In December of 2011 the Department of Homeland Security alerted the Economic Development Agency (EDA) and the National Oceanic and Atmospheric Administration (NOAA) that their networks may be infected with malware.
The NOAA had isolated the infection and cleaned itself up in a few weeks. The EDA on the other hand decided to pioneer the malware destruction field and gave us a few new ways to rid ourselves of viruses.
To start off with, the EDA shut off their e-mailing system which devastatingly crippled its regional offices since they could not access centrally located databases.
It the enlisted the help of an outside security contractor to scan their network for malware and give them assurances that their network was impregnable to further malware infections. The contractor initially found a few small problems but concluded that the system was largely uncompromised.
However, that was not enough for the CIO of the EDA.
The CIO insisted that the EDA was under attack from a foreign entity and, having a PHD in great ways to remove viruses, ordered all mice, keyboards, printers, and cameras destroyed, leaving that malware no place to hide.
The total cost of this incident in taxpayer money was $2,700,000: $823,000 went to the security contractor for its investigation and advice, $1,061,000 for the acquisition of temporary infrastructure (requisitioned from the Census Bureau), $4,300 to destroy $170,500 in IT equipment, and $688,000 paid to contractors to assist in development a long-term response. This entire process took a little more than one year.
The malware that was found was common stuff. There were no signs of persistent, novel infections, nor any indications that the perpetrators were nation-state attackers. The audit does, however, note that the EDA’s IT infrastructure was so badly managed and insecure that no attacker would need sophisticated attacks to compromise the agency’s systems.