0
Bob_Church

The 21st Century Question: Why network everything?

By Bob_Church, in The Bonfire

Recommended Posts

Bob_Church    7

Bob_Church
https://www.cbsnews.com/news/school-district-pays-10000-bitcoin-ransom-after-cyberattack-massachusetts/

"A Massachusetts school district was waiting Friday for its computer system to be "unlocked" after it paid a $10,000 bitcoin ransom to hackers following a cyberattack on its system. And despite the nefarious nature of the school system's lockdown, there is no criminal investigation into the matter because solving this crime is "impossible," said Interim Leominster Police Chief Michael Goldman.”

Are we ever going to reach the point where the first response will be “why the hell was the information online? Why couldn’t it be on a LAN with no external link?"

This is getting silly. In a very dangerous way.

Share this post

Link to post
Share on other sites

Bob_Church    7

Bob_Church
We’ve had two or three, that I know of, major disasters at OU and in every single case the information was online as a minor convenience, if even that. The worst one, the one that changed everything and got good people fired and our IT people replaced with suits working for some outfit from out of town was a graduate student showing off to what has been confirmed, but only on the grapevine level, a young female student worker. In the Alumni department they had a computer where they entered the personal information of every person who donated to Ohio University. That, by the way, was the prime goal of our University President at the time, he fully admitted before all this that donation raising was his main duty. This information included name address and other personal stuff and the University will neither confirm nor deny that it had their credit card information. Although for some reason OU bought a one year subscription to one of the credit watch places for each person in there and told them to change their credit cards.
The young female student worker’s job was to take the information on new donors or donors giving again and walk over to that desk and enter it. And if anyone sent a request for certain information and it was legit enough to pass on to her she’d, again, walk all the way across the room and get that info. The grad student showed her how unnecessary all this walking was. The university had just been networked, this was all new terrain to most but he plugged an ethernet cable into the computer, configured it to be online than showed her how she could do all this from her own desk, why walk clear across the room? And he could even show her how to do it from home, nudge nudge wink wink. We know she didn’t take him up on the former and nobody believes she went for the second option either. Accessing the computer continued to be done by walking over to it. When these two graduated it left nobody on campus who had ever even known the computer was networked.
Until the FBI contacted IT and informed them that hackers had sucked every bit of information off of it.
President McDavis now had to send a letter to every person who had donated to the University saying “I would like to thank you again for your donations. It’s only with your generous help that we can educate our young people to become valuable citizens and I can’t tell you how grateful I am. We all are. Oh, and by the way…..”
Power Boothe liked to say that every time they came out with new technology the proponents would claim that it would revolutionize education. Radio would replace teachers. or Vinyl LPs, then TVs. But unfortunately the computer people have much much better salesmen than their predecessors.


PS no, not Powers, Power

https://www.powerboothe.com

Share this post

Link to post
Share on other sites

ryoder    1,390

ryoder
Bob_Church

******
PS no, not Powers, Power

https://www.powerboothe.com



"Well...................Bye.":P
(Sorry, but I could not resist.)

Wait, that went right over my head.

From "Tombstone"(1993): https://www.youtube.com/watch?v=PVrEwCa8nSA
"There are only three things of value: younger women, faster airplanes, and bigger crocodiles" - Arthur Jones.

Share this post

Link to post
Share on other sites

Bob_Church    7

Bob_Church
ryoder

*********
PS no, not Powers, Power

https://www.powerboothe.com



"Well...................Bye.":P
(Sorry, but I could not resist.)

Wait, that went right over my head.

From "Tombstone"(1993): https://www.youtube.com/watch?v=PVrEwCa8nSA

Oh yeh. I can't help but think of him from Deadwood. Remember how when he first shows up he seems like the good guy as opposed to Swearingen. Then things reveal themselves. Man, I miss that show.

Share this post

Link to post
Share on other sites

BillyVance    34

BillyVance
Bob_Church

https://www.cbsnews.com/news/school-district-pays-10000-bitcoin-ransom-after-cyberattack-massachusetts/

"A Massachusetts school district was waiting Friday for its computer system to be "unlocked" after it paid a $10,000 bitcoin ransom to hackers following a cyberattack on its system. And despite the nefarious nature of the school system's lockdown, there is no criminal investigation into the matter because solving this crime is "impossible," said Interim Leominster Police Chief Michael Goldman.”

Are we ever going to reach the point where the first response will be “why the hell was the information online? Why couldn’t it be on a LAN with no external link?"

This is getting silly. In a very dangerous way.



Atlanta had something similar happen. Don't know the details but the ransom was something like $50K but they spent a couple million fixing the systems that were compromised. :S
"Mediocre people don't like high achievers, and high achievers don't like mediocre people." - SIX TIME National Champion coach Nick Saban

Share this post

Link to post
Share on other sites

PhreeZone    15

PhreeZone
In the majority of the cases if you pay the ransom you never get the data recovered anyways. Ransomware is big business. FakeAV was the big thing a few years back in which it would scare and force people to pay up to get access to their computer, now they just lock up the files and put a ticking timer on screen announcing that it all gets deleted in X hours and it counts down. The files are locked by being encrypted so there really is no way to recover the data with out the decryption keys.

Airgapping systems is difficult and expensive - even most secure networks have large gaps in their airgaps since you need to have access at some time to those systems with out being in the room. Maintaining airgapped systems is multiple times more costly since you have to pay for personal to actually touch each system and to run seperate management platforms to get things like patches, updates and new software deployed. You also get to double your hardware costs since you need systems online and systems offline. Thats Computers, networking gear, power, AC and everything else you need to own two of.
Yesterday is history
And tomorrow is a mystery

Parachutemanuals.com

Share this post

Link to post
Share on other sites

Bob_Church    7

Bob_Church
PhreeZone

In the majority of the cases if you pay the ransom you never get the data recovered anyways. Ransomware is big business. FakeAV was the big thing a few years back in which it would scare and force people to pay up to get access to their computer, now they just lock up the files and put a ticking timer on screen announcing that it all gets deleted in X hours and it counts down. The files are locked by being encrypted so there really is no way to recover the data with out the decryption keys.

Airgapping systems is difficult and expensive - even most secure networks have large gaps in their airgaps since you need to have access at some time to those systems with out being in the room. Maintaining airgapped systems is multiple times more costly since you have to pay for personal to actually touch each system and to run seperate management platforms to get things like patches, updates and new software deployed. You also get to double your hardware costs since you need systems online and systems offline. Thats Computers, networking gear, power, AC and everything else you need to own two of.



But a lot of stuff that didn't even exist 30 or so years ago is now deemed "essential." I think we as a society needs to take a closer look at all this, especially to find out who is saying that we have to have this stuff.

Share this post

Link to post
Share on other sites

billvon    2,402

billvon
Quote

Are we ever going to reach the point where the first response will be “why the hell was the information online? Why couldn’t it be on a LAN with no external link?"


Probably not. Much of the utility of a school network involves being connected to email and other services (emergency school closings, communications with parents, transmission of school records to colleges etc.)

And even airgapping isn't foolproof. All it takes is a USB drive, or even connection of a battery powered router in an inconspicuous location.

Share this post

Link to post
Share on other sites

Bob_Church    7

Bob_Church
billvon

Quote

Are we ever going to reach the point where the first response will be “why the hell was the information online? Why couldn’t it be on a LAN with no external link?"


Probably not. Much of the utility of a school network involves being connected to email and other services (emergency school closings, communications with parents, transmission of school records to colleges etc.)

And even airgapping isn't foolproof. All it takes is a USB drive, or even connection of a battery powered router in an inconspicuous location.



What we need is a real life version of U.N.C.L.E.. Remember, they were international and a law unto themselves. Their agents would track down hackers of all and any sort, wherever they are, and do really bad things to them when they find them.

Share this post

Link to post
Share on other sites

Bob_Church    7

Bob_Church
BillyVance

***https://www.cbsnews.com/news/school-district-pays-10000-bitcoin-ransom-after-cyberattack-massachusetts/

"A Massachusetts school district was waiting Friday for its computer system to be "unlocked" after it paid a $10,000 bitcoin ransom to hackers following a cyberattack on its system. And despite the nefarious nature of the school system's lockdown, there is no criminal investigation into the matter because solving this crime is "impossible," said Interim Leominster Police Chief Michael Goldman.”

Are we ever going to reach the point where the first response will be “why the hell was the information online? Why couldn’t it be on a LAN with no external link?"

This is getting silly. In a very dangerous way.



Atlanta had something similar happen. Don't know the details but the ransom was something like $50K but they spent a couple million fixing the systems that were compromised. :S

We're overdue for moving past the yahoo stage of computer networking.

Share this post

Link to post
Share on other sites

Bob_Church    7

Bob_Church
billvon

Quote

Are we ever going to reach the point where the first response will be “why the hell was the information online? Why couldn’t it be on a LAN with no external link?"


Probably not. Much of the utility of a school network involves being connected to email and other services (emergency school closings, communications with parents, transmission of school records to colleges etc.)

And even airgapping isn't foolproof. All it takes is a USB drive, or even connection of a battery powered router in an inconspicuous location.



Ok, and yet we insist on using this system and storing and moving confidential information this way. Why? Who decided that the convenience of a network over the ways the information was shared before outweighs the damage that will be caused when it gets hacked?

Share this post

Link to post
Share on other sites

jcd11235    0

jcd11235
Bob_Church

Ok, and yet we insist on using this system and storing and moving confidential information this way. Why? Who decided that the convenience of a network over the ways the information was shared before outweighs the damage that will be caused when it gets hacked?



So you're suggesting we go back to the days of "Please allow 6-8 weeks for delivery."?
Math tutoring available. Only $6! per hour! First lesson: Factorials!

Share this post

Link to post
Share on other sites

billvon    2,402

billvon
>Who decided that the convenience of a network over the ways the information was
>shared before outweighs the damage that will be caused when it gets hacked?

Investors who want a better return for their dollar.

Customers who want online ordering and three day delivery.

Parents who want their child's teacher to respond within a day or two.

Schoolkids who want to learn how the Internet works.

School administrators who want to keep their jobs.

And that's a lot of people.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
0
Go To Topic Listing