Feds Now Allowed To Use Internet

fast66 writes "Nextgov reports that a new court order allows the Department of the Interior to connect to the Internet, six years after the federal agency was ordered to disconnect. District Judge James Robertson wrote in his ruling, 'I find that the consent order is of no further use and must be vacated.' 'The ... disconnected offices and bureaus may be connected.' He added that his ruling was based not on evidence but 'on a legal conclusion that it is not my role to weigh IT security risks.'"

The decision title

[by Anonymous Coward]

The decision was entitled, "The internet: Serious Business."

Tomorrow's news:

[symbolset (646467)]

Interior department compromised by botnet.

Re:Tomorrow's news:

[antek9 (305362)]

That's what I was wondering: Imagine they had indeed strictly obeyed that order for six years now, and would just 'finally' re-plug their > six year old PCs and laptops, having missed security and virus signature updates for such a long time: That would be like they say, when the cat's away...

Watch out for new torrents of sensible data from the same evening on. But of course, that's just my little hysterical hyperbole, they wouldn't have taken that order by the word, now, would they? They cannot, no, can they?

Re:Tomorrow's news:

[by Anonymous Coward]

Um, you do realize that you can set up an internal WSUS server and manually sync it with an external WSUS server and keep computers on a disconnected network up to date, right?

Good, because that's what I did when we first got kicked off. I haven't worked there for a few years so I don't know if they kept it up, but it's not hard to do - and certainly not hard to do in preparation of re-connection.

I guarantee you, the Trust Bureau's probably have networks secure then most military networks. The scrutiny on them from the courts and plantiff's is huge and they know it.

Funny how the person who started the lawsuit also happens to own a bank and wants the trust fund moved to her bank for administration. Funny how that never comes up - it's always just the "evil government". No, there could never be any other ulterior motives here.

Puhleeze....

Re:

[tverbeek (457094)]

Hasn't this judge seen the pilot for the current Battlestar Galactica series? This is madness!

Re:Tomorrow's news:

[Uncle Focker (1277658)]

This is madness!

No, THIS IS SPARTA!

Re:Tomorrow's news:

[Digestromath (1190577)]

This is madness!

No, THIS IS SPARTA!

Mick Dundee: "Thats not a Sparta, THIS IS A SPARTA."

Well he's right

[by Anonymous Coward]

It is not the job of a judge to weigh that risk.

Re:

[NemoinSpace (1118137)]

Not even close. His duty was to interpet and adminster the law. The law being at least in part what was already ruled on. I applaud him for recognizing that he had no idea on the subject matter. But there was nothing stopping him from entertaining Amicus curiae from the slashdot crowd.

Real people and damages occurred as a result of the way the morons ran their business and the original ruling recognized that. This judges response of "it's not my job" is typical bullshit. If it wasn't his job then he sho

Re:

[frank_adrian314159 (469671)]

But it is the job of a judge to determine whether or not the agency complied with the earlier ruling telling them to secure their systems. And for those of you who are unfamiliar with this case, the only reason why the DoI was forced off the Internet by the initial ruling was incompetence over a period of many years to secure the data on their system and willful intransigence to do anything about it. And for those of you who want to know what could be so necessary for the DoI to secure, it was the Bureau

Re:

[overunderunderdone (521462)]

But, of course, to you right-wing pukes, it's the government, it's a judge, and so it's good that this decision was made to let some dumbass agency back onto the web.

I agree with the substance of your comments. But, I don't understand the "right-wing pukes" dig. What exactly is "right-wing" about comments applauding this decision? It doesn't seem like an issue that cuts neatly into a left/right conflict. Judicial overreach in the initial decision maybe? But, the defendant is a government bureaucracy gettin

You've got to be kidding me!

[Synthaxx (1138473)]

You mean they've not been watching us all this time?!
Think of all the [Redacted] i could have [Redacted]!
Or all the [Redacted] i could have sold!
Now they tell us this.
I hope they [Redacted]

Edit: FBI_Smith(Admin), reason: "Nothing to see here, move along"

Re:

[Ethanol-fueled (1125189)]

Our friends at the FBI are apparently understaffed and ignorant [foxnews.com], according to a whistleblower of possibly middle-eastern descent. Now's the time to [redacted] and schematics of [redacted]. Allahu Akbar!

Also, some brave freedom fighterchucked eggs at Ballmer [google.com].

Yes, I got it

[by Anonymous Coward]

First Post!

(at least from the Department of the Interior)

No internet connectivity since 2001?

[Coopjust (872796)]

I wonder if they'll update the machines beforehand. Anyone remember how long it takes for a Pre-SP2 copy of Windows without a good AV and firewall takes to get a worm? Minutes?

In all seriousness, I hope that they take some precautionary steps before plugging in the LAN cables...

Re:No internet connectivity since 2001?

[falcon5768 (629591)]

Well lets be honest here

1) If their cables where unplugged in the first place, their IT department is made of fail. There is no reason to NOT have a LAN regardless of your internet need.

2) If their IT was worth the scratch they are getting paid, they pulled the updates needed and applied them without the use of autoupdate.

Granted I fear I just missed the joke, but hey its /. that wouldnt be anything new here.

Re:No internet connectivity since 2001?

[sfjoe (470510)]

I don't know about this particular instance but it's not uncommon for a government agency to outsource their IT work to consultants like Accenture and IBM. While it's fun to mock government incompetence, the fail might well come from the private sector.

Re:

[x_MeRLiN_x (935994)]

1. X pays Y to do Z
2. Z is completed badly
3. X reviews Y's performance
4. Go to 1

I can't seem to understand why you think X is free from blame.

Re:

[by Anonymous Coward]

It took me 15 seconds back in 2005 to get an IRC bot and a worm.

Re:No internet connectivity since 2001?

[Suhas (232056)]

15 seconds? Ridiculous. What were you running on, Pentium 75Mhz?

Re:No internet connectivity since 2001?

[Tenebrousedge (1226584)]

I think this is usually a game played at security/hacker conferences. Hook up unpatched windows box, time it until it gets an infection. [xkcd.com] From what I remember reading it generally takes less than a minute. As of 2005, one company's estimate was twelve minutes to infection [realtechnews.com]. The last time I booted windows (box connected directly to the net without a router) I had the firewall in verbose mode and it registered an average of two intrusion attempts per minute.

Generally speaking, there's a reason that windows machines come with AV and firewalls these days. I'm sure the most conservative estimates of time-to-pwn would be less than the time it would take to download updates.

Re:

[AdamPee (1243018)]

I can tell you for a fact that an unupdated XP machine can get a virus before I could download a copy of Avast, much less official updates.

That was silly..

[Creepy Crawler (680178)]

Well, a judge should not be making smart calls what governmental policy should be. Silly laws will be paid for by Congress, but I digress.

Is it smart that the US governmental departments can now get online? Not in my opinion. These networks should be segregated from the unwashed internet as there is no data security or guarantees of anything except being hacked. Even the most "uber secure" area can be hacked with varying degrees of effort, either externally or internally. This just opens a vector that was once unopened.

Not smart.

Re:

[icebike (68054)]

> These networks should be segregated from the
> unwashed internet as there is no data security or
> guarantees of anything except being hacked.

Of course the Judge probably has internet access. Somehow it seems ok for a Judges court documents to be compromised, but

All of this could have been solved with a few $59 dollar routers between these offices and the wide woolly world of the web.

Nothing is totally unhackable.

But in this case some judge "deemed that Indian trust accounts were vulnerable to com

Re:

[bluefoxlucid (723572)]

$59 dollar routers, are you a dumbass? The networks use NAT for anything internal, Linksys routers don't have magic "Can't Hack Me" force shields.

What is it with these arm chair security experts? Some of us could butt heads with Bruce Schneir and Marcus Ranum and then we see people who are like "ooh WEP sux see I know security, get a router!" with no understanding of network architecture whatsoever.

Re:

[geekoid (135745)]

"Even the most "uber secure" area c..."

haha, hack the ICBM com network, I dare you.

Yes, lets not let people have access to their government, lets keep everything paper based and in some dusty book and the bottom of some building where the public can 'access' it.

Re:

[Creepy Crawler (680178)]

Its easy to screw around with any network...

Wow, it uses sat uplinks. Lets find out where and what frequency...

Ok, lets aim our 10KW tight beam parabola at it and screw over communication. Simple and efective, but it does let them know where you are. In fact, many commercial comsats didnt, prior to 2000, use encryption.

IIRC, NBC's master feed was hacked in this precise way.

The only way to create uber-secure networks is to not have one.

Re:That was silly..

[icebike (68054)]

> Even the most "uber secure" area can be hacked
> with varying degrees of effort, either externally
> or internally. This just opens a vector that was
> once unopened.

Excuse me, Did you RTFA?

How is the Bureau of Indian Affairs in need of security in excess of the Defense Department, Congress, the IRS, and the Nuclear Regulatory Commission?

I bet you were around here dumping on the Federal Government response to Katrina too! You can't have it both ways.

You can not have efficient and responsive government agencies when you relegate them to 1960s era technology.

Re:That was silly..

[Creepy Crawler (680178)]

Who said I want an efficient government???

I want a slow-as-molasses-in-antartica government that will make as few laws as possible. If Congress knows they will only pass 100 bills per year, you'd hope they would check them better.

Now, we have a somewhat eficent government that can and will make laws based on "save the children", "kill pedophiles" or "teh evul terrorists" without any thoughts on how those laws can be used in other, unforeseen ways.

Re:That was silly..

[j79zlr (930600)]

I think you are making a very poor assumption that the laws weren't indeed passed explicitly for those "other, unforeseen ways."

Re:That was silly..

[TubeSteak (669689)]

How is the Bureau of Indian Affairs in need of security in excess of the Defense Department, Congress, the IRS, and the Nuclear Regulatory Commission?

Well, you could argue that the Bureau of Indian Affairs (BIA) should have security equal to that of the State Dept., Treasury Dept., and IRS.

The BIA is all those things for Native American tribes, each one being Sovereign.

What the BIA used to have was the online equivalent of a safe, with the combination 12345, holding Native Americans' money.

Re:That was silly..

[belmolis (702863)]

This is not a case of a judge gratuitously injecting himself into computer security. This situation arose when Indians sued for royalties held in the Indian Land Trust by the Bureau of Indian Affairs, which is part of the Interior Department. During the suit, it turned out that the problem was not just that they weren't getting paid, but that BIA's record-keeping was woefully inadequate. Just figuring out what the plaintiffs were owed proved to be a huge problem. Judge Lamberth ordered the BIA disconnected because court-appointed experts had hacked into the BIA and found the Indian trust fund records to be insecure.

Of course, it isn't only external threats that are a concern. BIA is so incompetent or malicious that they are reported to have deleted their backup tapes [motherjones.com]. Judge Lamberth was so appalled that he threatened to jail the Secretary of the Interior for contempt of court. The government eventually got him removed on the dubious grounds that he was biased against the government, the only evidence of which was his well justified criticism BIA.

Re:That was silly..

[belmolis (702863)]

Before somebody claims that Judge Lamberth is some kind of left wing judicial activist, let me point out that he served in the JAG corps, including one year in Vietnam and then as a prosecutor until he was appointed to the bench by Ronald Reagan in 1987. There he endeared himself to the Republicans [worldnetdaily.com] by his rulings against the Clintons.

Here is his official biography [uscourts.gov] and here is the wikipedia article about him [wikipedia.org].

Re:

[icebike (68054)]

This is not a case of a judge gratuitously injecting himself into computer security.
This situation arose when Indians sued for royalties held in the Indian Land Trust by the Bureau of Indian Affairs, which is part of the Interior Department. During the suit, it turned out that the problem was not just that they weren't getting paid, but that BIA's record-keeping was woefully inadequate.

And who's problem was the in-adequate record keeping? After all, with over 86% of BIA Employees being Native American, and the agency being largely a welfare establishment it seems highly likely that there was more than a little social engineering going on, rather than simple technical inadequacy.

Source of demographics:http://www.bestplacestowork.org/BPTW/rankings/agency.php?code=IN06&q=scores_subcomponent

Re:

[belmolis (702863)]

The problem is due to whoever has been deciding how to do the record keeping for the Indian Land Trust, not only recently but for decades. Although BIA employees a lot of Indians, they haven't generally been in the most powerful positions, so I don't know if any of them have been the ones making these decisions. But what if they have? It's not like they were representing their tribes or the individual Indians to whom royalties are owed. Nobody is claiming that all whites are bad and all Indians are good.

Re:

[nbert (785663)]

I was working for an insurance company around '99 which only granted internet access to those dual-booting. You had your normal NT domain to log on to or if you really needed to get online you could restart your box on whatever system you would prefer. I thought it was kind of silly back then (if one OS is infected it's pretty pointless to assume that the other system is safe if it's running on the same hardware). However, the idea to separate systems isn't wrong at all. If the job is that crucial it might

Feds Now Allowed to Use Internet???

[HateBreeder (656491)]

What? They suddenly just brightened up?

Poor computers.

[Hankapobe (1290722)]

âoeFor six years, these employees (for two years, I was among them) have sat in front of lonely computers, .....

There wasn't an adding machine to talk to? What about the phones? Were the phones to snobby to talk to them?

But, maybe it was the computers fault. IT does has a reputation of not having social skills. Maybe the computers just annoyed the others.

I'll send my business card to the BIA offering to teach their computers social skills and maybe some assertive training to say "NO" to unauthorized access.

Re:

[IHC Navistar (967161)]

"I'll send my business card to the BIA offering to teach their computers social skills and maybe some assertive training to say "NO" to unauthorized access.
Reply to This"

-Remember, this is a Government Agency you are offering services to. Chances are, they'll take you up on the offer. If you enter into talks with them, be sure to give a highball, yet believeable price, and use lots of buzzwords (paradigm shift, proactive, forward-thinking, etc. etc. etc.)

The switch has not yet been flipped

[by Anonymous Coward]

While the judge removed the barriers last week, most of the disconnected agencies have not been brought live as of yet.

It is a misstatement to say that this is against the Department of the Interior. More correctly would be to say the Bureau of Indian Affairs, and a few other small agencies that deal directly with Indian matters. While the DOI had originally claimed that the exposed Indian Trust data was too ingrained within their network that it could not be isolated, a ruling by a federal judge that disconnected the entire DOI caused a change of heart and it was realized that just the BIA and a few of its siblings could be sent to the dark ages by themselves.

In the six years, these groups have had interconnected LAN's, that have been isolated from the outside world (it is fun to do business with BIA folks as they will give you yahoo, & netzero email accounts which they will check and respond to from home).

Time will tell what impact reconnecting the BIA will have when the switch is officially flipped on Friday.

Re:The switch has not yet been flipped

[ewhac (5844)]

My vague understanding -- and please fact-check me on this -- is that the Bureau of Indian Affairs is supposedly in arrears on payments to Native American nations on land leases, which are believed to total in the billions of dollars. Various lawsuits have been filed to try and get the actual accounting data and come up with an accurate number.

One of the problems was, apparently, that even if you ignored the sloppy accounting, the non-existent security on their networks basically made any figures coming out of the bureau highly suspect. So the judge ordered the entire network off the Internet so that only local malfeasance would further affect the numbers.

It is further alleged that criminal lobbyist Jack Abramoff had a hand in this mess...

Schwab

Re:The switch has not yet been flipped

[by Anonymous Coward]

There is a significant court case in which questions have been raised about billions of dollars.

http://en.wikipedia.org/wiki/Cobell_v._Kempthorne [wikipedia.org]

The order to be disconnected from the internet was spawned from this case (several years after the case had started). With a new judge, a new mindset on how matters were to be approached, likely leading to this reconnect, and possibly to an eventual conclusion to this case.

How many?

[NigelBeamenIII (986462)]

As a current DOI employee, I actually wasn't even aware of this (probably because I can access the great and powerful Internet where I work). Does anyone know how many employees were even affected by this? The DOI isn't exactly the largest Department in the US government (just ~71,000 employees [wikipedia.org]) so the fraction of that which deals with Indian records can't be that large.

Re:

[by Anonymous Coward]

Every single one of us....

I am also a DOI employee, and was stuck at a snowy contamination site in Minnesota when it happenned (November or December 2001). The judge cut off all email, server access, and public web pages, even though very few of the DOI agencies have anything to do with the Indians. We had to petition office by office and prove that we did not have any critical Indian data, and that obviously took a while.

I ended up setting up several free Netscape accounts on the public computer at the D

Re:

[belg4mit (152620)]

Umm 10,000 [wikipedia.org]? The BIA is pretty big given that it includes schools, health programs. etc.

The real reason why.

[neokushan (932374)]

They're allowed to connect now because Vista has been installed on all of their systems, so security is no longer an issue.

NOTE: I kid, I kid! (Because someone will think this is flamebait).

Whoo-hoo!!

[PPH (736903)]

We're back on the 'net!

Hey! Where did all the gopher servers go?

Re:and this is important... WHY?

[by Anonymous Coward]

Have you played the Lemmiwinks game [southparkstudios.com]?

Would you be willing to deny that experience to any government employee?

Re:

[AHuxley (892839)]

They play for real and send you the $6792 bill.
http://timesunion.com/AspStories/storyprint.asp?StoryID=668451&normal [timesunion.com]

Re:

[belg4mit (152620)]

So you suggest renaming government agencies according to the vagaries of popular culture and political correctness? It's always been
called the BIA (or OIA), and there's no reason to change the letterhead now. Other than be geographically inaccurate, there's nothing
particularly wrong or offensive about the term Indian.

As for the existence of the Bureau, they're their because technically/in theory, each tribe is a sovereign nation existing within the
border of the United States, and so obviously having some ad