5700709
story
Comments: 329 +- Hardware: FBI Investigating Mystery Laptops Sent To US Governors on Friday August 28, @06:59AM
background: url(//a.fsdn.com/sd/topics/topicportables.gif); width:53px; height:54px;
portables
background: url(//a.fsdn.com/sd/topics/topicsecurity.gif); width:59px; height:78px;
security
background: url(//a.fsdn.com/sd/topics/topicus.gif); width:80px; height:61px;
usa
background: url(//a.fsdn.com/sd/topics/topichardware.gif); width:64px; height:55px;
hardware
background: url(//a.fsdn.com/sd/topics/topicit.gif); width:75px; height:61px;
it
itwbennett writes "The FBI is trying to find out who is sending laptops to state governors across the US, including the governors of Wyoming and West Virginia. The West Virginia laptops were delivered to the governor's office on August 5, according to the Charleston Gazette, which first reported the story. Kyle Schafer, West Virginia's chief technology officer, says he doesn't know what's on the laptops, but he handed them over to the authorities. 'Our expectation is that this is not a gesture of good will,' he said. 'People don't just send you five laptops for no good reason.'"
One of the pleasures of reading old letters is the knowledge that they
need no answer.
-- George Gordon, Lord Byron
All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2010 Geeknet, Inc.
Me (Score:5, Funny)
If the governors don't want them, I'll have them.
Re:Me (Score:5, Funny)
West Virginia - keeping Hughes Net in business since 2005.
Parent
Re:Me (Score:5, Funny)
Parent
OLPG (Score:5, Funny)
Its obviously the one laptop per Governor project.
Are you kidding me? (Score:4, Funny)
Are you kidding me? I've received hundreds of free laptops from total strangers. In fact, I trust them so much that I do all my banking on them. After all, this nice downtrodden Nigerian prince has personally guaranteed the security and stability of all these laptops. Now, let me go check my bank balance....OMGWTFBBQ^*#^$@))*#$!!!!!
NO CARRIER
Re:Are you kidding me? (Score:5, Funny)
NO CARRIER
I understand breaking the monitor and keyboard in such situation, but you actually went out of the house, walked to your tool shack, picked up an axe and smashed your telephone line with it? That's a little bit aggressive, dont you think?
Parent
If the govenors do not want them... (Score:5, Interesting)
Interesting angle on social engineering... (Score:5, Interesting)
You get the laptops delivered to a big enough organisation, whoever signs for them assumes *somebody* ordered them for a reason, but can't find out who. So they stash them somewhere. Fast forwards to when someone new joins the organisation and needs a laptop, somebody mentions there are a couple lying around in boxes and bingo, you've got malware in through the front door without touching an Internet connection.
Makes me wonder, how often this has been done successfully to less vigilant offices, worked, and we haven't heard about it.
Re:Interesting angle on social engineering... (Score:5, Interesting)
That's an expensive hack! Especially when the typical methods are practically free. I wonder how effective it is.
You know, it might be cheaper to just "accidentally" drop usb drives near the office or, if you're not targeting a particular office specifically, leave the drives in coffee shops and local restaurants. Someone takes it home and tries looking at it, pwnage.
Parent
Re:Interesting angle on social engineering... (Score:4, Insightful)
Parent
Don't assume Fraud is occuring on the delivery (Score:5, Interesting)
Go for the obvious. Someone is trying to get revenge on corporation "x" by purchasing a bunch of computers and having them drop shipped. By the time accounting catches up with the paperwork, the computers will be in the hands of the FBI for a month. If the scam is done right, it is done by an ex-employee or someone with just enough access to know who the preferred suppliers are. You make a couple of phone calls, send the right paperwork, and next thing your computer vendor is drop shipping a bunch of computers somewhere.
Having worked for distributors, I'm surprised this doesn't happen more often. Having stuff go missing for weeks on end inside factories, fairly routine ... This wouldn't be hard to do. Just ship a bunch of computers somewhere else.
It is even difficult to get charged for doing something like this. FAXing the paperwork leaves no fingerprints. To the accounting department, the transaction looks like typical incompetence. The corporation won't request charges laid, because then they would have to admit they were incompetent too, and this stuff happens all the time. The police have a tough time charging you, because you didn't steal anything. If done right, you didn't even touch anything so there is no physical evidence. No evidence means no crime, and your revenge makes the national newspapers. Perfect revenge scheme.
Parent
Re: (Score:3, Interesting)
You get the laptops delivered to a big enough organisation, whoever signs for them assumes *somebody* ordered them for a reason, but can't find out who.
Hehe. I worked for a large company where on more than one occasion someone just sends their laptop in to the workshop only to be lost in the stack because they didn't put a ticket number on it. It wasn't stolen but rather just with all the other laptops in a pile and was basically unlocatable for a few months.
Secondly, the purchasing approval process sometim
Reality is weirder than fiction (Score:4, Funny)
Re: (Score:3, Funny)
Egad. If I want cheap obnoxious thrillers, I'll read Greg Bear's lesser work...
I can see it now (Score:5, Funny)
Hard-Trojans (Score:5, Funny)
"A what? Whatever, put it in the yard next to the giant wooden horse."
Re: (Score:3, Insightful)
a delivered local wi-fi attack? (Score:3, Interesting)
fedex sleeping laptop
wake at delivery time
run superduper wi-fi haxor proggy
phone home
Re:a delivered local wi-fi attack? (Score:5, Funny)
"a delivered local wi-fi attack" is the best poetry I've read all day. Your lack of punctuation and capitalzation reminds me of e.e.cummings, and the unexpected Spielberg reference at the end is a stroke of genius. You should do poetry slams. (imagine "run superduper wi-fi haxor proggy" to the sound of a bass slapping. )
Parent
Re:a delivered local wi-fi attack? (Score:5, Funny)
I'm imagining it, but it's really hard to get a good rhythm out of a dead fish.
Parent
Hacked hardware? (Score:5, Interesting)
Re: (Score:3, Insightful)
I think that they are more concerned about bombs than BIOS trojans.
Re:Hacked hardware? (Score:5, Funny)
The article says that they were HP laptops, not Sony.
</obvious>
Parent
2 democrats (Score:4, Interesting)
Updated news report (Score:5, Funny)
Stop being so paranoid (Score:5, Interesting)
Send 10 laptops or have bad luck for 7 years. (Score:5, Funny)
> Send a laptop to 10 people or you will have bad luck for 7 years. If you do send laptops to 10 people you will get your greatest wish!!
>
> A woman in Canada didn't send the laptops and now she is in prison for cheating on her taxes.
>
> A man in Kansas sent the 10 laptops and now has a new laptop!
>
> This is not a hoax or scam!! YOu HVAE TO SEND THIS!! 10 Laptops or something horrible will happens. Send it to all your friends!!!
> >
> > It's TRUE!! I got cancer when I didn't send the laptops, but then I sent them and now I have a million dollars!!!11
> >
> > Don't think this is a trick!! Just do it !1 Wjhat do you have to lose??
> >
> > Jack in Fredricksburgton
> >
> >
> > > I can't count the number of times I've sent out these kinds of Laptops and gotton NOTHIONG. But this is the real deal.
> > > You can't go wrong with this one. Think about it, you already got the laptop. You already have it...
> > > but dont' just accept the gift and not pass it on or your in for big troubles.
> > > >
> > > > Here is a free laptop. Pass this on to 10 friends and enjoy!
> > > >
> > > > Richard R.
Parent
OLPC (Score:3, Funny)
One Laptop Per *CHILD*.
Have they turned it on? (Score:3, Funny)
All it probably just plays Rick Astley "Never Gonna Give You Up" in a loop.
Hackers (Score:5, Funny)
When they turn 'em on, does it show some distorted video of a guy telling them to play nice, and to enjoy the new laptop?
That might not be safe enough (Score:5, Insightful)
What if whoever's sending them isn't just a small-time crook but a foreign intelligence agency with the resources to custom-make chips with built-in back doors. (Such back doors have been demonstrated to be plausible; someone has built a CPU with a circuit which switches off memory protection when it finds a specific sequence on a memory bus, which means that it doesn't matter how secure the software running on it is.)
Why would they target state governors' offices? Well, they'd presumably be easier to pwn than, say, the Department of Defence or the CIA, and a good starting point for setting up pieces.
Parent
Re:That might not be safe enough (Score:4, Insightful)
But delivering them this way is attracting too much attention. Better to deliver the machines to their normal IT supplier, perhaps by getting one of your people on the payroll.
Parent
Re:That might not be safe enough (Score:5, Insightful)
But delivering them this way is attracting too much attention. Better to deliver the machines to their normal IT supplier, perhaps by getting one of your people on the payroll.
It would be far cheaper to put malware on a USB key with a logo of some government project on the side and mail that to them. They could use the same CD autorun thing that the U3 malware uses.
Parent
Re:That might not be safe enough (Score:5, Insightful)
Are you kidding?
If I wanted to guarantee that a found USB key would be plugged in somewhere, I'd label it "porn".
Parent
Re:That might not be safe enough (Score:5, Funny)
On small (4-5 person) LAN parties back in the nineties, I knew a guy who shared his floppy drive under the name "porn". When somebody got too horny, their expectation of anonymity were ruined by the characteristic noise those drives make when they try to read from a non-existent floppy.
Parent
Re:That might not be safe enough (Score:5, Interesting)
Really? They why state governors? They really don't have a lot of access to secret stuff. My guess is a little more amusing. Someone has figured out how to hack into HPs GSA ordering system and is pranking them. They are basically ordering laptops on the states dime from HP just to see if anyone notices. Sort of like ordering Pizzicati to be set to buddy's house as a joke. The difference is this is going to be a federal offense.
Parent
Re:That might not be safe enough (Score:4, Funny)
God would send an iPhone, not a laptop.
Get real.
Parent
Why assume it's some foreign entity? (Score:4, Insightful)
What do the states whose governors received these laptops have in common? The referenced article didn't mention the complete list but West Virginia and Wyoming might have something commercial in common. Mining or energy for example. Wouldn't a lobbyist with some powerful clients in the mining/energy industry just love to have access to some state computer systems where they could snoop through internal emails discussing potential legislation restricting mining activities? West Virginia's had problems with mountaintop removal for years. There's been talk of stopping that for some time. Wyoming has their share of mining companies abusing the environment as well.
On the other hand, perhaps a bunch of environmentalists shipped the laptops in the hope of getting access to state information so they could blow the whistle on state govt./industry shenanigans (bribes and the like).
Anyone know where there's a complete list of the states where these laptops were shipped?
Parent
Re:That might not be safe enough (Score:5, Interesting)
Parent
Re: (Score:3, Insightful)
Then again.... maybe this is just QA.
Put in your malbug, send the laptops out in a high profile way... see what happens. Do they investigate? Do they even find what you did? That, in and of itself, could be valuable information, and possibly worth 5 laptops.
Though I do enjoy the double standard. Someone breaks into your systems, with evidence. Think the FBI is going to care unless they can be shown to have done massive damage or stolen real money?
Here someone does something that is, on its face, perfectly
Re:If they don't want them (Score:5, Interesting)
Seriously, they don't have one good tech guy who could wipe the drives/check the internals for rogue hardware?
Not at a cost less than the price of one new laptop. Smart hardware people with time to prepare could hide just about any device just about anywhere. Or hide nothing at all just so people waste time looking for what isn't there.
I get the impression this is just a prank by someone with a little too much free cash and a bad sense of humor. Either that or a marketing thing by a laptop manufacturer.
Parent
Re: (Score:3, Insightful)
And if it's a hardware issue? I'd donate them to a educational organization (after wiping them down for malware)
Re: (Score:3, Informative)
Hidden, malicious hardware.
Re:If they don't want them (Score:4, Insightful)
You wipe the OS and install a new one. You clean it up from the default bloatware and hook it to the network. You analyze the connection and if there is no communication the devices are safe.
You seem like a intelligent gentleman providing great solution for both the latest gov IT attacks AND the recession!
If this happens, I can see both China's computer espionage and Kim Jong's heads exploding from the sore happiness!
Parent
Re: (Score:3, Insightful)
Re:If they don't want them (Score:5, Insightful)
Show me an IT monkey who could tell the difference between two standard network adapters, one of them fine and the other containing a counterfeit MAC/PHY IC that's been fucked with by Chinese intelligence services...
And for the time taken to vet the laptop for such things, you might as well throw it out.
On the other hand, if you actually did want to get government personnel using subverted hardware then I think just sending it to them anonymously is probably not a good way of going about it... so maybe the criminals aren't that smart. Or maybe that's what they want you to think?
Parent
Re:If they don't want them (Score:4, Insightful)
> And for the time taken to vet the laptop for such things, you might as well throw it out.
Except that if I were the CIA, I would pay a lot more than the price of 5 laptops to know who was spying on me, and how.
Parent
Re: (Score:3, Insightful)
Actually, you would have to be pretty stupid to send them to the CIA. You'd send them to the FBI (as TFA mentions), who would try to figure out if it was foreign or domestic, and then they would get the real experts (NSA) to do the technical work.
Re: (Score:3, Funny)
Nigeria actually has a bank called "Bank PHB" [promote-my-site.com] with the slogan "Be you, be free, be brilliant". I can't help but think of the PHB from Dilbert [promote-my-site.com];
Re: (Score:3, Insightful)