd think that given the billions they are spending on pointless plastic cards they would splash out a few quid on basic network security in their own offices

Black helicopter as apparently it wouldn't take a Clancy-esq raid to steal their information, just an out of date security pass and any old laptop should do it

0
0
Linux

signature for the non-A/V crowd?

Is there a way to see if you are infected with Conficker if you don't have (current) A/V software installed? I'm in AC mode because my in-laws are the Windoze users, and they haven't updated their A/V in at least a year. I'd like to see if they are clean or not, but I don't have A/V myself because I'm an all-Linux shop.

Somewhere I remember reading that various Linux-based live CDs had been spun as A/V scanners; pointers?

0
0
Linux

secure

well maybe nows the time to remind our MPs of the benefits of Gnu/Linux

0
0

No title required.

Judging by this article, they just allow people to use un-authorised USB equipment and PC's? Bizarre!

0
0
Anonymous Coward

I

I hope the virus is made by a justice minded citizen and all of the secret memos are published to wikileaks and that all of the government /police and secret services IT systems are destroyed leaving them to contemplate how stupid they were to rely on technology to fix all their problems instead of talented people and hard work.

Also I hope some of those new made up rules will be lost too.

0
0
Stop

What concerns me here...

...is the line about MP3 players. Surly not a secure storage mechanism? Shouldn't these PCs be locked down a bit more than that?

0
0
Dan
Coat

Nice...

...to see that unauthorised devices are to be kept off the network temporarily, so that once the entire environment is cleaned of the worm, some monumentally clueless head-in-the-clouds expense-abuser with a god complex can plug in his/her mp3 player and start the whole process all over again.

Coat cos that's them rifling through my pockets for more cash to put in their trough.

0
0
Flame

Representatives of the Britards

Given the cosy relationship between Microsoft and various government figures, what else are we to expect than an amateur IT shop with a policy of running Microsoft stuff plus the seemingly obligatory value-added trinkets like anti-virus software? I suppose the prevailing view is that such trinkets are an adequate protection for the infrastructure against the Representatives of the Britards running dirty software, presumably with full administrative privileges and an unguarded route to the network.

0
0
Gold badge

Define "network"

If I plug an unauthorised device into a wall socket, is it "on the network" for the purposes of this memo? At my illustrious place of employment, we have a wireless network so that our visitors can get onto thar interweb. Physically, there presumably is a path to the same set of wires as the rest of the company network. Logically, it's a different network. I see no reason to suppose the PICT don't have similar options and aren't using them.

All you network admins really ought to bear in mind that the PICT folks have possibly the worst net-admin job in the country. It is clear from recent legislative proposals that their "customers" know jack shit about IT but you can bet they have strong opinions about being told what they can plug into the wall.

So, before you sound off about how trivial it all is, tell us how *you* would secure a network that had to provide internet access and secure (parliament-only) services to a motley collection of machines running *any* OS that the MPs (and/or their over-enthusiastic assistants) wish to download, all whilst denied administrative access to the machines in question, since they almost certainly contain "privileged" material (at least, the MP thinks so). What's that? It's impossible? OK, well that's not as simple as you've been making out then, is it? You are of course free not to work there yourself, but that's no reason to slag off those who do.

0
0
Anonymous Coward

Fascist admin...

While it's all well and good locking down hardware to the point where it's barely usable, there are a couple of points to consider.

- The network is provided as a service to MP's and their staff. They aren't employees, they can't be sacked by an IT Nazi, they can't get written warnings, the police are even restricted in what they can get up to in an MP's office.

- You can get anything by email, anyone else remember UUEncode?

0
0
Bronze badge

@NB

Please tell me you are not involved in IT security. So you are saying that he problem is Windows , and that allowing unauthorized devices on a network would have zero effect in as linux environment .

0
0
Anonymous Coward

All the ones bitching about unauthorised devices

What do you expect from a network run by a PICT? All that is missing is the set of little fury animals to groove with it (any similarity with a certain Pink Floyd song is only in passing...)

0
0

I'm surprised that you're surprised....

While I agree that these computers should be locked up tighter than a nun's c*nt, just think about the reality of the situation. I could just imagine how many a situations like this could have happened.

For example...

MP luser - Hey, I want to bring in my computer from home and I want you to connect it to the network, also I want to be able to use my MP3 player on my office computer.

IT staffer - Um, sorry sir, that's not allowed.

MP luser - What did you just say to me?!?

IT staffer - Um, that's it's...

MP luser - do you like working here?

IT staffer - Huh?

MP luser - It was a simple question. I said do you like working here?

IT staffer - Yes, I do sir.

MP luser - Then you'll forget about what you think I'm not allowed to do and do what I told you to do! Better have it ready fast too. I want to transfer my Michael Bolton collection that my son downloaded for me from my MP3 player to my office computer before tea time.

IT staffer - Yes sir...

0
0
Anonymous Coward

Misnomer

The Parliament network is not a secure network like those imposed on civil servants. Attempts to provide universal ICT have been hamstrung by MPs and their researchers insiting that they have requirments to use non standard equipment and Parliament ICT staff can't or won't stand up to them, ie Macs, Vista etc, and mix up their own equipment, that of their constituency and that which is provided to them.

It is not secure because MPs and their researchers don't get the background checks that civil servants do

0
0
Linux

Leaked memo says Conficker pwns Parliament

"...Conficker pwns Parliament"

Conflicker has to get in the queue after the US gov. and MS.

0
0
DS
Flame

MS08-067

http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

Been available since Published: October 23, 2008

Anyone thinking this does not need application, or hardline enforcement is an idiot and should be fired. Anyone not knowing what it is (and holding post in IT) should be fired. Anyone witless enough to do nothing, and let this thing burn needs to be fired.

It's a windows RPC attack vector, it was from day zer0 worm-able and was ALWAYS going to be a worm, and everyone knew it.

Nothing should be on the network with out it being applied.

Anyone running the network/security not enforcing it should be fired.

Any Person/MP breaking the security rules, principles, and policies should have access removed.

Seeing as these assholes believe in taking away their citizens cars for not paying duty, they can suffer having their equipment crushed for placing the country's government network at risk, a far greater crime than Johnny sixpack not paying road tax.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250

Has been available for examination since 2008.

Tool for helping cleaning up the huge mess that should never have existed

http://www.bdtools.net/

All that being said, expecting these cretins, who are the worst government in modern history, who dream up and scheme and implement destruction of everything worthwhile, while enacting their own 1984 programme, to know what they are actually doing, to know how to manage anything, or do anything the right way is our fault. These witless idiots need to be gone, and anyone supporting them, their antics, bullshit, lies, 'ID cards' and all the rest of their crap, and the sooner these type of things are fully published to show their utter witless, pointless, enormously wasteful stupdity, the better.

0
0
Boffin

@signature for the non-A/V crowd?

===

By Anonymous Coward Posted Friday 27th March 2009 15:02 GMT

Linux

Is there a way to see if you are infected with Conficker if you don't have (current) A/V software installed? I'm in AC mode because my in-laws are the Windoze users, and they haven't updated their A/V in at least a year. I'd like to see if they are clean or not, but I don't have A/V myself because I'm an all-Linux shop.

Somewhere I remember reading that various Linux-based live CDs had been spun as A/V scanners; pointers?

===

Plenty of pointers if you google 'Linux Live CD Virus Scan'.

Personally i've used Knoppicillin (Knoppix-based live cd with several scanners available, unfortunately there's no online source to get the disc from. It's spun once in a while and delivered with a magazine subscription to C't Magazine)

And i've used Trinity Rescue Kit: http://trinityhome.org/Home/index.php?wpid=1&front_id=12

Which also features multiple scanners. Both distros are also capable of online updates.

If you don't feel like downloading yet another ISO, maybe this is useful:

http://njlinux.blogspot.com/2008/01/virus-scan-windows-using-linux-live-cd.html

0
0
N
Bronze badge

Incompetence

On a biblical scale

& a reflection of the complete utter shambles this pack of amateurs who 'run' the country are

0
0
Silver badge
Dead Vulture

@AC:signature for the non-A/V crowd

This might help

http://trinityhome.org/Home/index.php?wpid=1&front_id=12

Quote:

"New features include a home brewed very powerful PC cloning tool, boot TRK from a TRK over PXE, more hardware support with kernel 2.6.26, completely rewritten winpass, another extra virusscan engine (Vexira), making a total of 5 scan engines, 2 rootkit detection utils and lots more utils and bugfixes. "

I have not tried this yet but it looks good.

Another place to look:

http://www.livecdlist.com/

0
0
Anonymous Coward

Ummm OK

The memo made "suggestions" and the language seems to indicate that the IT department of UK.gov are a bunch of spineless (and potentially clueless) morons. Really regardless of what environment I've been in (and yes I've worked government contracts) security policies were never a fucking SUGGESTION to anyone regardless of rank, status, position, etc etc. Those policies were policies across the board period full stop end of story no matter who you were. If this memo is indeed genuine then it explains everything regarding your governments inability to safeguard your data along with a whole host of IT related gaffes over the years.

BTW as much as I hate to do it (and believe me I detest MS as much if not more than the next guy), however this memo indicates the issue is not one of the OS they are running. It's an issue of utterly moronic network/PC/server/user managment. Were they running an all Linux environment the IT staff probably would have every user system and server running as root with 'password' as the password.

Now I've been reading El Reg for a long time and can attest to the fact that you lot have some really bright IT minded people on your side of the pond. So why does it appear that only brain dead ass kissers are in charge of all the government systems? Come on guys and gals time to step up and send in your CV's.

0
0
Anonymous Coward

The revenge of labour on the people of the UK

has to stop :) If they cannot secure their own systems, they should not be trusted to hold data on anyone.

Wake me up when the revolution gets into full swing.

0
0
Joke

APRIL FOOLS!!!!

It's all a big April fools joke, a message will pop up on all the computers saying Wiping Hard Drive........... and then go APRIL FOOLS!!!!! and uninstall it self. All without too much of a hitch.

0
0
Anonymous Coward

Huh?

Why are you using non-words in your headlines that some of us have never heard of?

0
0
Silver badge
Flame

I blame MIcrosoft, again.

Another bit of Microsoft stupidity, autorun.inf, which they are finally trying to kill off after a couple of decades of spreading viruses and malware.

Microsoft is to secure software what the Pope is to safe sex.

0
0
Stop

Don't blame the techies.

I worked in a government department once. All the IT staff knew what needed to be done to keep the system secure. The problem was management didn't want the hassle of telling people "No", so just told the IT crowd to shut up and do what the loosers wanted.

There have been a lot of negative or derogatory comments about PICT. Several people have pointed out the nature of the IT setup at Parliament. It sounds like PICT are working in IT support hell. Give the support guys & gals a break. Instead, direct your anger at the managers who allow the situation to arise in the first place 'cause they refused to say "No"

A/C - 'Cause I don't want to burn bridges

0
0

Windows for Warships?

How 'bout them nukular submarine thangs? All locked down? (Actually, does the UK actually have any boats not sitting with burned up turbines or other issues right now?)

0
0
Thumb Up

Oh Nooooo!

Better ban viruses.

Oh, and set up a database to track them all.

Every virus must have an ID card. That'll stop them!

And can we block their web site?

Or maybe we could tax them?

0
0
Flame

Here's a thought...

Push down a policy disabling autoruns on all drives for all systems. Something I've been trying to get my company to do for the last year or so. How hard is that? Bang---one vector of infection gone (unless someone is stupid enough to find the virus file on their flash drive and manually run it)

0
0
Jobs Halo

Use a Mac

Well lets face it the solution is to ensure that MP's use Mac's.

Totally impervious to current hacks and will also mean that IT staff in parliament are out of a job!

Saves money in the long run 11

0
0
Anonymous Coward

Hardly a shock...

TfL has been suffering because of it for months...

But at least you can now give a knowing smile when you see the station display board go on the fritz.

Anon, well the fact their IT is is running even worse than their buses on a snowy day is supposed to be a secret!

0
0
Anonymous Coward

MS08-067

Perhaps they were slow to deploy this?

Perhaps they have not even deployed it yet?

0
0
Unhappy

Have a look at the graphic here

http://blogs.technet.com/mmpc/archive/2009/01/13/msrt-released-today-addressing-conficker-and-banload.aspx

Are our Parliamentary machines so poorly protected?

If they are - its unbelievable.

0
0
DS
Flame

Push down a policy on autorun

Problem is the prime attack vector is via RPC, and requires MS08-67 to be applied to block that.

When examined, the MS suggestion on blocking autorun was found to be fallable and another patch has had to be issued to make a policy stopping autorun work as expected.

I'll say it again, for simplicity.

MS08-67 was one of those patches, that is a zero day biggy. One that everyone reads/takes notice, starts patching. Its not a maybe. Its not a do we, don't we, its a gold plated fix and patch NOW. And that was in oct 2008. Not deploying it, was not an option. It was never an option. Seeing companies go down to downadup and conflicker is simply amazing. People need firing.

People need to be fired over this, just as people have always needed to be fired for handing out admin rights on windows boxes like confetti. THE largest problem with Windows is that its treated by every tom, dick, and harry like a playground, l want it like my home computer blah blah. And everyone persist with idocy like I want admin rights, and I don't need to patch and secure. Heads need to roll, and people need to put security first over giving everyone what they want.

Any company where unpatched boxes are common, and where you get something like conflicker/downadup happening is a fire the head of IT incident, fire the Dirtector responsible for IT/security and compliance, and drag the board together and demand serious, ground up changes.

Its time that in the case of public sector networks, this kind of negligence resulted in people being fired and cases brought for negligence against the senior management responsible.

0
0
Paris Hilton

Conficker = FAIL

Is "slow for most of the week" the best you (or Conficker) can come up with?

FAIL

FAIL

FAIL

Doing a high-profile grafitto is the *very least* expected for any measure of acknowledgement, anything less is FAIL territory and means we can laugh at the dickhead who programmed Conficker. Good job on getting the media to spread the FUD though!!

Paris, because she's weeping at how pathetic Conficker is.

0
0
Silver badge
Linux

@signature for the non-A/V crowd?

I use the Trend Micro Housecall site for situations such as that. The site d'loads a Java or <shudder>ActiveX scan engine and does a full system check

0
0

Page:

This topic is closed for new posts.