Worm Infects Washington State Tax Network
This is locally a fairly large story which I thought I'd share as a case study of how even the smallest crack in security can become a major problem on a large network. From the Tacoma News Tribune:
The FBI and the Washington State Patrol are investigating the source of an Internet worm that crippled the state Department of Revenue’s computer network this week and double-billed 1,400 businesses for tax payments.
The worm, a variant of a computer program that infected state government networks a few months ago, most likely entered the system over the weekend, according to Ralph Osgood, the Revenue Department’s deputy director.
As employees logged onto their computers Monday morning, Osgood said “it multiplied very rapidly and took the system down.”
The department, which collects state business and sales taxes, began rebooting its computers Wednesday afternoon and planned to be fully operational today.
As of Wednesday evening, department officials said they had not found any lasting damage. No confidential taxpayer information was lost or compromised. The agency issued credits to the businesses that were charged twice and planned to contact each to explain what happened.
Osgood said the worm “doesn’t appear to scramble data or retrieve data and send it different places.” The goal, he said, seemed to be “to cause chaos.”
FBI Special Agent Roberta Burroughs wouldn’t say if the bureau’s Northwest cyber crimes task force had any leads. “Just trying to figure out what happened,” she said.
The 21/2-day system shutdown made the crash among the most debilitating to strike a state government agency, according to interviews with state agency technology officers.
Worms are independent programs that replicate themselves, spreading from computer to computer on a network.
This particular worm is a variation of a program known as Rbot that has periodically infected the state network over the last few years, said Nancy Jackson, the Department of Information Services’ spokeswoman.
This last paragraph is especially worrisome - apparently the worm has been infecting the system “over the last few years.” Even though this statement is somewhat overdone, considering Rbot was discovered in September 2004, it does show how large institutions should focus on repairing holes that can allow reinfection, something which has obviously failed to be done here.
Despite Revenue Department deputy director Ralph Osgood's assertion that the worm “doesn't appear to scramble data or retrieve data and send it different places,” it should be noted that Rbot opens a backdoor on the infected system, making infection of machines handling tax returns an even more disturbing prospect.