Its not looking good for xmas
with those little pinko commie sugar ones!
A US Department of Commerce agency has been chastised for spunking $2.7m chasing down a supposed major malware infection that was actually limited to a handful of PCs. The Economic Development Administration adopted a scorched earth policy - isolating itself from the internet before destroying more than $170,000 worth of …
The sad thing is, there is a limited case to be made for scrutinising HIDs as possible malware vectors or security concerns (see for example this story from a couple of years ago).
I don't for one second believe that the idiots responsible for this could even spell HID, though, much less explain why you'd need to check whether they were possible attack vectors...
No, but the protocol for disinfection might very well have been written by the head of facilities. That sort of stuff isn't uncommon. In the business I work in we deal with many government clients, and our counterparts are often IT people who are subordinates to facilities and whose bosses are facilities people. Guess who calls the shots?
In related news, I knew someone who worked at a contractor that did this work. His job was to smash processors which had handled confidential information to ensure data safety. I'm not joking at all. As a bit of a computer nerd himself, he said some days he'd get in a palette of high end Xeons and just wanted to cry when he got handed the hammer.
Ever heard of "burn pits"?
1) Make big hole in the Iraqi desert
2) Contractor carries in brand-new IT gear at enormous cost (fuel, transport, security, fresh trucks, bribes...)
3) Turns out this is "surplus" gear
4) Off to the pit it goes
5) Douse in diesel, light it
As a side effect, military personnel's cancer risk is heightened to "pretty much a certainty", but you can't burn them too, right?
The best way to handle this would have been to remove the chairs and associated components from the office.
While this was incredibly stupid and highlights the failures inherent in a seniority based HR system, the DHS CERT system is a steamy pile of crap too. The warning notices are scary as hell and far, far too frequent. There is simply no need for the system to be so incredibly prone to false positives.
This government department cut itself off from the rest of the world, killed its email servers and then started scrapping everything. Did it have any adverse impact on their effectiveness? It seems not. It looks like the moral of the story is that this is just another pointless government bureaucracy. Perhaps the kindest thing would be to kill it off..
I witnessed the 'destruction' of some govt IT kit once (a dozen or so OptiPlex boxes). They cut the power cords off and sat them, still full of components, on the curb for pickup with the trash. They were gone within 20mins as here in the U.S. it is pretty much a tradition that anything on the curb that isn't bagged is free for the taking. All they needed was new standard power cables...
I wasn't the one who took them.
"...here in the U.S. it is pretty much a tradition that anything on the curb that isn't bagged is free for the taking"
Sounds OK to me. The old kit gets informally recycled. Perhaps overwriting the hard drives first would have been a good idea. Still some good to society as a whole.
I suspect that in the case in the original article, the 'components' would have been hammered with a mallet or properly disposed of alas.
The tramp: I buy recycled computers.
I've got no problem with what they did. The drives certainly weren't wiped though, I watched the crew come in and cart them to the street. That's kinda dodgy, but the office doesn't deal with citizens so I guess no real harm could be done. My issue was with the fact 'disposal' was on the service agreement and (my) tax dollars went to pay for it.
I love recycled tech though! My very first plotter was a throwaway from my high school. Used it all the way through college. My presentations kicked ass.
"EDA's CIO, fearing that the agency was under attack from foreign cyber-intelligence, isolated its systems from the net and initiated the policy of physical destruction."
Worryingly there is no mention of anyone losing their job over this. The fact that a department of almost 170 people doesn't seem to have one competent computer user in the lot makes me wonder what they do with an IT budget of nearly $6 million.
Government. Is it too late to start over?
that's because there are no certification tools available to test for un-authorized programming. Wolfgang Stiller (Stiller Research) taught us how to do it with his Integrity Master product
you boot from a separate read-only media and make a list of all the software on the subject machine. include CRC, date, and size of modules. check this list against what is supposed to be there. if you have what you're suppose to have, not of it changed, and nothing extra you are good to go.
it will take an FTC rule to force the industry to adopt this practice. a better practice is to stop using vulnerable operating software
There is a Department of Interior office not far from me that has four employees, five PC's, a large format scanner and a printer with an annual IT budget of $620k. The printer consumables come from a different, non IT, cost line so I've never figured out what they're doing with the funds.
Biting the hand that feeds IT © 1998–2019