Here are a couple of tech security stories involving the government that sort of boggle the mind. The U.S. Navy could spend up to $31 million dollars to pay Microsoft for custom security support for Windows XP.
Yep, they’re running a 14-year-old operating system which hasn’t had security support for more than a year. Microsoft is providing security patches and important bug fixes for at least three years. The Navy needs the continued support because they’ve yet to replace several programs that can’t work on systems higher than XP.
It looks as if this deal should run until at least 2016, but it could go as long at 2017 – which means the cost will go higher. According to public document these programs affect “critical command and control systems” both on land and at sea and that it is too dangerous to operate the systems without the support from Microsoft.
On an interesting side note, the government has fined some healthcare providers for still using Windows XP because the system is not secure. I guess this is a good reminder that if you can’t afford a few million for custom security from Microsoft, it’s probably time to upgrade XP or just stay offline.
This comes on the heels of the revelation that the personal data for more than 4 million people who worked for or did business the U.S. government was hacked in an attack that seems to have originated in China. This was the third time in a year that federal computer systems were hacked by what appeared to be foreign governments.
As behind as these folks are in IT when it comes to securing the armed forces, the NSA does seem to be staying at the forefront for hacking.
According to documents released by Edward Snowden, the NSA has worked hard to crack anti-virus software and seems to have focused in on Kasperksy Lab – which is based in Russia and has several hundred million clients.
The spy agency looked for weaknesses, hacked customer information and dug up information about new security patches. But they weren’t alone, the UK also worked very hard to hack Kaspersky.
Both agencies used reverse engineering to analyze how Kasperksy software works in order to better understand how to break in.
Western intelligence agencies have long felt that the folks at Kaspersky were just a little too cozy with the Russian intelligence services, but the company has repeatedly denied that.
One would hope that the same effort that is put into hacking into systems could also be applied to protecting vital systems in the U.S. and keeping them up to date.