FBI investigating laptops sent to US governors
There may be a new type of Trojan Horse attack to worry about
IDG News Service - The U.S. Federal Bureau of Investigation is trying to figure out who is sending laptop computers to state governors across the U.S., including West Virginia Governor Joe Mahchin and Wyoming Governor Dave Freudenthal. Some state officials are worried that they may contain malicious software.
According to sources familiar with the investigation, other states have been targeted too, with HP laptops mysteriously ordered for officials in 10 states. Four of the orders were delivered, while the remaining six were intercepted, according to a source who spoke on condition of anonymity because of the ongoing investigation.
The West Virginia laptops were delivered to the governor's office several weeks ago, prompting state officials to contact police, according to Kyle Schafer, the state's chief technology officer. "We were notified by the governor's office that they had received the laptops and they had not ordered them," he said. "We checked our records and we had not ordered them."
State officials in Vermont told him they've received similar unsolicited orders, Schafer said. Representatives from those states could not be reached for comment Thursday.
Schafer doesn't know what's on the laptops, but he handed them over to the authorities. "Our expectation is that this is not a gesture of good will," he said. "People don't just send you five laptops for no good reason."
The computers are now being held as evidence by state police, who are working with the FBI to figure out how the machines were sent to the governor's office, said Michael Baylous, a sergeant with the West Virginia State Police.
The West Virginia laptops were delivered Aug. 5, according to the Charleston Gazette, which first reported the story.
The laptops sent to the Wyoming governor's office arrived in two separate shipments on Aug. 3 and Aug. 6, according to Cara Eastwood, a spokeswoman for Governor Freudenthal.
"We received one package, opened it and realized that it was an error since no one in our office had ordered them," she said. "The next day we received another package. At this point we realized that they needed to be turned over to law enforcement."
Although there is no evidence that the computers contain malicious code, HP confirmed Thursday that there have been several such orders and that they have been linked to fraud. "HP is aware that fraudulent state government orders recently have been placed for small amounts of HP equipment," spokeswoman Pamela Bonney said in an e-mail message. "HP took prompt corrective action to address the fraudulent orders and is working with law enforcement personnel on a criminal investigation."
With users now more reluctant to install suspicious software or open attachments on their networks, scammers appear to be looking for new ways to get inside the firewall.
Criminals have tried to put malware on USB devices and then left them outside company offices, hoping someone would plug them into a computer and inadvertently install malicious software on the network. Many Windows systems are configured to automatically run software included on CDs and USB devices using a Windows feature called AutoRun.
Many organized criminals would be happy to spend the cost of five PCs in order to access government computers, said Steve Santorelli, director of investigations with security consultancy Team Cymru. "What is a netbook? $700? You send five of them; you're dropping three grand, and say you get into the Congressional e-mail system. How valuable would that be?"
- Google I/O 2013's Coolest Products and Services
- 10 Star Trek Technologies That are Almost Here
- 19 Generations of Computer Programmers
- 25 Must-Have Technologies for SMBs
- A walking tour: 33 questions to ask about your company's security
- 15 social media scams
- The 7 elements of a successful security awareness program
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Federal IT Innovation Caught in a Catch-22
- Fed resources shoring up old infrastructure, holding back new technologies.
- Case Study: Hospital Turns to Email Archiving Solution to Ensure Regulatory Compliances
- Read this case study to learn how a cloud-based email archiving solution enabled the hospital to meet government mandates and helps avoid thousands...
- Case Study: In-the-Cloud Email Service Replaces Three Point Products
- Read this case study for more information on a comprehensive in-the-cloud email service to help replace three point products.
- Case Study: Simplifying the Transition to Exchange 2010 with Email Management Solutions
- Read this case study to learn how a cloud-based email management solution greatly simplified the company's transition to Exchange 2010.
- What does it take to deliver Security, Privacy and Trust at Mimecast?
- This whitepaper explains the process and controls that Mimecast put in place to deliver a secure, private and trusted SaaS platform for your... All Government IT White Papers
- 3 Reasons Why Sepaton is the World's Fastest Backup Solution
- Leading analyst, Storage Switzerland learns how Sepaton backs up and deduplicates massive data volumes while maintaining the industry's fastest performance - all in...
- Enterprise File Sharing: All You Need to Know
- Security. Scalability. Control. These are just some of the many benefits of enterprise cloud file-sharing that you'll discover in this KnowledgeVault, packed with...
- Bridging HTTP and FTP with FileXpress Internet Server
- What if you could take an FTP server on your internal network, and allow external users (partners or customers) to securely access it...
- MFT and FileXpress - An Overview
- Business users and applications exchange files on a regular basis. File transfer is a core part of the flow of business activity.
- Content Analytics: Big Data Conquered, Customer Service Elevated
- For organizations looking to start a content analytics program or improve their existing capabilities, Aberdeen Group and IBM will lay out several recommendations... All Government IT Webcasts