Wednesday May 1st, there were building meetings and a memo from the superintendent read about that the network and it's security were compromised, and that an investigation with law enforcements help was underway.
It was unclear if any personal information was at risk, but was suggested that all employees be on guard, just in case.
Three technology firms (403 Labs of Milwaukee, Net Assist of Green Bay, and Skyward) where brought in to assist in restoration, and to help authorities.
Tuesday, May 7th the network was back up. However there was significant data loss; Network folders only have files though Sept 2012. E-mail though Apr 2013, etc.
Back in 2011 it became apparent that virtualization could save the district money, by slowing down the need to upgrade 100's of desktop workstations.
Instead the those would act more as dumb terminals, with the processor intensive stuff being handled on a network server:
http://onlyhardwareblog.com/2011/11/de-pere-school-district-saves-money-with-computer-network-concept
Using the Windows infrastructure for any kind of virtualization is just flat stupid. It multiplies the malware issues for which it's famous by serving up desktops to thin clients. Not smart at all. Obviously, instead of one desktop being down for the count, you get the whole school district dead in the water.
Virtualized desktops can be a great thing in the right circumstances. I remember when a city down south did that. However, they were smart and used Linux (Red Hat, I believe). I read a story on how they were coping with it a few years afterward, and they had no problems of any great consequence
It's funny, Microsoft is now getting to a point where it is signing its own death warrant. They screwed up on phones, got very late to the game on tablets, then they were stupid enough to take away the Start button on Windows 8 and generally frustrated users to the point where they started to look for something else.
Microsoft is becoming irrelevant, and that's something that was inconceivable 10 years ago. And they did it by their own hand. Not surprising, the only way they had any leverage was through the brute force of a monopoly. The funny thing about large monopolies is that they have a lot of inertia and groupthink that keep them from being responsive to change. Very often, they die by their own hand.
If they screw up the next Xbox, then they're really in trouble.
Lately all the buzz has been "the cloud". Running applications in it, storing large amounts of data in it and even storing back-ups in. And this is what happens when you do that. It really *is* analagous to a mainframe and dumb terminals, but it's also a unreliable mainframe run by dumbasses
I've recently read a few stories of "the cloud" being unavailable due to a failure and companies have been really screwed by this. And here we have one more.
As to them learning a lesson is concerned, I really doubt it. They will go to their vendor, who is entrenched in Microsoft, and they will be sold another "IT Solution" which will be costly and may work for a while. Then it will happen again, and they will go out and buy another "IT Solution". When that dies, it will be time for a major upgrade with a new version of Windows and its componentry. It's the "Microsoft Merry-Go-Round".
[UPDATE]
http://www.greenbaypressgazette.com/article/20130822/GPG0101/308220448/DA-Ex-school-employee-mad-district-deleted-records
More importantly : Read the criminal complaint
I tend to agree with the comment someone left on the news page:
Jared "walked though a door that was effectively left wide open. He might not be excused for walking in, but the person that left the door hanging wide open needs to be dealt with too. "There was ongoing (since at least March 2012,) cause for alarm, based on his administrative leave and other events. Knowing that he had prior inappropriate computer conduct, and that he setup the De Pere network, and had many passwords....
The question is what was being done proactively by the technology director (Michael O'Callaghan) to secure the network from an employee that was about to be terminated?
.... At that time, O'Callaghan made Detective Sergeant Schrank aware that there was a former IT staff member who had been released from his employment within the past year. That person was identified as Jared R. Carlson, dob: 11/24/82, the defendant. The release of the defendant from his employment had not been pleasant.
.... The defendant described that he was involved in the entire creation of the school network. He also indicated that he created all of the district's usernames and came up with a bank of passwords. The defendant said he later put all the usernames and passwords onto a spreadsheet. The defendant indicated that once he got into the network, he realized the school had not changed any of the administrative passwords from the time that he previously worked there.About this far in ones reading of the criminal complaint one should be asking who is this technology director Michael O'Callaghan, and what are his job duties?
No comments :
Post a Comment