A federal agency, the Economic Development Administration (part of the Department of Commerce), may have gone a little overboard after hearing that some of their computers systems may have been infected or compromised. After receiving a notification (based on inaccurate information) from DOC CIRT, EDA took it upon itself to hire an outside security vendor to do an assessment of their systems.
” On January 30, 2012, EDA’s cybersecurity contractor began looking for suspicious activity and malware infections. Preliminary analysis found indications of extremely persistent malware and suspicious activity on EDA’s components. EDA immediately acted upon this preliminary information and began an investigation of its entire IT component inventory for potential infections.”
But then two weeks later, the same cybersecurity contractor reported those initial reports were false. However the contractor could not provide a guarantee that EDA was totally infection-free, so like any good bureaucracy, the EDA threw some money at the perceived problem.
The EDA went on to spend $2,747,000 in investigations, temporary infrastructure, destruction of IT equipment and more assistance from outside contractors. Yes that is what you are reading, they spent tax payer money to destroy keyboards, mice, monitors and computers in the hopes of “guaranteeing” their systems were clean.
The report below outlines all the gruesome details :
Go read the full report here
While you are at it, you can also read about our Edge7200 inline adaptive NAC