maddogdrivethru.net

Open all night
It is currently Mon Aug 21, 2017 5:46 pm

All times are UTC - 5 hours [ DST ]


Forum rules


Harumpfh. English Gentlemen hardly need lectures on manners from some rabid colonial bumpkin



Post new topic Reply to topic  [ 19 posts ]  Go to page Previous  1, 2
Author Message
 Post subject: Re: NHS Hit By Major Cyber-Attack
PostPosted: Fri May 19, 2017 10:37 am 
Offline
First Sergeant
User avatar

Joined: Tue Feb 01, 2011 3:06 pm
Posts: 8511
Location: inside your worst nightmare
Reputation points: 9548
jack t ripper wrote:
It's much more sinister than simply destroying files. The damn thing subverts the entire electronic medical record system utilizing a previously unknown Microsoft system vulnerability that was apparently discovered by the NSA and THEY wrote the kernel that runs the thing.

How the thing works is the system administrator gets a message saying "pay $100,000 in bitcoin by tonight and we will turn on your system again" :D


Standard practice is to have periodic backups of a system and to have at least two copies at all times, but preferably 3+. The backup process typically involves checking for file consistency (is the copy over here different than the copy over there?) and does not generally involve any elements of the OS, which is to say: you have two-plus copies of the OS on different drives in different locales (and preferably in different regions even). The backup systems have heightened security and restricted access . . .

I've had only one systems admin course and one OS course so I'm definitely no expert, where as the guys that made the malware almost certainly ARE experts. But I suspect that, depending on how this malware works, failing to follow best practices and/or taking short-cuts on best practices is probably a major contributing factor to how it gained a foothold.

With an "ideal" Active Directory setup, the malware would have to not only infect the OS on its initial target machine (which in itself might have been thwartable with better practices), but it would then have to fool the consistency checking and backup process AND manage to infect the backup OS, which would likely mean doing things that the infected OS never did in the first place.

_________________
Nero: So what is your challenge?

Anthro: Answer question #2: How do "Climate Change models" mathematically control for the natural forces which caused the Ice Age(s) to come and go . . . repeatedly?


Top
 Profile E-mail  
 
 Post subject: Re: NHS Hit By Major Cyber-Attack
PostPosted: Sat May 20, 2017 12:34 pm 
Offline
Sergeant Major

Joined: Sat Oct 04, 2008 4:43 pm
Posts: 12312
Reputation points: 2726
One thing is good to know, NHS is still using Windows XP for economical reasons. How wise that is? :roll:

_________________
The trouble with the world is that the stupid are cocksure and the intelligent are full of doubt

Mit der Dummheit kämpfen selbst Götter vergebens.


Top
 Profile E-mail  
 
 Post subject: Re: NHS Hit By Major Cyber-Attack
PostPosted: Sat May 20, 2017 3:58 pm 
Offline
Sergeant Major

Joined: Wed Nov 26, 2008 7:44 am
Posts: 10446
Reputation points: 10757
nero wrote:
One thing is good to know, NHS is still using Windows XP for economical reasons. How wise that is? :roll:


More because of dumb ass reasons. Windows 7/10 isn't expensive. Having someone with the brainz to actually manage the install though, is hard.

I dunno about the NHS personally but I do know a bit about local government IT systems, and they are shockingly bad, as IT departments in the public sector are run by idiots or bureaucrats, but never techies.

_________________
“The gap in EU finances arising from the United Kingdom’s withdrawal and from the financing needs of new priorities need to be clearly acknowledged.” - Mario Monti


Top
 Profile E-mail  
 
 Post subject: Re: NHS Hit By Major Cyber-Attack
PostPosted: Sat May 20, 2017 8:49 pm 
Offline
First Sergeant
User avatar

Joined: Tue Feb 01, 2011 3:06 pm
Posts: 8511
Location: inside your worst nightmare
Reputation points: 9548
Ah it hadn't even dawned on me that they were using an older OS. Most likely it is Windows Server 2003 (which was introduced shortly after XP and incorporated some of XPs improvements, and is more or less the concurrent server OS to the XP era).

There is a distinction between client OS and server OS in Windows (not so sure for Linux).

For example: all the terminals and work stations at NHS might be running Win XP, but the network would have it's own OS which runs the server(s) which the "client" machines interface through. When malware manages to attack a specific enterprise like NHS then it must have breached not only the client OS but more importantly the server OS (in fact, it might even be possible to skip attacking the client OS altogether depending on the method of introducing the malware).

Assuming that Nero's comment about NHS "using XP" is accurate (meaning that many or all client machines run XP) then it may well be that the server systems being used were of the same vintage, i.e., Windows Server 2003. If that is the case, then yeah: that would pose a very serious security weakness.

Windows takes a lot of flack (much of it justified) for constantly putting out new OS; but in truth there are often good reasons for it, as older OS were discovered to have serious flaws like security weaknesses. I still use Win 7 myself and don't intend to change for my personal machine. Win 10 seems to have been received with a lot of fanfare by most and a lot of criticism by some (mostly having to do with the UI), but I've heard more than one expert whose opinion I respect say that Win 10 is the most secure client OS yet. I'm not sure if that applies to the concurrent server OS (which I believe is Windows Server 2016) but it would certainly make sense, given that the client OS is largely designed "from" the server OS or at least to articulate with it effectively.

At least since Windows Server 2012 (the server OS that I'm familiar with from the one "network admin" course I finished) it is possible (and this is a somewhat foggy memory from about a year ago when I was taking the class) for client machines to be using a variety of client side OS, even (if memory serves) non-Windows OS (which is important in many industrial circumstances where robots, assembly line mechanisms, cash-registers, etc., might be running some strange niche OS). So, it is possible that . . . even IF most or all the NHS client machines still use XP, that the server OS is in fact the most up-to-date (or at least 2012 or later).

On a 2012 Active Directory (and possibly even since 2008) a network might have a mixture of client machine OS, but I think XP might be the oldest compatible.

_________________
Nero: So what is your challenge?

Anthro: Answer question #2: How do "Climate Change models" mathematically control for the natural forces which caused the Ice Age(s) to come and go . . . repeatedly?


Top
 Profile E-mail  
 
 Post subject: Re: NHS Hit By Major Cyber-Attack
PostPosted: Sun May 21, 2017 1:25 pm 
Offline
Sergeant Major

Joined: Fri Dec 05, 2008 3:19 pm
Posts: 22643
Reputation points: 14860
Anthropoid wrote:
jack t ripper wrote:
It's much more sinister than simply destroying files. The damn thing subverts the entire electronic medical record system utilizing a previously unknown Microsoft system vulnerability that was apparently discovered by the NSA and THEY wrote the kernel that runs the thing.

How the thing works is the system administrator gets a message saying "pay $100,000 in bitcoin by tonight and we will turn on your system again" :D


Standard practice is to have periodic backups of a system and to have at least two copies at all times, but preferably 3+. The backup process typically involves checking for file consistency (is the copy over here different than the copy over there?) and does not generally involve any elements of the OS, which is to say: you have two-plus copies of the OS on different drives in different locales (and preferably in different regions even). The backup systems have heightened security and restricted access . . .

I've had only one systems admin course and one OS course so I'm definitely no expert, where as the guys that made the malware almost certainly ARE experts. But I suspect that, depending on how this malware works, failing to follow best practices and/or taking short-cuts on best practices is probably a major contributing factor to how it gained a foothold.

With an "ideal" Active Directory setup, the malware would have to not only infect the OS on its initial target machine (which in itself might have been thwartable with better practices), but it would then have to fool the consistency checking and backup process AND manage to infect the backup OS, which would likely mean doing things that the infected OS never did in the first place.



or better yet..an actual air gap between the front line system and the back-up. Part of the problem I think is the complexity and demand for 24 hr a day access for an electronic medical record. Critical lab results and x-ray results for example have to be up to date by the minute or there is chaos. Ditto order entry for meds.

Even worse, the x-ray/MRI database is usually a proprietary thing that has to liason with the main EMR. Ditto lab results which are often managed by a contract lab with its own system. Ditto billing which is, believe or not, often DOS based. :lol:

Then you have add on software that Medicare essentially requires and it is a real nightmare. Often there are liasons with outside electronic record systems for the physicians so they can get results in their offices or even write orders or notes remotely.

All you need is interruption for 1 day and a big hospital can loses tens of millions and piss off all the patients and doctors who then might go elsewhere.

_________________
I haven't figured out how to the block thingy works but if anyone alters my posts I will become really, really angry and throw monkey poop out of my cage.


Top
 Profile E-mail  
 
 Post subject: Re: NHS Hit By Major Cyber-Attack
PostPosted: Sun May 21, 2017 6:56 pm 
Offline
First Sergeant
User avatar

Joined: Tue Feb 01, 2011 3:06 pm
Posts: 8511
Location: inside your worst nightmare
Reputation points: 9548
jack t ripper wrote:
or better yet..an actual air gap between the front line system and the back-up. Part of the problem I think is the complexity and demand for 24 hr a day access for an electronic medical record. Critical lab results and x-ray results for example have to be up to date by the minute or there is chaos. Ditto order entry for meds.

Even worse, the x-ray/MRI database is usually a proprietary thing that has to liason with the main EMR. Ditto lab results which are often managed by a contract lab with its own system. Ditto billing which is, believe or not, often DOS based. :lol:

Then you have add on software that Medicare essentially requires and it is a real nightmare. Often there are liasons with outside electronic record systems for the physicians so they can get results in their offices or even write orders or notes remotely.

All you need is interruption for 1 day and a big hospital can loses tens of millions and piss off all the patients and doctors who then might go elsewhere.


And that is why a senior network admin literally IS GOD! :mrgreen:

On some techie board I was reading recently I encountered a new term: BOFH "Bastard Operator From Hell," who might also be referred to as "hacker in the making."

_________________
Nero: So what is your challenge?

Anthro: Answer question #2: How do "Climate Change models" mathematically control for the natural forces which caused the Ice Age(s) to come and go . . . repeatedly?


Top
 Profile E-mail  
 
 Post subject: Re: NHS Hit By Major Cyber-Attack
PostPosted: Tue May 23, 2017 2:01 pm 
Offline
Sergeant Major

Joined: Sat Oct 04, 2008 4:43 pm
Posts: 12312
Reputation points: 2726
Anthropoid wrote:
...
Assuming that Nero's comment about NHS "using XP" is accurate (meaning that many or all client machines run XP) then it may well be that the server systems being used were of the same vintage, i.e., Windows Server 2003. If that is the case, then yeah: that would pose a very serious security weakness.


Well, not assuming anything. If You Still Use Windows XP, Prepare For the Worst. And NHS meets the challenge.

Sad, but true.

_________________
The trouble with the world is that the stupid are cocksure and the intelligent are full of doubt

Mit der Dummheit kämpfen selbst Götter vergebens.


Top
 Profile E-mail  
 
 Post subject: Re: NHS Hit By Major Cyber-Attack
PostPosted: Wed May 24, 2017 12:46 pm 
Offline
Sergeant Major

Joined: Sat Oct 04, 2008 4:43 pm
Posts: 12312
Reputation points: 2726
Hopefully this is old news: America's feared nuclear missile facilities are still controlled by computers from the 1960s and floppy disks

But then Mail is not reliable source. :roll:

But having nuclear missiles controlled by 8¨ floppies is kind of cute. ;)

Positive side is that nuclear silos can not be hacked.

_________________
The trouble with the world is that the stupid are cocksure and the intelligent are full of doubt

Mit der Dummheit kämpfen selbst Götter vergebens.


Top
 Profile E-mail  
 
 Post subject: Re: NHS Hit By Major Cyber-Attack
PostPosted: Thu May 25, 2017 1:20 am 
Offline
First Sergeant
User avatar

Joined: Tue Feb 01, 2011 3:06 pm
Posts: 8511
Location: inside your worst nightmare
Reputation points: 9548
Sort of like the "Battlestar Galactica" solution to the malicious cylon: unplug ALL the computers!

_________________
Nero: So what is your challenge?

Anthro: Answer question #2: How do "Climate Change models" mathematically control for the natural forces which caused the Ice Age(s) to come and go . . . repeatedly?


Top
 Profile E-mail  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 19 posts ]  Go to page Previous  1, 2

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group