While there have been a lot of relatively unbelievable stories about United States federal authorities as of late, with the revelation of PRISM’s tech privacy destroying policies, today we have a similarly ridiculous tale to tell, though this time it’s more about costing the tax payer money than it is their rights to individual freedoms.
In a state of panic over potential malware infestation, the Economic Development Administration (part of the Department of Commerce, which handles economic growth in low-income areas of the US) shut off its systems from the rest of the world back in 2011. While a similarly infected organisation, the National Oceanic and Atmospheric Administration, had its computers fixed up in a couple of weeks, the EDA went far further.
After marooning itself and quarantining the infected machines, it began clearing house and scanning everything in sight. The contractor it hired to do it, quickly began flagging up false positives and re-imaging machines to clear the “infection.” However, despite announcing a clean slate soon after, the head of the EDA was too fearful to accept this and thinking it could be under attack from hackers (despite having shut itself off from the online world) began trashing systems.
This not only included uninfected desktop systems, but items that even the most determined hacker would have trouble infecting: printers, cameras and even peripherals like keyboards and mice.
The whole debacle ultimately cost the tax payer over $2.7 million (£1.8 million), broken down (by Ars) to: $823,000 on the contractor, $1,061,000 on temporary computer systems, $4,300 on destruction of the aforementioned computer equipment, which was valued at $170,000 and nearly $700,000 on the long term contractor response and recovery.
All in all, it took over a year to fix the same problem that took the NAOO just two weeks to clear out. None of the malware ultimately found was anything particularly malicious or novel, just simple everyday pieces of spyware and trojans – something that a government agency should have no problem fixing.
Instead, the EDA spent millions on something that a basic anti-malware scan could have fixed. It also shut down its email servers because of the malware initially coming from an external mail source – despite the servers themselves not being at risk.
KitGuru Says: This is why government conspiracies are so hard to stomach. These are the types of organisations that people often peg things like the Twin Towers attacks on. Really? A government that can’t even handle a simple malware infection is competent enough to pull that off?
No one’s saying that the government isn’t shady enough to try and pull things off – just look at PRISM – but it gets caught out time and time again – again, just look at PRISM.