“This virus affected all Microsoft Office Suite documents, such as Word documents and Excel files. In addition, all body camera video, some in-car video, some in-house surveillance video, and some photographs that were stored on the server were corrupted and were lost. No information contained in any of those documents, videos, or photographs was extracted or transmitted outside of the Police Department”
See Police Department’s Files Corrupted
Back in the day when M$ struggled to convince the world that everyone could have a computer on every desk and a few more in the server-room, life was much simpler. Things worked or they didn’t. Often it was some of both conditions. Naturally, as computers became faster and more capable and networks grew too, we did more with computers to the point they were essential infrastructure to be built into our buildings from the start.

Of course, complexity grew too and intruders and malware attacked over the network. About 2003/4 the situation got so bad that the Wintel empire was threatened. Resources were poured into the problem. Code got better. Users became more aware of danger. The problem remains that the number of users and the number of attackers has grown to the point that no one anywhere at any time can be 100% secure. Of course, there is the backup, a copy of everything that can be rolled out to put things back the way they were. That’s what this police-department needed but it didn’t have a good backup, just a copy of the corrupted data where the backup should have been. Someone had the right idea but lacked the imagination to put in more depth.

So, much of their data was corrupted and they’re starting over. Let’s hope they get it right this time. It may not help. Attackers grow more sophisticated. Lord knows, they’ve had the practice whereas their targets are just waiting to be ambushed. I’d recommend they start over with Debian GNU/Linux on desktop and server and perhaps rethink their whole structure of file-system and security and backup. Perhaps a filter on the web might be a good idea… Debian has all they need to filter out most of the bad stuff that comes over the network but no one can get it all. Perhaps they should have important stuff off the web completely.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology and tagged , , , , , , , , , , , . Bookmark the permalink.

7 Responses to Backup?

  1. dougman says:

    Easiest way to own a biz, drop some USB sticks around the place. I purposely dropped one by the CEO’s car, once he plugged in the USB, I wrote on his screen with notepad, “This is why I tell you NOT to pickup USB sticks and plug them in” remotely.

  2. Kurkosdr says:

    LOL, some doofus clicked on a document file in their inbox Said document had some embedded script….PWNED.

    It is the USB autorun disaster all over again. Being hit with code execution getting executed with broad priviledges in a moment when you least expect it. People expect that opening an unsigned executable file from an untrusted source may cause damage, but most general computer training will not teach people that the act of just plugging a USB harddrive or opening a rich text document will cause damage. You have to specifically train them for the situation and they won’t be truly safe even on that case. Microsoft dropped the ball with those two misfeatures. The Windows team got their act together and removed USB autorun feature altogether from XP and in Vista it restricted what apps can do without permission with UAC. The MS Office team still has the misfeature a click away and grants the script broad priviledges.

    Nope. It’s just evil.

    With WPS Office making strides, I have to agree.

  3. Kurkosdr wrote, “MS Office is a necessary evil.”

    Nope. It’s just evil.

  4. dougman says:

    LOL, some doofus clicked on a document file in their inbox Said document had some embedded script….PWNED.

  5. ram says:

    My company has, and continues to, NOT have our main work computing clusters connected to the Internet at all. Even running Linux, the most secure computer is one that is not connected to the Internet or using a WiFi network.

    That being said, we have plenty of Linux server boxen distributed around the world with automatic backups also achieving geographical diversity.

  6. Kurkosdr says:

    transmitted = transmitting

  7. Kurkosdr says:

    You do realise that WPS Office on Windows or LibreOffice on Windows don’t have that security problem, right?

    OS choice here is irrelevant, but you recommended a different OS choice anyway. Bravo!

    But anyway, this post of yours allows me to post the following rant:

    Why, for Zeus’s sake, does an office suite like MS Office need to have such a powerful script interpreter with broad priviledges such as deleting or modifying files (even non-document files) and dropping executables on the harddisk? Why isn’t this feature available as an add-on for the people who really need it? How many documents use those powerful scripting capabilities anyway (such as dropping executable files on the disk) and does it justify having the feature around in its current form, instead of limiting what the macro commands can do, aka make MS Office throw an an error if the macros try to drop executables on the drive or do other evil things such as change registry values, and also make MS Office ask for permission if the macro tries to attach itself to the template or modify existing document files?

    You see, although the Windows team got their act together after the XP security disaster, to the point there is currently no penetration testing scenario which applies to Windows 7 or above but doesn’t apply to Debian GNU/Linux, the MS Office team is stuck in the dark-ages of the 90s and the early 2000s, when giving all-powerful shell scripting capabilities to everything (even a freaking rich text document) was more important than avoiding turning everything into a virus transmitted vector.

    Treat MS Office files from strangers as executable and never click the “enable editing” button and whatever you do don’t enable macros *sigh*. MS Office is a necessary evil.

Leave a Reply