Tuesday, April 01, 2008

Royal Canadian Mounted Police computers turned into spam spewing zombies by employee!

While the fact that the RCMP (Royal Canadian Mounted Police) computers were exposed to badware because an employee was doing some "unauthorized surfing" makes good press -- it highlights what can happen to any business, or government system when human beings use them to go to the murkier waters of the Internet.

Trust me, the RCMP isn't the only organization that has had an employee compromise their system in this manner.

Robert Koopmans, Kamloops Daily News (courtesy of the Vancouver Sun) reports:

The security of RCMP computers used to process evidence for a looming multimillion-dollar trial was breached from outside the agency, exposing sensitive files to the possibility of theft and tampering, Crown documents reveal.

The police computers were also used to view pornography and download music and illegal software, a letter from senior Kamloops Crown prosecutor Don Mann states.
Apparently, these computers were also turned into spam spewing zombies, or became part of a botnet as a result of some of the malware downloaded on them. Botnets are "a jargon term for a collection of software robots, or bots, which run autonomously and automatically. They run on groups of zombie computers controlled remotely," according to Wikipedia.

More from the article in the Vancouver Sun:

The Crown document reveals the computers were hooked to the Internet in October 2003 and remained connected until May 2005, when Shaw notified the RCMP that the police agency's computers were spamming e-mail to the Internet. The breach was discovered and the connection to the Internet shut down.

Since spam is the preferred vehicle of Internet scammers, it's possible the computers were "inadvertantly" being used to commit crimes, themselves.

There are many examples of employees downloading undesirable items on a system, but here is another example of one, where a Japanese law enforcement type essentially did the same thing.

If anyone is interested in the dangers employees can pose to a system ZDNet did an excellent white paper on this subject:

The Top Six Risks of Employee Internet Use and How to Stop Them

Full story on this recent matter published in the Vancouver Sun, here.

No comments: