back to article US mega-hack: White House orders govt IT to do what it should have done in the first place

In response to this week's data breach at the US Office of Personnel Management, the White House has ordered federal agencies to immediately deploy state-of-the-art anti-hacker defenses – things like installing security patches, and not giving everyone the admin password. This groundbreaking cyber-edict comes after dossiers …

Page:

  1. Cirdan
    FAIL

    Well, THERE'S your PROBLEM....

    Microsoft Windows, Apple OS X, Linux, Unix, BSD...

    It doesn't matter.

    PEBCAK

    ...Cirdan...

    Of course, administrative decisions hobble those in the trenches...

    1. Anonymous Coward
      Anonymous Coward

      Re: Well, THERE'S your PROBLEM....

      "If the White House's top tips on cyber-security really are news to government IT admins, the hackers needn't have bothered burning such a precious tool."

      That's the problem right there. machines don't lie and people do.

      Your unpatched, unaudited, unchanged password chickens will eventually come home to roost.

      My new cyber-security company, GetAClue Inc. will help fix all that. It will start by firing all the people whose details were leaked, on the grounds of National Security. Then we will hire some Indians, Vietnamese, Chinese and Mexicans to sort it all out. Kerching!

      1. Anonymous Coward
        Anonymous Coward

        Re: Well, THERE'S your PROBLEM....

        "Then we will hire some Indians, Vietnamese, Chinese and Mexicans to sort it all out. Kerching!"

        You didn't sound like a tool until that last line. Idiot

        1. Anonymous Coward
          Anonymous Coward

          Re: Well, THERE'S your PROBLEM....

          He actually sounds more like some of the companies that didn't get the bid for beefing up computer security. Or maybe the ones that did.

      2. Anonymous Coward
        Anonymous Coward

        Re: Well, THERE'S your PROBLEM....

        "Then we will hire some Indians, Vietnamese, Chinese and Mexicans to sort it all out. Kerching!"

        What's wrong with you?

    2. lambda_beta
      Linux

      Re: Well, THERE'S your PROBLEM....

      Let's not forget the REAL problem ... software, it sucks. It's a house of cards with no solution in sight. We have patches with fix patches which fix patches etc. And nobody knows which pieces fit with other pieces.

      In order to rush out the latest and greatest to make that almighty buck, we've sacrificed stability and common sense in design and testing. It's the only product you buy which comes with a 'known list of bugs' and nobody cares.

      1. This post has been deleted by its author

      2. itzman
        Boffin

        Re: Well, THERE'S your PROBLEM....

        It's the only product you buy which comes with a 'known list of bugs' and nobody cares.

        Er no, all products now come with a list of 'known bugs' in order to limit legal liability.

        This microwave oven is unsuitable for the drying of pets.

        Your mileage may vary.

        Only those who buy software even remotely expect perfection, and no one in the engineering and manufacturing industry who has the least idea of the modern ideas of Quality Management expects any product to be perfect without continuous effort devoted to improving it - not till its perfect, but until all known and serious flaws have been identified fixed or documented into a 'limitations of use' type tome

        1. lambda_beta
          Linux

          Re: Well, THERE'S your PROBLEM....

          Please, you cannot compare, bugs are things that don't make the product work or not work as advertized. Drying of pets in a microwave is not the same, it's not a bug. Having the microwave stop working for certain foods made by certain manufactures is a bug. Mileage varies on how you drive and where (city or highway), it's not a bug.

        2. cortland

          Re: Well, THERE'S your PROBLEM....

          Don't forget Pratchett's memorable "May contain nuts" or, in this case, actually BE "nuts."

        3. Cynic_999

          Re: Well, THERE'S your PROBLEM....

          "

          It's the only product you buy which comes with a 'known list of bugs' and nobody cares.

          Er no, all products now come with a list of 'known bugs' in order to limit legal liability.

          "

          I'll add to that and say that your average washing machine is not equipped to detect and deal with malicious attackers who go house-to-house secretly loosening bolts and rewiring all the appliances.

          Software bugs are really not the main problem here.

    3. Anonymous Coward
      Anonymous Coward

      Re: Well, THERE'S your PROBLEM....

      There's a story that the employee union fought against earlier attempts to implement security measures...

      1. James Loughner
        Mushroom

        Re: Well, THERE'S your PROBLEM....

        "There's a story that the employee union fought against earlier attempts to implement security measures..."

        Republican right wing propaganda

        1. cortland

          Re: Well, THERE'S your PROBLEM....

          Is there currently any other kind of Republican propaganda?

        2. jrwc

          Re: Well, THERE'S your PROBLEM....

          Well, less money spent on security means more spent on fat union members.

  2. Anonymous Coward
    Anonymous Coward

    Fine with me

    The US gov't is the biggest perpetrator of hacking and spying in the world. If they get hacked themselves, they really don't have a leg to stand on, morally speaking.

    I fully expect to be put on some kind of NSA list for posting this.

    1. Anonymous Coward
      Anonymous Coward

      Re: Fine with me

      Don't worry the NSA combines all 'Anonymous' comment together to save file space I'm safe.

    2. Six_Degrees

      Re: Fine with me

      I'm not sure you'll be put on such a list, or if you are whether it will mean anything. The NSA has, so far, failed to detect a single terrorist attack despite its massive surveillance of citizens. Today brings yet another example, as a loon in Dallas with what turns out to be a history of threats and wild-eyed imaginings managed to set bombs off around police headquarters and spray it with gunfire, without a single warning from all that monitoring.

      Honestly, I don't believe terrorist monitoring is the purpose of the NSA. They've taken Hoover and Nixon and their idea of "enemies lists" to a massive extreme, and are far more interested in monitoring political activity, aspirations, and opposition than in keeping the public safe from harm.

      1. Anonymous Coward
        Anonymous Coward

        Re: Fine with me

        >>I'm not sure you'll be put on such a list, or if you are whether it will mean anything. The NSA has, so far, failed to detect a single terrorist attack despite its massive surveillance of citizens.

        Uh, exactly. I'm not a terrorist so I'm sure they'll direct most of their effort to monitoring me.

      2. itzman

        Re: Fine with me

        The NSA has, so far, failed to detect a single terrorist attack despite its massive surveillance of citizens.

        The history of the Uk's involvement with N Ireland terrorism is littered with incidents that made the papers and MI scuttlebutt about what really happened.

        Murders by e.g. the Unionist paramilitaries of (largely unknown) IRA high command.

        The mysterious early detonation of bombs and even weapons caches by 'inept terrorists'

        The way in which the IRA high command eventually turned coats and joined a peace settlement.

        The point about secret intelligence, is that it is secret.

        https://en.wikipedia.org/wiki/Bodyguard_of_Lies

        Is a book worth reading that illustrates just how much of the secret intelligence war of WWII was devoted to disguising how much the secret intelligence agencies had actually penetrated the enemy intelligence systems.

        And how much even when it was published remained secret. And a lot still is.

        The problem with secret agencies is that you have to take them on trust.

        There is an apocryphal story about a newly elected Harold Wilson calling in the heads of the security services and saying 'I am the duly elected representative of this country: Can you tell me the sphere of your operations?'

        "No: Its a matter of national security"

        "And who are you answerable to, if not me?"

        "Can't tell you: National security".

        1. Sir Runcible Spoon

          Re: Fine with me

          ""Can't tell you: National security"."

          To which the correct response should be 'you're fired'.

          1. asdf
            Thumb Up

            Re: Fine with me

            >>""Can't tell you: National security"."

            >To which the correct response should be 'you're fired'.

            Holy crap post of the month.

  3. Eddy Ito
    Facepalm

    --->

    D'OH! Just fucking D'OH!

  4. Anonymous Coward
    Anonymous Coward

    As ye sow...

  5. Mark 85

    Government needs a new department...

    The Department of the Obvious.... The problem with this screw-up is that it won't be the decision makers that pay. It'll be the citizens as always who are collateral damage.

    1. Anonymous Coward
      Anonymous Coward

      Re: Government needs a new department...

      But how can we bootstrap the process? Because it's obvious that a Dept for the Obvious is needed, without that dept already in place no action can be taken!

      We'll just have to trust to the cornerstone of modern US democracy: give an ungodly amount of money to lobbyists, lie back and think of the children.

  6. Herb LeBurger
    FAIL

    Don't worry

    Spying on the American people will prevent this sort of thing.

    1. Anonymous Coward
      Happy

      Not worried

      It already has prevented it, each and every one of all those times it didn't happen. This program says in the last ~240 years of Real Freedom there were about 1.4 x 10^53 Planck times. The spying just has to be worth all that.

  7. Gray
    Alert

    Oh, CRAP! There goes the budget!

    1. three to six months to develop a departmental assessment team and draft an action plan;

    2. six months to vet, recruit, and hire a departmental team of in-house security experts;

    3. ditto the outside consulting team;

    4. six to nine months of developing security objectives, systems flow charts, software initiatives, and hardware procurement timelines;

    5. preliminary submission of department budget requests with security set-asides;

    6. evaluations and promotions of upper level management to oversee security initiatives;

    7; 8; 9; 10 ... need we go on?

    It will be a cold day in Hell before ... ( groan )

    1. Mage Silver badge
      Devil

      Re: Oh, CRAP! There goes the budget!

      Then to save money they will subcontract to an allegedly secure cloud run by Google/Microsoft/Apple/Oracle/IBM or whoever.

      I'd not trust the security of any Cloud Contractor. Try finding out what it is.

  8. Destroy All Monsters Silver badge

    Oh man

    This is going to be ONE TOUGH WEEKEND!

  9. James 51

    Need a movie with Bruce Wills playing the role of Simon who's locked in the White House server room by hackers and he needs to do this stuff to get out.

  10. Destroy All Monsters Silver badge

    Even the Navy has decided to check out the "cyberwarfare" pork barrel. I think a slight rejiggling in priorities is in order.

    1. Ole Juul

      won't hold water

      Even the Navy has decided to check out the "cyberwarfare" pork barrel.

      1. Anonymous Coward
        Anonymous Coward

        Re: won't hold water

        I get a sinking feeling about this.

        1. Anonymous Coward
          Anonymous Coward

          Re: won't hold water

          cyber glug glug glu..........

          1. Anonymous Coward
            Anonymous Coward

            Re: won't hold water

            SYN flood?

  11. Anonymous Coward
    Anonymous Coward

    The other 17 hacker gangs now hate the 18th

    They'd had easy access for years, now some new kids come in knocking things over and (finally) waking up the guard dogs. Probably take them weeks to get new access now!

    1. Anonymous Coward
      Anonymous Coward

      Re: The other 17 hacker gangs now hate the 18th

      Or maybe just get round to changing the admin password?

  12. Christoph

    "aggressive, persistent malicious actors that continue to target our nation’s cyber infrastructure"

    Unlike the shining white knights that the US uses to target everybody else's cyber infrastructure.

  13. All names Taken
    Facepalm

    Consequences?

    Does this mean that any networked computer is not really secure?

    And will data on there get slurped?

    1. Anonymous Coward
      Anonymous Coward

      Re: Consequences?

      Adama was right, you know.

  14. Mark Allen
    Facepalm

    Should have employed Garry McKinnon

    Sounds like nothing changed.

  15. Adam JC

    - Install software patches for critical vulnerabilities "without delay."

    - Use antivirus and check log files for "indicators" of malware infection or intrusion.

    - Start using two-factor authentication.

    - Slash the number of people with administrator-level access and limit what they can do.

    So, as a sysadmin I consider these an absolute necessity (Bar perhaps 2FA) for ALL of my customers... Let alone a federal agency.

    1. Sir Runcible Spoon

      Considering this was a 'hack' and not being reported as an inside job - perhaps they need to be looking at processes with admin rights rather than people.

  16. Trollslayer
    Mushroom

    To use anitvirus

    Did I really read that??!!!

    1. Anonymous Coward
      Anonymous Coward

      Re: To use anitvirus

      It's low hanging fruit.

      You wouldn't believe that my company didn't have any.

      Then we get a cryptolocker hit.

      Get it installed.

      Sounds like BATTLESTATIONS! occur.

  17. The_Idiot

    "Right then...

    ... did you do as I told you and install our made-in-the-US state of the art anti-bad-guy stuff?"

    "Yes, Mr President. We did."

    "Hmmm. But isn't that the stuff we told folks to put, like, back doors and ways in into?"

    "Yes, Mr President - but it's OK. We've taken care of that."

    "Oh? How?"

    "We put big software signs on all the back doors. They say 'US Government secrets behind here. KEEP OUT."

    "Ah. That's alright then. Carry on...."

    1. Mage Silver badge
      Happy

      Re: "Right then...

      In the robots.txt file :-)

  18. wiggers

    Slamming of barn doors...

    ...to the sound of distant hoof-beats.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like