informationliberation
The news you're not supposed to know...




An Introduction to Austrian Economics: Understand Economics, Understand Everything
The Century of the Self: The Untold History of Controlling the Masses Through the Manipulation of Unconscious Desires
The Disappearing Male: From Virility to Sterility

The Obama Deception: The Mask Comes Off
Operation Gladio: The Hidden History of U.S. Sponsored False Flag Terrorism in EuropeThe New American Century: The Untold History of The Project for the New American Century
(more)
Article posted Jul 10 2013, 2:36 AM Category: Economy Source: Techdirt Print

Your Tax Dollars At Work: How Commerce Dept. Spent $2.7 Million Cleaning Out Two Malware-Infected Computers

by Tim Cushing

The cyber-Pearl Harbor is upon us and the only way to defeat it is to sink our own ships at the first sign of invasion. This is the sort of thing that happens when the legislators and advisors with the loudest voices value paranoia over rational strategy. The Department of Commerce, aided by a tragicomic string of errors, managed to almost stamp out its malware problem.
The Commerce Department's Economic Development Administration spent almost half of its IT budget last year to remediate a cyber attack that barely happened.

EDA's drastic steps to limit the damage by shutting down much of the access to the main Herbert Hoover Building network ended up costing the agency more than $2.7 million to clean up and reconfigure its network and computers. The IG said the bureau destroyed more than $170,000 in IT equipment, including desktop computers, printers, keyboards and mice.
Also included in the mass destruction were cameras and TVs. It wasn't just cyber-paranoia that led to this hardware cull. There was plenty of miscommunication too, along with the usual doses of bureaucratic clumsiness. The Inspector General's report breaks down the chain of missteps, which all began with a response team member grabbing the wrong network info.
In an effort to identify infected components, DOC CIRTís (Dept. of Commerce Computer Incident Response Team) incident handler requested network logging information. However, the incident handler unknowingly requested the wrong network logging information... Instead of providing EDA a list of potentially infected components, the incident handler mistakenly provided EDA a list of 146 components within its network boundary. Accordingly, EDA believed it faced a substantial malware infection.
Yes. Much like "Reply" and "Reply All" will both get the job done, only one is the correct choice when firing off a devastating critique of your soon-to-be-former coworkers. The same goes for network logs. One shows you the correct info. The other "indicates" that more than half the EDA's computers are suffering from a malware infection.

DOC CIRT did try to get this fixed, pointing out the error to the handling team and re-running the analysis using the correct network log. Turns out, the original estimate was slightly off.
The HCHB network staff member then performed the appropriate analysis identifying only two components exhibiting the malicious behavior in US-CERTís alert.
This new data in hand, a notification was sent out ostensibly to clear things up, but this too was mishandled so badly someone unfamiliar with bureaucratic ineptitude might be inclined to suspect sabotage.
DOC CIRTís second incident notification did not clearly explain that the first incident notification was inaccurate. As a result, EDA continued to believe a widespread malware infection was affecting its systems.

Specifically, the second incident notification began by stating the information previously provided about the incident was correct. EDA interpreted the statement as confirmation of the first incident notification, when DOC CIRTís incident handler simply meant to confirm EDA was the agency identified in US-CERTís alert. Nowhere in the notification or attachment does the DOC CIRT incident handler identify that there was a mistake or change to the previously provided information.

Although the incident notificationís attachment correctly identified only 2 components exhibiting suspicious behaviorónot the 146 components that DOC CIRT initially identifiedóthe name of the second incident notificationís attachment exactly matched the first incident notificationís attachment, obscuring the clarification.
For five weeks, things went from bad to worse to comically tragic to tragically comic to full-scale computercide. Looking at its list (2 components), DOC CIRT asked the EDA to attempt containment by reimaging the infected items. Looking at its list (146 components), the EDA responded that reimaging half its devices would be "unfeasible." Taking a look at the EDA's list (from the first, mistaken network log analysis), DOC CIRT assumed the EDA had received additional analysis indicating the malware had spread, and changed its recommendations accordingly.

Finally, both departments were on the same (but entirely wrong) page and scaled up the response accordingly. A copy went to the DHS, stating that "over 50%" of the EDA's devices were infected. The DHS then accepted this without seeking independent confirmation. The NSA cranked out its own concerned report, quoting heavily from the DHS report (which was still in draft form), both of which were based on DOC CIRT's first erroneous report. This went undetected for over a year, until the OIG informed the involved agencies of its findings in December 2012.

The end result? The EDA and DOC CIRT worked together, attempting to head off a "severe" malware threat before it spread to other connected government computers. Despite gathering more information from outside consultants that indicated the malware was neither "persistent" nor a threat to migrate, the two agencies began destroying devices in May of 2012, finally stopping three months later when the "break stuff" budget had been exhausted.

Fortunately for the agencies, taxpayers and the surviving equipment (valued at over $3 million), the OIG's findings were brought to the agencies' attention before the fiscal year began and a new "break stuff" budget approved. All in all, the EDA spent over $2.7 million fighting a malware "infection" confined to two computers.

There's nothing in this report that makes the EDA look good. A chart on page 8 shows the EDA has persistently ignored the OIG's recommendations on agency computer security, with some assessments going back as far as 2006. It's no surprise it managed to (along with the Dept. of Commerce's response team) transform a 2-computer infection into a nearly $3 million catastrophe.

OIG 13 027 A (PDF)





Latest Economy
- "They Just Want The Money!" - The IRS Can Now Seize Accounts On Suspicion Alone
- Hillary: 'Don't Let Anybody Tell You' That 'Businesses Create Jobs'
- Does Ebola Justify the State?
- Low Inflation? The Price Of Ground Beef Has Risen 17 Percent Over The Past Year
- EFF, Internet Archive, and reddit Oppose New York's BitLicense Proposal
- Who's Afraid of the Workers' Revolution?
- Sports Stadiums: Temples to Crony Capitalism
- Obamacare Architect Says Society Would Be Better Off If People Only Lived To Age 75









Comments 1 - 4 of 4 Add Comment Page 1 of 1
thomas vesely

Posted: Jul 15 2013, 2:42 PM

Link
101115 when you are a hammer, every thing is a nail.
when you are stupid, everything is a fail.
Anonymous

Posted: Jul 15 2013, 3:20 PM

Link
65110 when you are a postman, everything is a mail
when you are a train, everything is a rail
when you are a politician, everything is a wail
when you are a bank, everything is a bail
Anonymous

Posted: Jul 15 2013, 6:46 PM

Link
101115 @65110

awesome !
basis for new anthem ?
Anonymous

Posted: Jul 15 2013, 10:22 PM

Link
65110 Good idea, freely include my four verses. Let Freedom Ring II! hehehe


Add Comment
Name
Comment

* No HTML


Verification *
Please Enter the Verification Code Seen Below
 


PLEASE NOTE
Please see our About Page, our Disclaimer, and our Comments Policy.


FAIR USE NOTICE
This site contains copyrighted material the use of which in some cases has not been specifically authorized by the copyright owner. Such material is made available for the purposes of news reporting, education, research, comment, and criticism, which constitutes a 'fair use' of such copyrighted material in accordance with Title 17 U.S.C. Section 107. If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner. It is our policy to respond to notices of alleged infringement that comply with the DMCA and other applicable intellectual property laws. It is our policy to remove material from public view that we believe in good faith to be copyrighted material that has been illegally copied and distributed by any of our members or users.

About Us - Disclaimer - Privacy Policy



Advanced Search
Username:

Password:

Remember Me
Forgot Password?
Register

FBI Agents Cut Internet Access, Pose As Repairmen To Perform Warrantless Search - 10/30LAPD Officer Accused Of Punting Man's Face Like He Was 'Kicking A Field Goal' - 10/30Patriot Act, Passed to Fight Terrorism, Used Mostly In Drug Investigations - 10/30Mom Faces Jail For Using Cannabis Oil To Treat 15-Yr-Old Son's Chronic Pain - 10/30Sarcastic "God Bless You" Triggers Miami Cop To Go On Psychotic Tirade - 10/29Antonio Buehler Found Not Guilty After Almost 3 Years - 10/30During Cold War, CIA And FBI Hired Over 1,000 Nazis As Spies, Limited Investigations Of Those Nazis - 10/30"Crush the Seed of Ishmael": A "Final Solution" to the "Muslim Problem" - 10/09

Rialto, CA Police Made to Wear Cameras, Use of Force Drops by Over Two-ThirdsCop Who Karate Chopped NY Judge In Throat Gets Off Scot-FreeFlorida Cop Smashes Compliant Woman's Face Into Car -- "Maybe Now You Can Understand Simple Instructions"VIDEO: Lapel Cam Reveals A Day In The Life Of A U.S. Police Officer (Tasing, Beating, Breaking & Entering, Stomping On Heads... and Laughing About It)Caught On Tape: Officer Sucker Punches Inmate In Face, Files Report Claiming 'Self Defense'Insult Person On Twitter, Go To JailSWAT Team Brings TV Crew To Film Raid Against Threatening Internet Critic -- Raids Innocent Grandma InsteadCop Karate Chops NY Judge In The Throat
(more)

 
Top