US agency baffled by modern technology, destroys mice to get rid of viruses

[TechMan]

http://arstechnica.com/information-technology/2013/07/us-agency-baffled-by-modern-technology-destroys-mice-to-get-rid-of-viruses/

The Economic Development Administration (EDA) is an agency in the Department of Commerce that promotes economic development in regions of the US suffering slow growth, low employment, and other economic problems. In December 2011, the Department of Homeland Security notified both the EDA and the National Oceanic and Atmospheric Administration (NOAA) that there was a possible malware infection within the two agencies' systems.

The NOAA isolated and cleaned up the problem within a few weeks.

The EDA, however, responded by cutting its systems off from the rest of the world—disabling its enterprise e-mail system and leaving its regional offices no way of accessing centrally held databases.
It then recruited an outside security contractor to look for malware and provide assurances that not only were EDA's systems clean, but also that they were impregnable against malware. The contractor, after some initial false positives, declared the systems largely clean but was unable to provide this guarantee. Malware was found on six systems, but it was easily repaired by reimaging the affected machines.

EDA's CIO, fearing that the agency was under attack from a nation-state, insisted instead on a policy of physical destruction. The EDA destroyed not only (uninfected) desktop computers but also printers, cameras, keyboards, and even mice. The destruction only stopped—sparing $3 million of equipment—because the agency had run out of money to pay for destroying the hardware.

The total cost to the taxpayer of this incident was $2.7 million: $823,000 went to the security contractor for its investigation and advice, $1,061,000 for the acquisition of temporary infrastructure (requisitioned from the Census Bureau), $4,300 to destroy $170,500 in IT equipment, and $688,000 paid to contractors to assist in development of a long-term response. Full recovery took close to a year.

The full grim story was detailed in the Department of Commerce audit released last month, subsequently reported by Federal News Radio.

The EDA's overreaction is, well, a little alarming. Although not entirely to blame—the Department of Commerce's initial communication with EDA grossly overstated the severity of the problem (though corrected its error the following day)—the EDA systematically reacted in the worst possible way. The agency demonstrated serious technical misunderstandings—it shut down its e-mail servers because some of the e-mails on the servers contained malware, even though this posed no risk to the servers themselves—and a general sense of alarmism.

The malware that was found was common stuff. There were no signs of persistent, novel infections, nor any indications that the perpetrators were nation-states rather than common, untargeted criminal attacks. The audit does, however, note that the EDA's IT infrastructure was so badly managed and insecure that no attacker would need sophisticated attacks to compromise the agency's systems.

The stooopid it hurts.....

[HankB]

EDA's CIO, fearing that the agency was under attack from a nation-state, insisted instead on a policy of physical destruction.

Now the computers & peripherals will all have to be replaced . . . anyone bet that this individual (more likely, someone from his family or circle of friends) will be the supplier?

[Perd Hapley]

Bureaucracy - it's FANTASTIC!

[Tallpine]

Why didn't they just get a few cats? 

  

[brimic]

This would be hysterically funny if it weren't our money these dolts were wasting.

[TechMan]

This would be hysterically funny if it weren't our money these dolts were wasting.

This

[AZRedhawk44]

...Because the muslim-fundi-commies, when they attack, are going to attack our pinnacle of capitalism called the EDA?

[Ben]

...Because the muslim-fundi-commies, when they attack, are going to attack our pinnacle of capitalism called the EDA?

While not defending the boneheads at the EDA, yes, unknown offices like that is where they will attack. The Chinese don't spend tons of time breaking into Pentagon computers, they spend tons of time breaking into the computer at the entrance gate to a National Park, or the computer at the National Office for Widgets, because they are back doors into government networks that are not as protected as critical systems. The EDA is in the same network infrastructure as places like NIST. If I break into the EDA, I can get into the Dept of Commerce Intranet.

[Scout26]

$823,000 went to the security contractor for its investigation and advice,

To download and run a copy of Malwares Bytes, AVG and/or Spybot Search and Destroy ??  (and then do a half-assed job!!!)

I'm in the wrong business, because those damn ethics keep getting in the way.  


And the CIO should only be allowed to operate an Etch-a-Sketch.

[Perd Hapley]

Meanwhile, in Russia:


http://www.telegraph.co.uk/news/worldnews/europe/russia/10173645/Kremlin-returns-to-typewriters-to-avoid-computer-leaks.html

[Tallpine]

Meanwhile, in Russia:


http://www.telegraph.co.uk/news/worldnews/europe/russia/10173645/Kremlin-returns-to-typewriters-to-avoid-computer-leaks.html

Better ban carbon paper too 

[brimic]

Another angle that noone has thought of...
Although its still the wrong way to do it, the computers may have been destroyed to cover up a high ranking bureaucrat's habit of torrenting PreadolescentGayMidgetDonkeyScheiss pr0n with a government computer.

[AZRedhawk44]

Better ban carbon paper too 

And securely destroy your ribbons.

[K Frame]

My mouse is wireless, programmable, and apparently has some limited memory capability.

I could see it being an issue...

[Tallpine]

My mouse is wireless, programmable, and apparently has some limited memory capability.

I could see it being an issue...

[K Frame]

OK, that right there is funny! 

[sanglant]

While not defending the boneheads at the EDA, yes, unknown offices like that is where they will attack. The Chinese don't spend tons of time breaking into Pentagon computers, they spend tons of time breaking into the computer at the entrance gate to a National Park, or the computer at the National Office for Widgets, because they are back doors into government networks that are not as protected as critical systems. The EDA is in the same network infrastructure as places like NIST. If I break into the EDA, I can get into the Dept of Commerce Intranet.

said into the air, in no particular direction.

because EVERY*expletive deleted*THING with a ethernet port NEEDS to be connected to the internet, and every other system you run.