|Home » Security
Back to Fargo
What happens with your confidential data once it enters the US courts system?
FARGO (Radsoft) -- What happens with your confidential data once it enters the Windows computers of the US courts system? Is it secure? You'd certainly hope so, wouldn't you?
Evidence recently brought to the attention of this site indicates otherwise. Windows computers in use by the US courts in Fargo North Dakota are namely involved in recruiting zombies for one of the major botnets.
One of the 'come-ons' used by the US courts computers in Fargo uses the subject line 'BBC News'. Well inside the message one finds a link with the description 'New portal of mad videos! Click Here!' The link goes to a website in Slovenia.
The link has an automatic redirect (302) to a website in Istanbul and a URL for a Windows executable carrying the payload.
The sender of the malware is given as both Rodger Casey and Linda Haukedahl, both of whom are employees of the US courts system in Fargo.
Sender (mail) addresses to both individuals are given in the headers and the challenge to the first SMTP header indicates the malware did in fact originate from one of their computers.
from 18.104.22.168 (HELO smtp4.res.gtwy.uscourts.gov)
The headers further indicate - typically - the software being used to spread the malware is 'you-guessed-it-already'.
X-Mailer: Microsoft Outlook Express 6.00.2800.1165
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Linda Haukedahl is listed as a 'judicial assistant' to senior judge Rodney Webb at 655 1st Avenue North, Suite 300, Fargo.
The individual submitting the data alerted Webb's office two days ago. As no reply was forthcoming (and hardly expected given the security IQ evidently in effect there) the data has been forwarded to this site and others.
Although it is possible the sender IP and the US courts SMTP server identity were spoofed it's less likely considering the match of the initial 'HELO' challenge.
What is obvious is that in some way or another the (Windows) computers of the US courts system in Fargo North Dakota have been compromised.
Which raises a number of questions.
- Where is the US courts firewall?
- What kind of data is on these computers?
- Has this data already been compromised?
- Where is the US courts antivirus protection programme?
- Why in the name of all that is right before the law are these people allowed to run Windows?