Bob_Church 7 #1 April 28, 2018 https://www.cbsnews.com/news/school-district-pays-10000-bitcoin-ransom-after-cyberattack-massachusetts/ "A Massachusetts school district was waiting Friday for its computer system to be "unlocked" after it paid a $10,000 bitcoin ransom to hackers following a cyberattack on its system. And despite the nefarious nature of the school system's lockdown, there is no criminal investigation into the matter because solving this crime is "impossible," said Interim Leominster Police Chief Michael Goldman.” Are we ever going to reach the point where the first response will be “why the hell was the information online? Why couldn’t it be on a LAN with no external link?" This is getting silly. In a very dangerous way. Quote Share this post Link to post Share on other sites
Bob_Church 7 #2 April 28, 2018 We’ve had two or three, that I know of, major disasters at OU and in every single case the information was online as a minor convenience, if even that. The worst one, the one that changed everything and got good people fired and our IT people replaced with suits working for some outfit from out of town was a graduate student showing off to what has been confirmed, but only on the grapevine level, a young female student worker. In the Alumni department they had a computer where they entered the personal information of every person who donated to Ohio University. That, by the way, was the prime goal of our University President at the time, he fully admitted before all this that donation raising was his main duty. This information included name address and other personal stuff and the University will neither confirm nor deny that it had their credit card information. Although for some reason OU bought a one year subscription to one of the credit watch places for each person in there and told them to change their credit cards. The young female student worker’s job was to take the information on new donors or donors giving again and walk over to that desk and enter it. And if anyone sent a request for certain information and it was legit enough to pass on to her she’d, again, walk all the way across the room and get that info. The grad student showed her how unnecessary all this walking was. The university had just been networked, this was all new terrain to most but he plugged an ethernet cable into the computer, configured it to be online than showed her how she could do all this from her own desk, why walk clear across the room? And he could even show her how to do it from home, nudge nudge wink wink. We know she didn’t take him up on the former and nobody believes she went for the second option either. Accessing the computer continued to be done by walking over to it. When these two graduated it left nobody on campus who had ever even known the computer was networked. Until the FBI contacted IT and informed them that hackers had sucked every bit of information off of it. President McDavis now had to send a letter to every person who had donated to the University saying “I would like to thank you again for your donations. It’s only with your generous help that we can educate our young people to become valuable citizens and I can’t tell you how grateful I am. We all are. Oh, and by the way…..” Power Boothe liked to say that every time they came out with new technology the proponents would claim that it would revolutionize education. Radio would replace teachers. or Vinyl LPs, then TVs. But unfortunately the computer people have much much better salesmen than their predecessors. PS no, not Powers, Power https://www.powerboothe.com Quote Share this post Link to post Share on other sites
ryoder 1,589 #3 April 28, 2018 Bob_Church PS no, not Powers, Power https://www.powerboothe.com "Well...................Bye."(Sorry, but I could not resist.)"There are only three things of value: younger women, faster airplanes, and bigger crocodiles" - Arthur Jones. Quote Share this post Link to post Share on other sites
Bob_Church 7 #4 April 28, 2018 ryoder *** PS no, not Powers, Power https://www.powerboothe.com "Well...................Bye."(Sorry, but I could not resist.) Wait, that went right over my head. Quote Share this post Link to post Share on other sites
ryoder 1,589 #5 April 28, 2018 Bob_Church ****** PS no, not Powers, Power https://www.powerboothe.com "Well...................Bye."(Sorry, but I could not resist.) Wait, that went right over my head. From "Tombstone"(1993): https://www.youtube.com/watch?v=PVrEwCa8nSA"There are only three things of value: younger women, faster airplanes, and bigger crocodiles" - Arthur Jones. Quote Share this post Link to post Share on other sites
Bob_Church 7 #6 April 28, 2018 ryoder ********* PS no, not Powers, Power https://www.powerboothe.com "Well...................Bye."(Sorry, but I could not resist.) Wait, that went right over my head. From "Tombstone"(1993): https://www.youtube.com/watch?v=PVrEwCa8nSA Oh yeh. I can't help but think of him from Deadwood. Remember how when he first shows up he seems like the good guy as opposed to Swearingen. Then things reveal themselves. Man, I miss that show. Quote Share this post Link to post Share on other sites
Bob_Church 7 #7 April 28, 2018 ryoder *** PS no, not Powers, Power https://www.powerboothe.com "Well...................Bye."(Sorry, but I could not resist.) One of the few paintings in my collection is from Power (not Powers) Boothe. Quote Share this post Link to post Share on other sites
BillyVance 34 #8 April 30, 2018 Bob_Church https://www.cbsnews.com/news/school-district-pays-10000-bitcoin-ransom-after-cyberattack-massachusetts/ "A Massachusetts school district was waiting Friday for its computer system to be "unlocked" after it paid a $10,000 bitcoin ransom to hackers following a cyberattack on its system. And despite the nefarious nature of the school system's lockdown, there is no criminal investigation into the matter because solving this crime is "impossible," said Interim Leominster Police Chief Michael Goldman.” Are we ever going to reach the point where the first response will be “why the hell was the information online? Why couldn’t it be on a LAN with no external link?" This is getting silly. In a very dangerous way. Atlanta had something similar happen. Don't know the details but the ransom was something like $50K but they spent a couple million fixing the systems that were compromised. "Mediocre people don't like high achievers, and high achievers don't like mediocre people." - SIX TIME National Champion coach Nick Saban Quote Share this post Link to post Share on other sites
PhreeZone 15 #9 April 30, 2018 In the majority of the cases if you pay the ransom you never get the data recovered anyways. Ransomware is big business. FakeAV was the big thing a few years back in which it would scare and force people to pay up to get access to their computer, now they just lock up the files and put a ticking timer on screen announcing that it all gets deleted in X hours and it counts down. The files are locked by being encrypted so there really is no way to recover the data with out the decryption keys. Airgapping systems is difficult and expensive - even most secure networks have large gaps in their airgaps since you need to have access at some time to those systems with out being in the room. Maintaining airgapped systems is multiple times more costly since you have to pay for personal to actually touch each system and to run seperate management platforms to get things like patches, updates and new software deployed. You also get to double your hardware costs since you need systems online and systems offline. Thats Computers, networking gear, power, AC and everything else you need to own two of.Yesterday is history And tomorrow is a mystery Parachutemanuals.com Quote Share this post Link to post Share on other sites
Bob_Church 7 #10 April 30, 2018 PhreeZoneIn the majority of the cases if you pay the ransom you never get the data recovered anyways. Ransomware is big business. FakeAV was the big thing a few years back in which it would scare and force people to pay up to get access to their computer, now they just lock up the files and put a ticking timer on screen announcing that it all gets deleted in X hours and it counts down. The files are locked by being encrypted so there really is no way to recover the data with out the decryption keys. Airgapping systems is difficult and expensive - even most secure networks have large gaps in their airgaps since you need to have access at some time to those systems with out being in the room. Maintaining airgapped systems is multiple times more costly since you have to pay for personal to actually touch each system and to run seperate management platforms to get things like patches, updates and new software deployed. You also get to double your hardware costs since you need systems online and systems offline. Thats Computers, networking gear, power, AC and everything else you need to own two of. But a lot of stuff that didn't even exist 30 or so years ago is now deemed "essential." I think we as a society needs to take a closer look at all this, especially to find out who is saying that we have to have this stuff. Quote Share this post Link to post Share on other sites
billvon 2,792 #11 April 30, 2018 QuoteAre we ever going to reach the point where the first response will be “why the hell was the information online? Why couldn’t it be on a LAN with no external link?" Probably not. Much of the utility of a school network involves being connected to email and other services (emergency school closings, communications with parents, transmission of school records to colleges etc.) And even airgapping isn't foolproof. All it takes is a USB drive, or even connection of a battery powered router in an inconspicuous location. Quote Share this post Link to post Share on other sites
Bob_Church 7 #12 April 30, 2018 billvonQuoteAre we ever going to reach the point where the first response will be “why the hell was the information online? Why couldn’t it be on a LAN with no external link?" Probably not. Much of the utility of a school network involves being connected to email and other services (emergency school closings, communications with parents, transmission of school records to colleges etc.) And even airgapping isn't foolproof. All it takes is a USB drive, or even connection of a battery powered router in an inconspicuous location. What we need is a real life version of U.N.C.L.E.. Remember, they were international and a law unto themselves. Their agents would track down hackers of all and any sort, wherever they are, and do really bad things to them when they find them. Quote Share this post Link to post Share on other sites
Bob_Church 7 #13 April 30, 2018 BillyVance ***https://www.cbsnews.com/news/school-district-pays-10000-bitcoin-ransom-after-cyberattack-massachusetts/ "A Massachusetts school district was waiting Friday for its computer system to be "unlocked" after it paid a $10,000 bitcoin ransom to hackers following a cyberattack on its system. And despite the nefarious nature of the school system's lockdown, there is no criminal investigation into the matter because solving this crime is "impossible," said Interim Leominster Police Chief Michael Goldman.” Are we ever going to reach the point where the first response will be “why the hell was the information online? Why couldn’t it be on a LAN with no external link?" This is getting silly. In a very dangerous way. Atlanta had something similar happen. Don't know the details but the ransom was something like $50K but they spent a couple million fixing the systems that were compromised. We're overdue for moving past the yahoo stage of computer networking. Quote Share this post Link to post Share on other sites
jcd11235 0 #14 May 1, 2018 billvonAnd even airgapping isn't foolproof. All it takes is a USB drive, or even connection of a battery powered router in an inconspicuous location. Sometimes all it takes is a phone call.Math tutoring available. Only $6! per hour! First lesson: Factorials! Quote Share this post Link to post Share on other sites
Bob_Church 7 #15 May 1, 2018 billvonQuoteAre we ever going to reach the point where the first response will be “why the hell was the information online? Why couldn’t it be on a LAN with no external link?" Probably not. Much of the utility of a school network involves being connected to email and other services (emergency school closings, communications with parents, transmission of school records to colleges etc.) And even airgapping isn't foolproof. All it takes is a USB drive, or even connection of a battery powered router in an inconspicuous location. Ok, and yet we insist on using this system and storing and moving confidential information this way. Why? Who decided that the convenience of a network over the ways the information was shared before outweighs the damage that will be caused when it gets hacked? Quote Share this post Link to post Share on other sites
jcd11235 0 #16 May 1, 2018 Bob_ChurchOk, and yet we insist on using this system and storing and moving confidential information this way. Why? Who decided that the convenience of a network over the ways the information was shared before outweighs the damage that will be caused when it gets hacked? So you're suggesting we go back to the days of "Please allow 6-8 weeks for delivery."?Math tutoring available. Only $6! per hour! First lesson: Factorials! Quote Share this post Link to post Share on other sites
billvon 2,792 #17 May 1, 2018 >Who decided that the convenience of a network over the ways the information was >shared before outweighs the damage that will be caused when it gets hacked? Investors who want a better return for their dollar. Customers who want online ordering and three day delivery. Parents who want their child's teacher to respond within a day or two. Schoolkids who want to learn how the Internet works. School administrators who want to keep their jobs. And that's a lot of people. Quote Share this post Link to post Share on other sites
Bob_Church 7 #18 May 1, 2018 Plants love electrolytes Quote Share this post Link to post Share on other sites
gowlerk 2,133 #19 May 1, 2018 Bob_ChurchPlants love electrolytes But only in a narrow range of balance. https://www.youtube.com/watch?v=Tbxq0IDqD04 Quote Share this post Link to post Share on other sites
billvon 2,792 #20 May 1, 2018 >Plants love electrolytes Yep. Things that seem great (profit, efficiency, speed, low cost, electrolytes) can have negative effects when you pursue them to the exclusion of everything else. Quote Share this post Link to post Share on other sites