SmartGov: Gov’t agency spends millions, destroys $170K in hardware to get rid of computer virus

posted at 9:21 pm on July 9, 2013 by Mary Katharine Ham

Meet the Economic Development Administration (yes, we have one). It deals with problems in such a level-headed, nimble, and efficient way, I can’t imagine why it hasn’t managed to rebuild our sagging economy:

ArsTechnica explains:

The Economic Development Administration (EDA) is an agency in the Department of Commerce that promotes economic development in regions of the US suffering slow growth, low employment, and other economic problems. In December 2011, the Department of Homeland Security notified both the EDA and the National Oceanic and Atmospheric Administration (NOAA) that there was a possible malware infection within the two agencies’ systems.

The NOAA isolated and cleaned up the problem within a few weeks.

The EDA, however, responded by cutting its systems off from the rest of the world—disabling its enterprise e-mail system and leaving its regional offices no way of accessing centrally held databases.

It then recruited an outside security contractor to look for malware and provide assurances that not only were EDA’s systems clean, but also that they were impregnable against malware. The contractor, after some initial false positives, declared the systems largely clean but was unable to provide this guarantee. Malware was found on six systems, but it was easily repaired by reimaging the affected machines.

EDA’s CIO, fearing that the agency was under attack from a nation-state, insisted instead on a policy of physical destruction. The EDA destroyed not only (uninfected) desktop computers but also printers, cameras, keyboards, and even mice. The destruction only stopped—sparing $3 million of equipment—because the agency had run out of money to pay for destroying the hardware.

The total cost to the taxpayer of this incident was $2.7 million: $823,000 went to the security contractor for its investigation and advice, $1,061,000 for the acquisition of temporary infrastructure (requisitioned from the Census Bureau), $4,300 to destroy $170,500 in IT equipment, and $688,000 paid to contractors to assist in development of a long-term response. Full recovery took close to a year.

Is Brick Tamland the CIO at this agency?

Federal News Radio first reported this story on the very day President Obama gave a speech about how the federal government is using technology to make government smart. Super, super smart.

In truth, the federal government is rarely smart, and when it’s really dumb, it often becomes malicious in its attempt to cover its stupidity:

WASHINGTON (AP) — The Pentagon’s effort to account for tens of thousands of Americans missing in action from foreign wars is so inept, mismanaged and wasteful that it risks descending from “dysfunction to total failure,” according to an internal study suppressed by military officials.

Largely beyond the public spotlight, the decades-old pursuit of bones and other MIA evidence is sluggish, often duplicative and subjected to too little scientific rigor, the report says.

The Associated Press obtained a copy of the internal study after Freedom of Information Act requests for it by others were denied.

The report paints a picture of a Joint POW/MIA Accounting Command, a military-run group known as JPAC and headed by a two-star general, as woefully inept and even corrupt. The command is digging up too few clues on former battlefields, relying on inaccurate databases and engaging in expensive “boondoggles” in Europe, the study concludes.

No kiddin’. Well, pshaw, POW/MIA is old news kind of stuff. The smart federal government is at least busy taking care of current veterans right now at the VA, right? Wrong.

We’re in the best of hands.


Related Posts:

Breaking on Hot Air

Blowback

Note from Hot Air management: This section is for comments from Hot Air's community of registered readers. Please don't assume that Hot Air management agrees with or otherwise endorses any particular comment just because we let it stand. A reminder: Anyone who fails to comply with our terms of use may lose their posting privilege.

Trackbacks/Pings

Trackback URL

Comments

OT…but it’s important

Drudge

Watch lifestyles, attitudes and behaviors…

Odd working hours, unexplained travel…

Monitor co-workers stress, divorce, financial problems…

Track online activities…

Those failing to report face penalties, criminal charges…

OBAMA ORDERS FED WORKERS: SPY ON EACH OTHER

Schadenfreude on July 9, 2013 at 9:32 PM

You know, as much as I like digital technology I really don’t believe my life is any better than it was in the ’60s or ’70s…more convenient yes, more entertainment possibilities yes, but not any better. We muddled through somehow and so did the government.

Even with all of this technology, golly gee, they still can’t tell us what happened at Benghazi, tell us how much gold is really in Ft. Knox, they lose track of their guns from the Fast & Furious gun-running scheme, they can’t tell us where hundreds of billions of dollars of taxpayers’ money has gone off to, they still require us to have to fill out tax return forms even they already know how much we made…

Dr. ZhivBlago on July 9, 2013 at 9:34 PM

Federal News Radio first reported this story on the very day President Obama gave a speech about how the federal government is using technology to make government smart. Super, super smart.

Meanwhile, the Internal Revenue Service, which:

1) has been harassing right-wing groups for years;

2) spends $50 million on a single conference;

3) awarded $500 million in contracts to a company that is qualified under some disable-veterans programme because the contractor suffered an ankle injury playing football at a military prep school decades ago; and,

4) is demanding a further $1 billion so that ‘things like this won’t happen again’

Has sent – sit down23,994 tax refunds worth a combined $46,378,040 to ‘unauthorised’ alien workers, i.e., those that are here illegally and are, by law, unauthorised to work in the United States, WHO ALL USED THE SAME ADDRESS IN ATLANTA, Georgia, in 2011, according to the Treasury Inspector General for Tax Administration (TIGTA).

$46,378,040 in tax refunds sent to unauthorised alien workers at ONE address.

One would think that even a not-very-sophisticated system would have picked up on the fact that 23,994 refund cheques were sent to ONE ADDRESS in ONE YEAR even if it didn’t alert on the fact that these were individuals, who, by law, were ineligible to be employed in any form in the United States.

Resist We Much on July 9, 2013 at 9:36 PM

The Economic Development Administration (EDA) is an agency in the Department of Commerce that promotes economic development in regions of the US suffering slow growth, low employment, and other economic problems

…well…they must be BIG!

KOOLAID2 on July 9, 2013 at 9:37 PM

Wow. It sounds like paranoia has infected many agencies in Obama World.

Buy Danish on July 9, 2013 at 9:41 PM

EDA’s CIO, fearing that the agency was under attack from a nation-state,

And we know how Barky and his junta hate the very notion of a nation-state.

insisted instead on a policy of physical destruction. The EDA destroyed not only (uninfected) desktop computers but also printers, cameras, keyboards, and even mice. The destruction only stopped—sparing $3 million of equipment—because the agency had run out of money to pay for destroying the hardware.

Cash For High-Tech Clunkers.

I hope they destroyed all the tables, too. The viruses and malware love to hide under the tables.

ThePrimordialOrderedPair on July 9, 2013 at 9:43 PM

One would think that even a not-very-sophisticated system would have picked up on the fact that 23,994 refund [checks] were sent to ONE ADDRESS in ONE YEAR even if it didn’t alert on the fact that these were individuals, who, by law, were ineligible to be employed in any form in the United States.

Resist We Much on July 9, 2013 at 9:36 PM

It was a really big mail box …

ThePrimordialOrderedPair on July 9, 2013 at 9:45 PM

In truth, the federal government is rarely smart, and when it’s really dumb, it often becomes malicious in its attempt to cover its stupidity:

It’s not stupidity-they aren’t stupid-they’re intelligent crooks who know how to game the system. Call it what it is-thievery. Either the $ goes to their friends who will repay them somehow some day or it goes to making sure that each bureau keeps their bloated budgets (kinda like a Brewster’s Millions thing).

Dr. ZhivBlago on July 9, 2013 at 9:45 PM

And more than likely, the destroyed equipment was replaced with equipment made in China.

uncommon sense on July 9, 2013 at 9:45 PM

Do you now how much I could have done with this? What I could have built? The number of people I

*stark horror*

Axe on July 9, 2013 at 9:48 PM

BIG government is bad enough, this ‘Chicago’ administration has taken it to new heights lows.

GarandFan on July 9, 2013 at 9:48 PM

It’s gonna need a paint job and a shit load of screen doors.

J_Crater on July 9, 2013 at 9:49 PM

SmartGov: Gov’t agency spends millions, destroys $170K in hardware to get rid of computer virus

They only destroyed that hardware as part of Barky’s stimulus/jobs program. Broken Windows8!!

ThePrimordialOrderedPair on July 9, 2013 at 9:49 PM

The EDA destroyed not only (uninfected) desktop computers but also printers, cameras, keyboards, and even mice. The destruction only stopped—sparing $3 million of equipment—because the agency had run out of money to pay for destroying the hardware.

Dilbert’s pointy-haired boss approves.

cheers

eon

eon on July 9, 2013 at 9:49 PM

The viruses and malware love to hide under the tables.

ThePrimordialOrderedPair on July 9, 2013 at 9:43 PM

.
I wonder if those were protected mice, which would require an environmental impact statement to destroy. Even government has to obey the law and regulations or risk the objections of an informed populace which, when aroused, would… hold on, someone’s knocking on my door.

ExpressoBold on July 9, 2013 at 9:55 PM

I wonder if those were protected mice, which would require an environmental impact statement to destroy. Even government has to obey the law and regulations or risk the objections of an informed populace which, when aroused, would… hold on, someone’s knocking on my door.

ExpressoBold on July 9, 2013 at 9:55 PM

It’s okay. They just threw the mice into windmills … okay, they were office fans, but close enough for government work.

ThePrimordialOrderedPair on July 9, 2013 at 9:57 PM

The EDA, however, responded by cutting its systems off from the rest of the world—disabling its enterprise e-mail system and leaving its regional offices no way of accessing centrally held databases.

I only got this far and was ROFL!!! Will try to stop laughing and read the rest after gathering extra courage:-)

bluefox on July 9, 2013 at 10:05 PM

The EDA, however, responded by cutting its systems off from the rest of the world—disabling its enterprise e-mail system and leaving its regional offices no way of accessing centrally held databases.

I only got this far and was ROFL!!! Will try to stop laughing and read the rest after gathering extra courage:-)

bluefox on July 9, 2013 at 10:05 PM

The really sad thing is that nobody noticed that they cut themselves off from the rest of the world.

uncommon sense on July 9, 2013 at 10:06 PM

They should have just cut the legs off of the tables. A virus couldn’t hide under them then.

countrybumpkin on July 9, 2013 at 10:08 PM

bluefox on July 9, 2013 at 10:05 PM

The really sad thing is that nobody noticed that they cut themselves off from the rest of the world.

uncommon sense on July 9, 2013 at 10:06 PM

And with that, I can’t stop laughing. I did read the next paragraph, but started laughing again. This reminded me of that “willing suspension of unbelief”; do I have that right?

I picture the Three Stooges that have multiplied, LOL

bluefox on July 9, 2013 at 10:11 PM

They should have just cut the legs off of the tables. A virus couldn’t hide under them then.

countrybumpkin on July 9, 2013 at 10:08 PM

LOL We have got to bookmark this thread and the next time we need a good laugh, bring it up!!

I can see Leno just reading this!!

bluefox on July 9, 2013 at 10:14 PM

Did they think to check the mouse’s pads?

Once you cut the legs off the tables, those viruses always try to hide in the mouse’s pads.

Now’s the time for a “no-knock warrant”… issued by the FISA court.

;-)

Solaratov on July 9, 2013 at 10:14 PM

So do we still think that the breakin at the law office in Texas was “too unprofessional to have involved the federal government”?

slickwillie2001 on July 9, 2013 at 10:17 PM

So do we still think that the breakin at the law office in Texas was “too unprofessional to have involved the federal government”?

slickwillie2001 on July 9, 2013 at 10:17 PM

Well there is one Agency we know did not do it and that is this EDA, still laughing!

bluefox on July 9, 2013 at 10:22 PM

Well there is one Agency we know did not do it and that is this EDA, still laughing!

bluefox on July 9, 2013 at 10:22 PM

It does bring new meaning to the term technocrat :)

uncommon sense on July 9, 2013 at 10:27 PM

I hope they destroyed all the tables, too. The viruses and malware love to hide under the tables.

ThePrimordialOrderedPair on July 9, 2013 at 9:43 PM

And don’t forget the toilet seats.

John the Libertarian on July 9, 2013 at 10:35 PM

bluefox on July 9, 2013 at 10:22 PM

It does bring new meaning to the term technocrat :)

uncommon sense on July 9, 2013 at 10:27 PM

I think a new word needs invented to describe this. Haven’t read anything this funny in a long time. It deserves the “Funniest Thread of the Year”, LOL

bluefox on July 9, 2013 at 10:37 PM

The really sad informative thing is that nobody noticed that they cut themselves off from the rest of the world.

uncommon sense on July 9, 2013 at 10:06 PM

.
I was going to remark noticeable thing but it seemed too tautological.

ExpressoBold on July 9, 2013 at 10:41 PM

EDA’s CIO, fearing that the agency was under attack from a nation-state, insisted instead on a policy of physical destruction. The EDA destroyed not only (uninfected) desktop computers but also printers, cameras, keyboards, and even mice. The destruction only stopped—sparing $3 million of equipment—because the agency had run out of money to pay for destroying the hardware.

Makes you wonder if they just wanted new hardware.

There Goes the Neighborhood on July 9, 2013 at 11:21 PM

Makes you wonder if they just wanted new hardware.

There Goes the Neighborhood on July 9, 2013 at 11:21 PM

Not a few of my fellow co-workers would do this if it would get the crowd of clowns in the IT department to fix the dozens of unusable machines on the production floor.

Unfortunately, no I am not kidding nor am I exaggerating.

MelonCollie on July 9, 2013 at 11:32 PM

EDA’s CIO, fearing that the agency was under attack from a nation-state, insisted instead on a policy of physical destruction.

Funny, or sad, thing is that it was just the NSA. They didn’t realize the Economic Development Administration was on the same side in the government’s war on us citizens.

Lammo on July 10, 2013 at 12:52 AM

And more than likely, the destroyed equipment was replaced with equipment made in China.

uncommon sense on July 9, 2013 at 9:45 PM

Most likely the equipment destroyed was made in China and will be replace by equipment made in China. Buy electronics made in China and your junk(garbage) will arrive

hamradio on July 10, 2013 at 12:59 AM

And more than likely, the destroyed equipment was replaced with equipment made in China.

uncommon sense on July 9, 2013 at 9:45 PM

Yeah, probably with built-in back doors.

Dr. ZhivBlago on July 10, 2013 at 1:22 AM

A close relative had the VA mis-diagnose testicular cancer for years. It has now been found by a private doctor, but has spread. Anyone that has had to deal with the VA can tell you how crap their service is and will also tell you that’s the level of care one can expect when the O-Care law is finally followed.

Government cannot run anything efficiently because it is just too big and there is a negative incentive to do so, as long as the tax-payer keeps providing.

ExPat on July 10, 2013 at 4:38 AM

Smart Power

Jaibones on July 10, 2013 at 6:38 AM

The total cost to the taxpayer of this incident was $2.7 million: $823,000 went to the security contractor for its investigation and advice, $1,061,000 for the acquisition of temporary infrastructure (requisitioned from the Census Bureau), $4,300 to destroy $170,500 in IT equipment, and $688,000 paid to contractors to assist in development of a long-term response. Full recovery took close to a year.

Hey, somebody pass the word along for next time that I’ll do the System Restore and run MalwareBytes for only $1,999,999.95!

Gingotts on July 10, 2013 at 7:46 AM

Gingotts on July 10, 2013 at 7:46 AM

Uhh, no, that won’t work, cuz these are Speshul Sooper-Seekrit Resstrikked Aksess Gubmint Cumpooters an’, uhhh, stuff.

And, uhh, ignore th’ ashes off th’ doobies on th’ keeboard, OK?

/EDA IT guy

clear ether

eon

eon on July 10, 2013 at 8:20 AM

The EDA, however, responded by cutting its systems off from the rest of the world—disabling its enterprise e-mail system and leaving its regional offices no way of accessing centrally held databases

“Anyone heard from the EDA lately?”

“Who?”

ROFL

TerryW on July 10, 2013 at 8:53 AM

The really sad thing is that nobody noticed that they cut themselves off from the rest of the world.

uncommon sense on July 9, 2013 at 10:06 PM

Which is an excellent indicator that maybe they could be defunded in the next budget, you think?

GWB on July 10, 2013 at 9:25 AM

Even with all of this technology, golly gee, they still can’t won’t tell us what happened at Benghazi, tell us how much gold is really in Ft. Knox, they purposely lose track of their guns from the Fast & Furious gun-running scheme, they can’t won’t tell us where hundreds of billions of dollars of taxpayers’ money has gone off to, they still require us to have to fill out tax return forms even they already know how much we made…

Dr. ZhivBlago on July 9, 2013 at 9:34 PM

Changed in the interest of the truth.

NOMOBO on July 10, 2013 at 9:58 AM

Man, I’m in the wrong line of work, doing IT in the private sector. Need to find out an easy way to get a sweet contract with a government agency. Maybe I can claim that time I went to sick call for twisting my ankle on a run in Korea as a service-connected disability. Unlike that dude Duckworth chewed out I actually served and technically the Korean War never ended. Hah, that’s the ticket!

(please note that this is sarcasm and I think its disgusting someone would claim a high school injury as a service connected disability)

Lay-Z on July 10, 2013 at 10:01 AM

First of all, sometimes buying new and upgraded machines may be better than investing in saving the old ones. The machines could have been auctioned off, though.

Nevertheless, modern malware is a much harder problem than the modest irritation it was a decade ago. No detection technology exists which guarantees to detect all unknown malware infections. Serious malware both hides well and often invites friends over. So even when some malware files are found and removed, there is no way to know when all malware is gone, and that is the big problem.

Against modern malware, removal programs are a joke. To actually clean the equipment (as opposed to just going through the motions), video cards will have to be removed (possibly discarded), and each motherboard re-flashed. It goes without saying that the hard drives must be re-formatted and the OS re-installed, all of which takes time.

Current computer hardware is built with a fundamental inability to protect the stored OS and flash BIOS from the code changes which mean permanent infection. This is also the ability to infect almost every computer on the planet, which (no doubt coincidentally) happens to be a breathtaking intelligence goal. Presumably, every state intelligence service wants the exact same thing.

PseudoRandom on July 10, 2013 at 11:55 AM

So even when some malware files are found and removed, there is no way to know when all malware is gone, and that is the big problem.

PseudoRandom on July 10, 2013 at 11:55 AM

Bullhockey. Re-image the machine; malware gone. Put machine back in service. (Additionally: Scan backups for malware before restoration; do not allow installation of software except with an administrator.)

Current computer hardware is built with a fundamental inability to protect the stored OS and flash BIOS from the code changes which mean permanent infection.

PseudoRandom on July 10, 2013 at 11:55 AM

Are you seriously saying that you can’t keep an unknown from flashing the BIOS on your machine? I doubt that’s the case. Also, you realize that the OS is stored on a disk drive, and the BIOS is stored in a chip? The one is much easier to corrupt than the other. I wonder if you mean “root kit” when you say BIOS?

GWB on July 10, 2013 at 12:50 PM

Bullhockey. Re-image the machine; malware gone. Put machine back in service. (Additionally: Scan backups for malware before restoration; do not allow installation of software except with an administrator.)

Well, imaging is nice, IF ONE HAS MADE IMAGES, but that STILL does not guarantee that the image does not have the same problem. If it does, then we are just re-installing the infection. Even if not, if the machine has a new hardware infection, the recovered state will be infected immediately. If the goal is to assure a clean machine, images do not help.

Scanning has not been a solution for years. At best, scanning can only find malware which has already been found, so it does not find new malware, which is often re-spun in hours and is checked against scanners before release anyway. Worse, much modern “polyorphic” malware “encrypts” its files differently on each machine, so scanners will never find it. And, of course, much modern malware will “root kit” the file system, thus hide the very existence of new files, and report back unchanged old file contents to scanners.

Next, imaging can only handle drive infections, not hardware, as in a “BIOS” flash. That would be on the motherboard, video card, and any other distributed BIOSes. In the old days, many motherboards could provide a physical write-enable to prevent BIOS changes. But with the advent of huge flash, that same flash is used for a lot of things, and disabling all writes can be problematic. But much depends on the individual manufacturer.

Are you seriously saying that you can’t keep an unknown from flashing the BIOS on your machine? I doubt that’s the case. Also, you realize that the OS is stored on a disk drive, and the BIOS is stored in a chip? The one is much easier to corrupt than the other. I wonder if you mean “root kit” when you say BIOS?

Many, perhaps most, modern machines cannot keep malware from flashing a BIOS. If the user can update the BIOS online, malware can do it.

Yes, there often are settings in the BIOS which purport to prevent this (which then means the user cannot update their BIOS). Those settings, however, are interpreted by SOFTWARE, and, after infection, malware is in control. While protecting the BIOS correctly is not impossible, it is by no means trivial, and claiming protection is not the same as actually providing it.

PseudoRandom on July 10, 2013 at 1:33 PM

I hate it when my mouse gets a virus.
And keyboard viruses? They’re the worst.

gekkobear on July 10, 2013 at 5:12 PM