Information Security News mailing list archives
Agencies find LOVE stinks
From: William Knowles <wk () C4I ORG>
Date: Sun, 7 May 2000 18:24:24 -0500
http://www.fcw.com/fcw/articles/2000/0501/web-agencies-05-04-00.asp BY FCW Staff 05/04/2000 Heres how some agencies responded to the "ILOVEYOU" virus on Thursday, May 4. Agriculture: William Hadesty, USDAs assistant CIO for security, said the ILOVEYOU virus hit parts of the agency early in the day. "It got into the system. It did not impact our operations," Hadesty said. "We learned a lot of lessons from Melissa [a similar virus]." Hadesty said USDA put an emergency system in place by 8 a.m. to deal with the virus and got an antivirus download from Symantec Corp. to prevent the spread of the virus. However, he said it is too early to say how many USDA sites were affected or whether it had spread worldwide. "It did not affect our business mission," Hadesty said. "Were always going to be subjected to something like this. That is the price of being open." Army: A spokesmen said Army offices in the Pentagon experienced major e-mail disruptions, and some major commands such as the Aviation-Missile Command, Redstone Arsenal, Ala. and the Tank-Automotive Command, Warren, Mich. took down their main servers to eliminate the virus. Census: The ILOVEYOU virus e-mail hit five computers at the Census Bureaus main office in Suitland, Md., but Census 2000 data was never in any danger of being compromised. Census data is kept in a mainframe computer that has no outside access to e-mail and is surrounded by firewalls that make access virtually impossible. J. Gary Doyle, the Census systems integration manager, said that free e-mail subscriptions from several contractors carried the virus into the bureaus main headquarters in the morning. The defect was discovered almost immediately, and users were told to delete the e-mail without opening it. "Were lucky because we have Lotus Notes," Doyle said. "On our office automation side, we dont use the Microsoft suite." CIA: The agency "experienced a handful of isolated attacks or viruses on our unclassified systems, which were identified and quickly resolved with negligible effect," a spokeswoman said. The agency has since purged its systems of the e-mails and has posted warnings to all of its employees, the spokeswoman said. "At this point that seems adequate." DOD: The department discovered the virus in many of its unclassified systems and placed a warning on its Computer Emergency and Response Team World Wide Web page instructing users not to open the e-mail, according to spokeswoman Sue Hansen. "Some units have taken their systems offline, but that was [supposed to be] a last resort," Hansen said. Education: The department shut down its e-mail and Internet access from 9:30 a.m. to 2 p.m., spokesman Jim Bradshaw said. After the systems were shut down, the department began installing software to prevent the virus spread, he said. Bradshaw said the Pentagon notified the department at 7:30 a.m., and "as a result we were able to take defensive measures immediately," he said. Bradshaw said that chief information officer Craig Luigart found 10,000 incoming ILOVEYOU e-mails queued up for recipients whose last names began with "A" or "B." Luigart estimates that throughout the entire department, the system prevented another 100,000 to 200,000 infected e-mails from being sent out. All of the viruses have been rendered harmless, Bradshaw said. Educations Washington, D.C., office has about 3,000 workstations, but only 17 computers were fully infected after users opened the attachment; 102 other computers received the virus but did not open the attachment, Bradshaw said. Energy: Security guards met Energy Department employees at the DOE entrances in Washington, warning them about the ILOVEYOU virus and telling them not to open e-mail with it. Nevertheless, the virus apparently entered the computer system. "It is still spreading," said DOE spokeswoman Ruth Vass. "Some of the machines are frozen. EPA: Only two computers were infected and have been restored, according to an agency spokesman. The virus first reached EPAs system at 9:40 a.m. and was blocked by 9:48 a.m., and no systems were shut down. The EPA spokesperson speculated that because the agency uses Lotus Development Corp.s Notes e-mail product that the agency didnt have as many problems. FEMA: The agency found a way to throttle the virus. Click here. (ISN Moderators Note: Story being forwarded -WK) HCFA: Gary Christoph, CIO at the Health Care Financing Administration, which oversees Medicare and Medicaid, sent a memo to all employees in the morning that said the agency would be stopping all incoming and outgoing mail with external sources in order to deal with the virus, according to HCFA spokesman. The HCFA spokesman also said that most agencies within the Department of Health and Human Services were taking similar actions. He said internal e-mail was not affected, but as of 4:40 p.m., the external e-mail shutdown was still in effect at HCFA. House of Representatives: The virus bloomed in abundance. "All I know is Ive had more love letters today than Ive ever had before," said Bonnie Heald, spokeswoman for the Government Management, Information and Technology Subcommittee. The House e-mail system was turned off to keep the virus from spreading, a move that also prevented Heald from dispatching press releases. Interior: Ninety percent of the Interior Department's eight bureaus were not affected by the virus. It primarily hit the Mineral Management Services Division, which is the only one that does not use Lotus Notes. Interior took its Microsoft Exchange servers off line until the virus was contained, according to David Shearer, of Interior's Chief Information Architecture Division. Agency IT personnel worked "all day and through the night" with several antivirus vendors, he said. NARA: A spokeswoman at the National Archives and Records Administration said a virus warning issued early in the day headed off any complications. The Archives, which stores the nations valuable records, is tackling the technology of electronic records storage, including e-mail messages. Despite ongoing controversy over whether or when it is legal to delete e-mail messages from government computer systems, Archives officials said it is OK to delete virus-bearing e-mails. "One may delete an e-mail containing a computer virus, just as one may delete personal messages such as an e-mail to arrange lunch with ones wife," an Archives official said. NASA: The space agency confirmed the virus infected agency systems but no mission-critical systems were damaged. Some e-mail systems were brought down for analysis. SBA: The agency shut down all its databases and has posted warnings on every floor of its buildings as well as on its intranet. "Our biggest concern is this may go beyond e-mail systems and SBA, and other agencies are looking at the potential of losing some very important government information," an SBA spokesman said. "We are having to revert back to the age-old, hard-copy directories for information," he said. Senate: The "ILOVEYOU" virus prompted the Senate to shut down parts of its e-mail system for several hours, but "by and large, the impact was pretty minimal," said Tracy Williams, director of technology development for the Senate sergeant at arms. "We got a lot of inbound messages with the ILOVEYOU subject line and the virus attachment," but Senate workers were warned early not to open them. Some Senate e-mail post offices were shut down for several hours while Williams and his staff researched the virus. But it appears that few computers were infected and little if any data was damaged, he said. State: "Weve blocked the ability to send attachments on both our classified and unclassified systems at the firewalls," a State Department source said. Transportation: Confirmed the virus infected its networks but no mission-critical systems were damaged. VA: The Department of Veterans Affairs e-mail system was shut down for 24 hours to prevent the Love bug from getting into the system. White House, OMB: Officials said the "love bug" was successfully held at bay. "I understand there are a few isolated cases that have been dealt with," said presidential spokesman Joe Lockhart. Cybersecurity personnel "dealt with" the virus early in the morning, and operations are running smoothly," he said. An OMB official said White House e-mail systems remained running despite the virus scare. "Our e-mail is part of the White House system, and mine wasnt shut down." *-------------------------------------------------* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen. Alfred. M. Gray, USMC --------------------------------------------------- C4I Secure Solutions http://www.c4i.org *-------------------------------------------------* ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Agencies find LOVE stinks William Knowles (May 07)