DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
February 25, 2020 
Main Menu
News archives

Who's Online
There are currently 198 people online.


Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset

Follow us

US government employees destroyed computers to get rid of tiny virus attack

Posted on Thursday, July 11 2013 @ 15:23:25 CEST by

Today the wall of weird expands with a news story about how the US Department of Commerce's Economic Development Administration (EDA) agency wasted millions to combat a possible malware infection. The tale begins in December 2011 when the Department of Homeland Security notified both the EDA and the National Oceanic and Atmospheric Administration (NOAA) that there was a possible malware infection within the two agencies' computer systems.

The NOAA isolated the malware and cleaned up the problem within a few weeks, but the EDA grossly overreacted and went on to spend $2.7 million, more than half its 2012 annual IT budget, to combat the problem. EDA's CIO feared the agency was under attack from foreign cyber intelligence, all systems were cut off from the Internet and an outside contractor was hired to investigate the issue, which was really only some relatively innocent malware on a handful of computers. The agency paid $823,000 to a security contractor for investigation and advice, $688,000 to contractors to assist in developing a long-term malware response, and $1,061,000 to buy temporary infrastructure from the Census Bureau.

The most comical part is that out of fear and misunderstanding of computers, the EDA adopted a scorched earth policy that involved spending $4,300 to destroy over $170,500 worth of IT equipment, including uninfected desktop computers, printers, cameras, TVs, keyboards and even mice. The destruction stopped by August 1, 2012 as the EDA had exhausted its funds, but the agency intended to resume the destruction of its remaining IT infrastructure, valued at over $3 million, once funds were available. Further details can be read at ARS Technica.
The EDA's overreaction is, well, a little alarming. Although not entirely to blame—the Department of Commerce's initial communication with EDA grossly overstated the severity of the problem (though corrected its error the following day)—the EDA systematically reacted in the worst possible way. The agency demonstrated serious technical misunderstandings—it shut down its e-mail servers because some of the e-mails on the servers contained malware, even though this posed no risk to the servers themselves—and a general sense of alarmism.

The malware that was found was common stuff. There were no signs of persistent, novel infections, nor any indications that the perpetrators were nation-states rather than common, untargeted criminal attacks. The audit does, however, note that the EDA's IT infrastructure was so badly managed and insecure that no attacker would need sophisticated attacks to compromise the agency's systems.



DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba