back to article US gov SMASHES UP TVs and MICE to nuke tiny malware outbreak

A US Department of Commerce agency has been chastised for spunking $2.7m chasing down a supposed major malware infection that was actually limited to a handful of PCs. The Economic Development Administration adopted a scorched earth policy - isolating itself from the internet before destroying more than $170,000 worth of …

COMMENTS

This topic is closed for new posts.

Page:

  1. Tom 7

    Its not looking good for xmas

    with those little pinko commie sugar ones!

  2. Jess

    Someone has been watching transformers

    and using it as reference material.

  3. Anonymous Coward
    FAIL

    WOW !

    That must have been one hell of a virus !

    Being able to infect mice keyboards tv's etc....

    1. Terry 6 Silver badge
      Facepalm

      Re: WOW !

      Never mind the mice. Now what are they going to do with all those cats they had to buy?

    2. Captain Underpants
      Boffin

      Re: WOW !

      @malle-herbert:

      The sad thing is, there is a limited case to be made for scrutinising HIDs as possible malware vectors or security concerns (see for example this story from a couple of years ago).

      I don't for one second believe that the idiots responsible for this could even spell HID, though, much less explain why you'd need to check whether they were possible attack vectors...

      1. frank ly

        Re: WOW !

        Any biologist, even a student, will tell you that mice can harbour a variety of viruses. Sometimes, an interdisciplinary approach is needed.

  4. Nifty Silver badge

    yes but no but

    correct up to a point

    http://www.infoworld.com/t/insider-threats/security-company-infects-clients-network-trojan-mouse-576

  5. Thomas 4

    It's not an unreasonable course of action

    "Well, we can either destroy a whole bunch of expensive IT equipment, or we could install Norton AntivIrus on them."

    "Pass me the sledgehammer."

    1. ukgnome

      Re: It's not an unreasonable course of action

      "or we could install Norton AntivIrus on them."

      What have they ever done to deserve that?

    2. BristolBachelor Gold badge
      Joke

      Re: It's not an unreasonable course of action

      It's possible that the equipment could even still be used for something after the sledgehammer treatment. After Norton however, well...

    3. Sorry that handle is already taken. Silver badge

      Re: It's not an unreasonable course of action

      I hope they carefully disposed of the sledgehammers when they were done.

  6. Miek
    Facepalm

    Did someone give the disinfection job to the janitor or something ?

    1. Michael Thibault

      Whoever got the job, they were extremely well-paid! What can you do to a couple hundred computers and associated peripherals over the course of five weeks--or even a year--that genuinely warrants the best part a million dollars?

      1. Graham Marsden
        Devil

        I think the BofH would have loved the job (and the excuse to upgrade all the systems in Mission Control...!)

    2. Arthur 1

      No, but the protocol for disinfection might very well have been written by the head of facilities. That sort of stuff isn't uncommon. In the business I work in we deal with many government clients, and our counterparts are often IT people who are subordinates to facilities and whose bosses are facilities people. Guess who calls the shots?

      In related news, I knew someone who worked at a contractor that did this work. His job was to smash processors which had handled confidential information to ensure data safety. I'm not joking at all. As a bit of a computer nerd himself, he said some days he'd get in a palette of high end Xeons and just wanted to cry when he got handed the hammer.

  7. paulc

    ah yes, the wonders of Windows...

    n/t

  8. dougal83

    You'd have to be mentally compromised to think that destroying hardware a cost effective solution. How far would they go to waste money? Buy Apple replacements?! arg?!

    1. Destroy All Monsters Silver badge
      Devil

      Ever heard of "burn pits"?

      1) Make big hole in the Iraqi desert

      2) Contractor carries in brand-new IT gear at enormous cost (fuel, transport, security, fresh trucks, bribes...)

      3) Turns out this is "surplus" gear

      4) Off to the pit it goes

      5) Douse in diesel, light it

      As a side effect, military personnel's cancer risk is heightened to "pretty much a certainty", but you can't burn them too, right?

  9. Nigel 11

    Someone saw a way to get all their ancient PCs replaced with brand new ones.

    1. Jess--

      This is probably more accurate...

    2. Fading
      Thumb Up

      Definitely possible

      I know we used the Y2K thing as an excuse to upgrade the rusty 486's we had lying around.

    3. Michael H.F. Wilkinson Silver badge
      Pint

      "Someone saw a way to get all their ancient PCs replaced with brand new ones."

      Someone who is called Simon, maybe

      Pass me the sledgehammer and the cattle prod please

      What, no BOFH icon? OK, off to the pub then

      1. auburnman
        Happy

        I was just thinking this sounded like the magnum opus of a bored BOFH... The question is, who did they trick into destroying all that kit, and how had that scapegoat wronged our (anti)hero?

    4. Eddy Ito

      Or Christmas gifts for the children of the whole department.

      - "What happened to all the expensive computer equipment?"

      - "Uh, it, ah, had a virus. Yup, it had a virus all right, so uh, we, ah, had to um, smash it! Yeah that's it, smash it to bits."

    5. Robert Helpmann??
      Childcatcher

      New PCs for Old

      Someone saw a way to get all their ancient PCs replaced with brand new ones.

      The way to tell is if a lot of folks lose their jobs over this... unless someone decides to do other kinds of housecleaning, too.

  10. Don Jefe

    Still Infected

    The best way to handle this would have been to remove the chairs and associated components from the office.

    While this was incredibly stupid and highlights the failures inherent in a seniority based HR system, the DHS CERT system is a steamy pile of crap too. The warning notices are scary as hell and far, far too frequent. There is simply no need for the system to be so incredibly prone to false positives.

  11. M.D.
    Joke

    April 1st...

    Clearly, the EDA needs to get its PR together, they are over 3 months late with this April Fools' gag.

    Hang on, you mean it's real?............

  12. CuriousChicken

    Root Cause

    Probably contained in the last two lines of the story.

  13. Anonymous Coward
    Anonymous Coward

    Just checking this isn't Friday

    Oh, no. This isn't a BOFH episode after all.

    Never let a third world country loose with IT, no matter how rich it is.

  14. Anonymous Coward
    Anonymous Coward

    Nuke it from orbit

    Its the only way to be sure

  15. Christoph

    When in danger or in doubt

    Run in circles, scream and shout

  16. RainForestGuppy

    Not gone far enough

    "Take Off and nuke the entire site from Orbit... Only way to be sure."

    There is always an Aliens quote for all eventualities

    .

    1. Anonymous Coward
      Anonymous Coward

      Re: Not gone far enough

      However it seems that some agencies are using the SAME aliens quote for EVERY occasion..

      - Couple of guys with AK47's causing trouble?

      - Tin pot dictator saying nasty things?

      - Economy slow?

  17. Conrad Longmore

    Nothing of value was lost

    This government department cut itself off from the rest of the world, killed its email servers and then started scrapping everything. Did it have any adverse impact on their effectiveness? It seems not. It looks like the moral of the story is that this is just another pointless government bureaucracy. Perhaps the kindest thing would be to kill it off..

  18. taxman

    CIO says

    JFDI - so they did.

    Clever CIO

  19. Anonymous Coward
    Anonymous Coward

    So, 250 computers and a viral infection.

    Where I work, we charge 50$ to remove viruses from a computer. That's 12500$ to have the ENTIRE park cleaned up. 2.7 millions?????? all I can say is wow ...

  20. Anonymous Coward
    Anonymous Coward

    That explains the long times...

    That explains the long times between BOFH updates - Simon has emigrated to the US. I wonder if he will change his cattleprod out for something stronger....

  21. Kubla Cant
    Unhappy

    Contract

    The agency hired an outside security contractor, at an eventual cost of $823,000

    Why don't I get contracts like this?

    1. Don Jefe

      Re: Contract

      Because you're not blowing/golfing/bribing the right agency chiefs. For many 'emergency' issues like this the agencies don't have to go through a bidding process so they can choose who gets the contracts. It is dodgy as hell.

      1. BristolBachelor Gold badge
        Joke

        Re: Contract

        With a name like Don Jefe, wouldn't you stick lots of notes in an envelope marked "donation" and give it to a party political (PP) treasurer? Then when it comes to contract time...

    2. Tom 35

      Re: Contract

      Your not some ones brother in law?

  22. alain williams Silver badge

    Out source the destruction

    ''No need to get the office carpet dirty by destroying them here. My brother in law runs a secure destruction facility, he will do it for you and give you a certificate to say that it is done.''

    A couple of weeks later: loads of reconditioned PCs spring up on Ebay.

    1. Don Jefe

      Re: Out source the destruction

      I witnessed the 'destruction' of some govt IT kit once (a dozen or so OptiPlex boxes). They cut the power cords off and sat them, still full of components, on the curb for pickup with the trash. They were gone within 20mins as here in the U.S. it is pretty much a tradition that anything on the curb that isn't bagged is free for the taking. All they needed was new standard power cables...

      I wasn't the one who took them.

      1. keithpeter Silver badge
        Windows

        Re: Out source the destruction

        "...here in the U.S. it is pretty much a tradition that anything on the curb that isn't bagged is free for the taking"

        Sounds OK to me. The old kit gets informally recycled. Perhaps overwriting the hard drives first would have been a good idea. Still some good to society as a whole.

        I suspect that in the case in the original article, the 'components' would have been hammered with a mallet or properly disposed of alas.

        The tramp: I buy recycled computers.

        1. Don Jefe
          Happy

          Re: Out source the destruction

          I've got no problem with what they did. The drives certainly weren't wiped though, I watched the crew come in and cart them to the street. That's kinda dodgy, but the office doesn't deal with citizens so I guess no real harm could be done. My issue was with the fact 'disposal' was on the service agreement and (my) tax dollars went to pay for it.

          I love recycled tech though! My very first plotter was a throwaway from my high school. Used it all the way through college. My presentations kicked ass.

  23. Vladimir Plouzhnikov

    They had no choice

    They tried to inject vaccine in the USB ports but it didn't work - the cull was the only option to contain the disease...

  24. mIRCat
    Windows

    You want MORE money to destroy things?

    "EDA's CIO, fearing that the agency was under attack from foreign cyber-intelligence, isolated its systems from the net and initiated the policy of physical destruction."

    Worryingly there is no mention of anyone losing their job over this. The fact that a department of almost 170 people doesn't seem to have one competent computer user in the lot makes me wonder what they do with an IT budget of nearly $6 million.

    Government. Is it too late to start over?

    1. Destroy All Monsters Silver badge
      Big Brother

      Re: You want MORE money to destroy things?

      Yes, it is *way* too late. There are no brakes on this fail train.

      But clearly the cyberwar hypegasm is yielding fruit.

      "EDA, which promotes economic development in underperforming US regions"

      ...such as itself.

  25. mike acker

    that's because there are no certification tools available to test for un-authorized programming. Wolfgang Stiller (Stiller Research) taught us how to do it with his Integrity Master product

    you boot from a separate read-only media and make a list of all the software on the subject machine. include CRC, date, and size of modules. check this list against what is supposed to be there. if you have what you're suppose to have, not of it changed, and nothing extra you are good to go.

    it will take an FTC rule to force the industry to adopt this practice. a better practice is to stop using vulnerable operating software

  26. Alan Brown Silver badge

    250 computers

    worth $3million, 170 staff., $5.4 million IT budget.

    Talk about missing the elephant in the room.

Page:

This topic is closed for new posts.

Other stories you might like