Feeds

back to article US gov SMASHES UP TVs and MICE to nuke tiny malware outbreak

A US Department of Commerce agency has been chastised for spunking $2.7m chasing down a supposed major malware infection that was actually limited to a handful of PCs. The Economic Development Administration adopted a scorched earth policy - isolating itself from the internet before destroying more than $170,000 worth of …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge

Its not looking good for xmas

with those little pinko commie sugar ones!

0
0
Bronze badge

Someone has been watching transformers

and using it as reference material.

4
0
Silver badge
FAIL

WOW !

That must have been one hell of a virus !

Being able to infect mice keyboards tv's etc....

18
0
Bronze badge
Facepalm

Re: WOW !

Never mind the mice. Now what are they going to do with all those cats they had to buy?

6
0
Boffin

Re: WOW !

@malle-herbert:

The sad thing is, there is a limited case to be made for scrutinising HIDs as possible malware vectors or security concerns (see for example this story from a couple of years ago).

I don't for one second believe that the idiots responsible for this could even spell HID, though, much less explain why you'd need to check whether they were possible attack vectors...

5
0
Silver badge

Re: WOW !

Any biologist, even a student, will tell you that mice can harbour a variety of viruses. Sometimes, an interdisciplinary approach is needed.

3
0
Bronze badge

yes but no but

correct up to a point

http://www.infoworld.com/t/insider-threats/security-company-infects-clients-network-trojan-mouse-576

2
0

It's not an unreasonable course of action

"Well, we can either destroy a whole bunch of expensive IT equipment, or we could install Norton AntivIrus on them."

"Pass me the sledgehammer."

42
0
Silver badge

Re: It's not an unreasonable course of action

"or we could install Norton AntivIrus on them."

What have they ever done to deserve that?

5
1
Gold badge
Joke

Re: It's not an unreasonable course of action

It's possible that the equipment could even still be used for something after the sledgehammer treatment. After Norton however, well...

11
1
Silver badge

Re: It's not an unreasonable course of action

I hope they carefully disposed of the sledgehammers when they were done.

2
0
Silver badge
Facepalm

Did someone give the disinfection job to the janitor or something ?

3
1
Bronze badge

Whoever got the job, they were extremely well-paid! What can you do to a couple hundred computers and associated peripherals over the course of five weeks--or even a year--that genuinely warrants the best part a million dollars?

7
0
Silver badge
Devil

I think the BofH would have loved the job (and the excuse to upgrade all the systems in Mission Control...!)

0
0

No, but the protocol for disinfection might very well have been written by the head of facilities. That sort of stuff isn't uncommon. In the business I work in we deal with many government clients, and our counterparts are often IT people who are subordinates to facilities and whose bosses are facilities people. Guess who calls the shots?

In related news, I knew someone who worked at a contractor that did this work. His job was to smash processors which had handled confidential information to ensure data safety. I'm not joking at all. As a bit of a computer nerd himself, he said some days he'd get in a palette of high end Xeons and just wanted to cry when he got handed the hammer.

2
0
Bronze badge

ah yes, the wonders of Windows...

n/t

7
11

You'd have to be mentally compromised to think that destroying hardware a cost effective solution. How far would they go to waste money? Buy Apple replacements?! arg?!

9
1
Silver badge
Devil

Ever heard of "burn pits"?

1) Make big hole in the Iraqi desert

2) Contractor carries in brand-new IT gear at enormous cost (fuel, transport, security, fresh trucks, bribes...)

3) Turns out this is "surplus" gear

4) Off to the pit it goes

5) Douse in diesel, light it

As a side effect, military personnel's cancer risk is heightened to "pretty much a certainty", but you can't burn them too, right?

1
0
Silver badge

Someone saw a way to get all their ancient PCs replaced with brand new ones.

27
0

This is probably more accurate...

4
0
Thumb Up

Definitely possible

I know we used the Y2K thing as an excuse to upgrade the rusty 486's we had lying around.

2
0
Silver badge
Pint

"Someone saw a way to get all their ancient PCs replaced with brand new ones."

Someone who is called Simon, maybe

Pass me the sledgehammer and the cattle prod please

What, no BOFH icon? OK, off to the pub then

3
0
Silver badge
Happy

I was just thinking this sounded like the magnum opus of a bored BOFH... The question is, who did they trick into destroying all that kit, and how had that scapegoat wronged our (anti)hero?

4
0
Silver badge

Or Christmas gifts for the children of the whole department.

- "What happened to all the expensive computer equipment?"

- "Uh, it, ah, had a virus. Yup, it had a virus all right, so uh, we, ah, had to um, smash it! Yeah that's it, smash it to bits."

2
0
Bronze badge
Childcatcher

New PCs for Old

Someone saw a way to get all their ancient PCs replaced with brand new ones.

The way to tell is if a lot of folks lose their jobs over this... unless someone decides to do other kinds of housecleaning, too.

0
0
Silver badge

Still Infected

The best way to handle this would have been to remove the chairs and associated components from the office.

While this was incredibly stupid and highlights the failures inherent in a seniority based HR system, the DHS CERT system is a steamy pile of crap too. The warning notices are scary as hell and far, far too frequent. There is simply no need for the system to be so incredibly prone to false positives.

6
1
Joke

April 1st...

Clearly, the EDA needs to get its PR together, they are over 3 months late with this April Fools' gag.

Hang on, you mean it's real?............

0
0

Root Cause

Probably contained in the last two lines of the story.

0
0
Anonymous Coward

Just checking this isn't Friday

Oh, no. This isn't a BOFH episode after all.

Never let a third world country loose with IT, no matter how rich it is.

8
1
Anonymous Coward

Nuke it from orbit

Its the only way to be sure

4
0
Silver badge

When in danger or in doubt

Run in circles, scream and shout

6
0

Not gone far enough

"Take Off and nuke the entire site from Orbit... Only way to be sure."

There is always an Aliens quote for all eventualities

.

1
0
Anonymous Coward

Re: Not gone far enough

However it seems that some agencies are using the SAME aliens quote for EVERY occasion..

- Couple of guys with AK47's causing trouble?

- Tin pot dictator saying nasty things?

- Economy slow?

1
0

Nothing of value was lost

This government department cut itself off from the rest of the world, killed its email servers and then started scrapping everything. Did it have any adverse impact on their effectiveness? It seems not. It looks like the moral of the story is that this is just another pointless government bureaucracy. Perhaps the kindest thing would be to kill it off..

12
0

CIO says

JFDI - so they did.

Clever CIO

0
0
Anonymous Coward

So, 250 computers and a viral infection.

Where I work, we charge 50$ to remove viruses from a computer. That's 12500$ to have the ENTIRE park cleaned up. 2.7 millions?????? all I can say is wow ...

4
0
Anonymous Coward

That explains the long times...

That explains the long times between BOFH updates - Simon has emigrated to the US. I wonder if he will change his cattleprod out for something stronger....

0
0
Silver badge
Unhappy

Contract

The agency hired an outside security contractor, at an eventual cost of $823,000

Why don't I get contracts like this?

3
0
Silver badge

Re: Contract

Because you're not blowing/golfing/bribing the right agency chiefs. For many 'emergency' issues like this the agencies don't have to go through a bidding process so they can choose who gets the contracts. It is dodgy as hell.

2
0
Silver badge

Re: Contract

Your not some ones brother in law?

1
1
Gold badge
Joke

Re: Contract

With a name like Don Jefe, wouldn't you stick lots of notes in an envelope marked "donation" and give it to a party political (PP) treasurer? Then when it comes to contract time...

1
0
Silver badge

Out source the destruction

''No need to get the office carpet dirty by destroying them here. My brother in law runs a secure destruction facility, he will do it for you and give you a certificate to say that it is done.''

A couple of weeks later: loads of reconditioned PCs spring up on Ebay.

5
0
Silver badge

Re: Out source the destruction

I witnessed the 'destruction' of some govt IT kit once (a dozen or so OptiPlex boxes). They cut the power cords off and sat them, still full of components, on the curb for pickup with the trash. They were gone within 20mins as here in the U.S. it is pretty much a tradition that anything on the curb that isn't bagged is free for the taking. All they needed was new standard power cables...

I wasn't the one who took them.

3
0
Bronze badge
Windows

Re: Out source the destruction

"...here in the U.S. it is pretty much a tradition that anything on the curb that isn't bagged is free for the taking"

Sounds OK to me. The old kit gets informally recycled. Perhaps overwriting the hard drives first would have been a good idea. Still some good to society as a whole.

I suspect that in the case in the original article, the 'components' would have been hammered with a mallet or properly disposed of alas.

The tramp: I buy recycled computers.

1
0
Silver badge
Happy

Re: Out source the destruction

I've got no problem with what they did. The drives certainly weren't wiped though, I watched the crew come in and cart them to the street. That's kinda dodgy, but the office doesn't deal with citizens so I guess no real harm could be done. My issue was with the fact 'disposal' was on the service agreement and (my) tax dollars went to pay for it.

I love recycled tech though! My very first plotter was a throwaway from my high school. Used it all the way through college. My presentations kicked ass.

0
0
Silver badge

They had no choice

They tried to inject vaccine in the USB ports but it didn't work - the cull was the only option to contain the disease...

2
0
Windows

You want MORE money to destroy things?

"EDA's CIO, fearing that the agency was under attack from foreign cyber-intelligence, isolated its systems from the net and initiated the policy of physical destruction."

Worryingly there is no mention of anyone losing their job over this. The fact that a department of almost 170 people doesn't seem to have one competent computer user in the lot makes me wonder what they do with an IT budget of nearly $6 million.

Government. Is it too late to start over?

5
0
Silver badge
Big Brother

Re: You want MORE money to destroy things?

Yes, it is *way* too late. There are no brakes on this fail train.

But clearly the cyberwar hypegasm is yielding fruit.

"EDA, which promotes economic development in underperforming US regions"

...such as itself.

5
0

that's because there are no certification tools available to test for un-authorized programming. Wolfgang Stiller (Stiller Research) taught us how to do it with his Integrity Master product

you boot from a separate read-only media and make a list of all the software on the subject machine. include CRC, date, and size of modules. check this list against what is supposed to be there. if you have what you're suppose to have, not of it changed, and nothing extra you are good to go.

it will take an FTC rule to force the industry to adopt this practice. a better practice is to stop using vulnerable operating software

1
0
Silver badge

250 computers

worth $3million, 170 staff., $5.4 million IT budget.

Talk about missing the elephant in the room.

4
0

Page:

This topic is closed for new posts.