Interesting People mailing list archives
Over 2000 Oregon taxpayers tax info victim to keylogging trojan on system for 8 DAYS
From: David Farber <dave () farber net>
Date: Thu, 15 Jun 2006 14:28:33 -0400
Begin forwarded message: From: Ethan Ackerman <eackerma () u washington edu> Date: June 15, 2006 2:16:42 PM EDT To: David Farber <dave () farber net>Subject: Over 2000 Oregon taxpayers tax info victim to keylogging trojan on system for 8 DAYS
(glad you're not Oregonian? me too, but I'm sure security is no better at <insert your state here>) http://katu.com/stories/86791.html and http://www.oregon.gov/DOR/webtrojan.shtml Let's count known security failures... This computer had tax info (1) associated with personal information like names and ssns and addresses rather than disintermediated, (2) unencrypted on a computer that was (3) connected to the general internet (4) without effective access or copy or user restrictions for those files, on a computer (5) without effective/properly configured/antivirus or firewall software**. In addition, the (6) computer and its (7) administrators lacked _effective_ breach monitoring systems to even know something wrong had happened in a timely matter, much less (8) restrict outbound info in the mean time. (The news article says it took _8 DAYS_ for the DoR to make the leap from 'improper use' to 'oops, information went out.' One can only dread how much longer it took them to conclude that maybe it should be unplugged to contain the damage.) And because security isn't just preventive, but also cleaning up after, and learning from, breaches - the picture gets worse...The DoR response: (1) Non-business-related internet use is now prohibited.
-my comment- SO WHAT? Visiting pron sites was prohibited before too - the DoR release says that's why they fired the employee - but 'office policy' restricting sites didn't seem to prevent this from happening. (2) we'll evaluate our systems-What this is code for, I don't know - hopefully something good will come of it.
(3) that's all. Seriously - DoR's own website says that's the only steps it is taking. They list or reference several steps they AREN'T taking which would seem to be effective - switching away from SSN overuse or disconnecting/restricting tax-info-containing computers from the general internet/other agencies/the IRS's computers. Their customer-side damage control looks to be a little better - they are sending out letters (a month later), and recommending citizens monitor their credit reports with hints that they might arrange credit monitoring for victims. But this line about the letters is probably the worst on the whole site: "If you have not received or do not receive a letter, it means that your information was not compromised. " Or, that you just didn't receive a letter... Or that your info WAS compromised and we just don't know it.... etc. **To be fair, DoR says the trojan was so new that its antivirus vendor hadn't yet "'written a filter for it" - an assertion yet to be verified... It should also be noted that the detection of keyloggers is often trivial, even if the particular trojan they came in on isn't. ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- Over 2000 Oregon taxpayers tax info victim to keylogging trojan on system for 8 DAYS David Farber (Jun 15)