Tigers X - Number one Source to Talk Auburn Tigers Sports

The Library => The SGA => Topic started by: Vandy Vol on July 10, 2013, 02:02:50 PM

Title: EDA Destroys Computer Viruses
Post by: Vandy Vol on July 10, 2013, 02:02:50 PM: ...by destroying their own computers.

http://arstechnica.com/information-technology/2013/07/us-agency-baffled-by-modern-technology-destroys-mice-to-get-rid-of-viruses/

Quote
The Economic Development Administration (EDA) is an agency in the Department of Commerce that promotes economic development in regions of the US suffering slow growth, low employment, and other economic problems. In December 2011, the Department of Homeland Security notified both the EDA and the National Oceanic and Atmospheric Administration (NOAA) that there was a possible malware infection within the two agencies' systems.

The NOAA isolated and cleaned up the problem within a few weeks.

The EDA, however, responded by cutting its systems off from the rest of the worldâ€”disabling its enterprise e-mail system and leaving its regional offices no way of accessing centrally held databases.

It then recruited an outside security contractor to look for malware and provide assurances that not only were EDA's systems clean, but also that they were impregnable against malware. The contractor, after some initial false positives, declared the systems largely clean but was unable to provide this guarantee. Malware was found on six systems, but it was easily repaired by reimaging the affected machines.

EDA's CIO, fearing that the agency was under attack from a nation-state, insisted instead on a policy of physical destruction. The EDA destroyed not only (uninfected) desktop computers but also printers, cameras, keyboards, and even mice. The destruction only stoppedâ€”sparing $3 million of equipmentâ€”because the agency had run out of money to pay for destroying the hardware.

The total cost to the taxpayer of this incident was $2.7 million: $823,000 went to the security contractor for its investigation and advice, $1,061,000 for the acquisition of temporary infrastructure (requisitioned from the Census Bureau), $4,300 to destroy $170,500 in IT equipment, and $688,000 paid to contractors to assist in development of a long-term response. Full recovery took close to a year.

The full grim story was detailed in the Department of Commerce audit (http://www.oig.doc.gov/OIGPublications/OIG-13-027-A.pdf) released last month, subsequently reported by Federal News Radio (http://www.federalnewsradio.com/241/3382009/EDAs-overreaction-to-cyber-attack-highlights-every-agencys-challenge).

The EDA's overreaction is, well, a little alarming. Although not entirely to blameâ€”the Department of Commerce's initial communication with EDA grossly overstated the severity of the problem (though corrected its error the following day)â€”the EDA systematically reacted in the worst possible way. The agency demonstrated serious technical misunderstandingsâ€”it shut down its e-mail servers because some of the e-mails on the servers contained malware, even though this posed no risk to the servers themselvesâ€”and a general sense of alarmism.

The malware that was found was common stuff. There were no signs of persistent, novel infections, nor any indications that the perpetrators were nation-states rather than common, untargeted criminal attacks. The audit does, however, note that the EDA's IT infrastructure was so badly managed and insecure that no attacker would need sophisticated attacks to compromise the agency's systems.
Title: Re: EDA Destroys Computer Viruses
Post by: Saniflush on July 10, 2013, 02:11:02 PM: Reminds me of the dumbasses at a company Tarheel and I worked at. Coming up to Y2K they had a team of personnel going around certifying that equipment was Y2K compliant. This in and of itself was good until they insisted that hand tools had to be certified as well.
:facepalm:
Title: Re: EDA Destroys Computer Viruses
Post by: WiregrassTiger on July 10, 2013, 02:40:42 PM: Quote from: Saniflush on July 10, 2013, 02:11:02 PM
Reminds me of the dumbasses at a company Tarheel and I worked at. Coming up to Y2K they had a team of personnel going around certifying that equipment was Y2K compliant. This in and of itself was good until they insisted that hand tools had to be certified as well.
:facepalm:
What's your beef? This guy was way ahead of the curve. My hammer hasn't been wurfashit since y2k. And I don't even try to use my cross cut saw anymore because it curves. And don't get me started on my screwdriver set.
Title: Re: EDA Destroys Computer Viruses
Post by: The Prowler on July 20, 2013, 09:37:05 AM: LMAO!!!

NOAA: "Malware Virus? Okay, lets run a virus scan on all the computers, locate the virus...then wipe it out."

EDA: "Malware Virus?!?! HOLY SHIT, WHAT THE FUCK IS A MALWARE VIRUS!?!?! WE GOTTA BURN EVERYTHING TO THE GROUND!!!!!"

Department of Commerce: (the next day) "Ummm, what the fuck happened to the building?"
Title: Re: EDA Destroys Computer Viruses
Post by: AUJarhead on July 20, 2013, 06:51:36 PM: (http://demotivators.despair.com/demotivational/consultingdemotivator.jpg)
Title: Re: EDA Destroys Computer Viruses
Post by: Saniflush on July 22, 2013, 06:42:48 AM: Quote from: AUJarhead on July 20, 2013, 06:51:36 PM
(http://demotivators.despair.com/demotivational/consultingdemotivator.jpg)

The "you need to unfuck yourself" seminars are looking better and better.