Viruses hit state court network
"MN Agencies"01/30/2007
BY SHANNON PRATHER and LESLIE BROOKS SUZUKAMO
Pioneer Press
A pair of computer viruses — designed to allow unauthorized access for hackers — attacked the Minnesota judicial system's computer network, shutting down one of its case-management systems over the weekend.
Court officials say the viruses failed to open up a "back door" for hackers because they immediately crashed the case-management system they infected.
"No one took control of the network. No personal information was accessed," said state court spokesman Kyle Christopherson. "It ended up being an inconvenience more than anything else."
But the viruses did temporarily knock out the case-management system for 13 counties, including Ramsey, Anoka, Dakota and Washington. The case-management system stores a registry of actions for criminal and civil cases filed in Minnesota.
The viruses — also known as worms — struck at 5:30 p.m. Friday. The system went back online at 9:50 a.m. Monday, but court officials continued to work on safeguarding the system, Christopherson said.
"They are working with a vendor so it doesn't happen again," Christopherson said.
The viruses were identified as W32.Gangbot and W32.Randex, he said.
Both worms are "low risk," meaning the chances of infection are minimal, according to a computer network security monitoring organization.
"But if you are infected, it's quite serious," said Alfred Huger, senior director of Symantec Security Response, which keeps track of computer virus activity worldwide.
Sometimes, a virus destabilizes a network to the point where it becomes inoperable, or the virus replicates itself so wildly that the copies overwhelm the network and cause it to crash, Huger said.
"It sounds like this network collapsed before anyone could take control of it, which is lucky for them," he said.
The newly formed Office of Enterprise Technology, which monitors the state's overall computer network, noticed a surge in traffic from the judiciary branch Friday that slowed the entire network, said Chris Buse, chief information security officer.
Upon closer inspection of the traffic, the state workers discovered copies of the worm spewing out and they immediately shut off the pathways, or "ports," to block the worms and quarantine the judiciary's infected network, Buse said.
The ports remained blocked Monday. The state believes no other networks were infected, but it will continue to monitor its system's traffic, Buse said.
Symantec anti-virus program writers discovered W32.Gangbot on Jan. 22. The virus is designed to open a back door to an infected computer that would allow its creator or controller to gain access to that computer at a later time.
The other virus, W32.Randex, first discovered in December 2003, is devised to allow unauthorized remote access to an infected computer. Both viruses spread multiple ways, including through instant messaging and chat programs.
Christopherson said the judiciary did not know how the viruses entered its network or why the network was apparently not properly protected by up-to-date antivirus software. Antivirus software makers typically publicize vulnerabilities like a worm or a virus only when they can simultaneously offer software to block it from entering a network.
Other counties affected include Lake of the Woods, Koochiching, Clay, Becker, Otter Tail, Douglas, Stearns, Aitkin and Crow Wing, Christopherson said.
Even after the viruses were removed, Ramsey County District Court's computers remained down all day Monday due to a hardware problem, said Earl Wolford, the district court's information technology manager.
"The virus hit sometime last week," Wolford said. "We spent all weekend cleaning that up. This morning we come in and it's bad luck— a piece of hardware broke. … We can't get into (the case management system), e-mail or the Internet."
Ramsey County District Court clerks could not enter any new data into the system Monday, but judges handled cases on their docket the old-fashioned way with pen and paper.
"Apparently, everything is going OK," said Ramsey County Chief District Judge Gregg Johnson. "They've gone back to the old system of filling out forms. They've had to do everything manually."
Johnson said clerks will update the computer records when their systems are back up and running.
The system that came under attack is being phased out and replaced with more up-to-date technology. About 70 of Minnesota's 87 counties have made the transition.
Computer security is a concern throughout state government.
A $17 million request in Gov. Tim Pawlenty's budget proposal to create a comprehensive computer security system — part of a $213 million package to beef up technology in state agencies — might help prevent future episodes like this one, Buse said.