Britain Helps Children Learn From Home By Procuring Them Laptops Preloaded With Russian Malware
from the whoops dept
As the COVID-19 pandemic swept across the world, one of the main points of contention has been how to handle schools. Some countries sent all students home to keep them from spreading the virus. Other countries made schools the last thing they shut down, if they ever did, arguing that schools haven't been a major source of transmission and teaching kids is too important to shut down. Here in America, most states did a hybrid model, choosing the absolute worst of both worlds. Teachers get hamstrung having to teach students both locally and remotely, which is basically impossible, while still having students and teachers come into schools to transmit the virus to one another.
Along the way, lots of schools took lots of actions meant to help students learn remotely, most of which were also quite dumb. Incorporating biometrics and AI to assist with remote testing sounds like a good idea, except these always go sideways. Privacy issues are discovered and kids learn how to game the AI-driven tests. Still other districts forced teachers to come into the school solely to teach kids who were at home and then told teachers to take their masks off if they were causing audio problems.
But to see the cake-taking, best combination for good intentions gone horribly wrong, you really have to hand it to the UK ordering a ton of laptops for remote learning... that also came pre-loaded with Russian malware.
The affected laptops, supplied to schools under the government's Get Help With Technology (GHWT) scheme, which started last year, came bundled with the Gamarue malware – an old remote access worm from the 2010s.
The Register understands that a batch of 23,000 computers, the GeoBook 1E running Windows 10, made by Shenzhen-headquartered Tactus Group, contained the units that were loaded with malware. A spokesperson for the manufacturer was not available for comment.
This is almost certainly an instance of someone prepping these machines using an image that somehow was infected with the malware... but still. Not having any checks prior to the machines getting out to school districts for this sort of thing and nearly rolling the machines out to students sure feels like incompetence. Also likely factoring into all of this is the extreme lack of supply for laptops from the more traditional manufacturers, leading some schools to go find off-brand alternatives. The GeoBook is one of those.
But again, still, Gamarue calls home somewhere inside of Russia and allows nefarious actors to remotely access these machines. Machines that almost certainly have webcams on them. That's... not good?
If the pandemic has exposed anything at all about humanity, it surely must be how wildly unprepared we were for it.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: covid-19, laptops, malware, pandemic, school children, uk
Reader Comments
Subscribe: RSS
View by: Time | Thread
It was a simple supply chain error. The laptops were supposed to come pre-loaded with British malware so the students couldn't "go dark".
[ link to this | view in chronology ]
"Of the Geo brand, another source said: "I'd never heard of Geo before; it's not a known manufacturer. There have been availability issues for a while now, the world has been buying lots of laptops and sometimes they are buying what they can get because the media and opposition parties are saying: 'You've got to roll this out quicker'.""
"Sources told us reseller XMA sourced the kit but was not asked to configure it."
So, fairly typical UK IT project, then. Something was overpromised, people are scrambling to get things in place and cutting corners, while even the most basic common sense action to ensure that laptops possibly not being supplied new are fit for purpose (as indicated by another comment about these being 2019 models) is buried away in red tape where both parties can deny it was their responsibility.
The only surprising things here are that I've not seen any indication that the reseller involved is connected to some Tory MP's relative or side project, or that the project is over budget by tens of million of pounds, but I wouldn't be surprised to see those mentioned for a moment.
[ link to this | view in chronology ]
I keep a piece of easily removable, opaque masking tape over the webcams of all my computers. Maybe ADT customers should consider this simple privacy measure.
[ link to this | view in chronology ]
Re:
It's good advice generally, and not to be argued with on principle. But, if you think that the main takeaway from fears of spying from government-issued laptops being infected with malware associated with hostile foreign powers is that kids should be expected to remember to cover up their webcam when not in use for school work, you might be missing the forest for the trees.
[ link to this | view in chronology ]
Re: Re:
No, not missing the forest for the trees. The comment was intended just as an aside. I guess I should have made that clear. I think the idea of government issued laptops is a bad idea to begin with, particularly given the British nanny-state / surveillance-state government. Throw in the Brand-X nature of the laptops, and you have double cause for concern.
I think it is extremely fortunate that the malware was immediately detected. According to The Register:
That makes it sound like maybe some pre-installed anti-virus software picked it up, which would indicate a pretty lame attempt at malware propagation, not to mention the fact that the malware was ancient, by malware standards.
All in all, it looks like it was probably just sloppiness on the part of Geo (or whoever) rather than an actual attempt at maliciousness.
[ link to this | view in chronology ]
Re: Re: Re:
True, this is more incompetence than anything else, but it suggests a number of larger issues. The laptops were apparently 2019 models, which already suggests they were either not from new stock or had some other reason for being left on the shelf. Sure, the AV software apparently found the malware - but the botnet involved was killed in 2017, 2 years before the laptops were manufactured.
So, even if the whole thing was an accident, it raises major questions about the rest of their ability to supply properly working software overall. What other malware is in there that hasn't been noticed? Is the actual build any good, or is the whole thing as it is because they're using some dodgy licence or other workaround? Are they going to be supported and updated correctly in future? What about when a reinstall is required, do those images contain the same malware, or does the local image have another trojan waiting?
Whenever I find a compromised system at work, I don't just remove the known compromise and put it all back online. I destroy and rebuild from a known good backup, because once a system is compromised you don't know what else is in there that you didn't spot. But in this case, it seems you can't even trust the original materials.
[ link to this | view in chronology ]
What kind of Russian malicious software is installed? Usual services from Russian IT companies or spyware?
[ link to this | view in chronology ]
and i'll bet it wont be the fault of the laptop supplier, or the person who was supposed to check that the laptops were clean, or the person who suggested buying them, or even the politician who got a backhander from agreeing to spend government money on buying them! it will be the fault of the person(s) who installed the Russian Malware! typical of all governments, it's never their fault, whatever the problem, but in the case of the UK government, just another example of it's complete ineptitude!
[ link to this | view in chronology ]
The Great Procurement
They should have sourced from a Chinese supplier. I hear their equipment doesn't come pre-installed with malware, instead it's only a firewall.
[ link to this | view in chronology ]
Re: The Great Procurement
I know this is a joke but...
"The Register understands that a batch of 23,000 computers, the GeoBook 1E running Windows 10, made by Shenzhen-headquartered Tactus Group, contained the units that were loaded with malware."
Shenzhen is in China.
[ link to this | view in chronology ]
Re: The Great Procurement
You... really don't read the articles, do you?
[ link to this | view in chronology ]
Re: Re: The Great Procurement
Well, at least in this case he's only wrong about the individual facts in this particular story and would otherwise be making an amusing point, whereas on the section 230 stories he's wrong about every fundamental piece of reality behind the story. Progress, I guess.
[ link to this | view in chronology ]
Would love
The Name of the tech company making this suggestion and being the middle man.
He is making TONS, off of idiots. People who DONT SHOP AROUND, or AT LEAST look on amazon and COMPARE.
GO FIND a Son of someone thats a GEEK. PLEASE.
[ link to this | view in chronology ]
Re: Would love
"The Name of the tech company making this suggestion and being the middle man."
That's explained in the linked article. The GHWT project has hired 3 contractors, of which XMA seem to be the ones involved here. XMA is a regular UK government contractor involved with a wide range of government projects.
"People who DONT SHOP AROUND, or AT LEAST look on amazon and COMPARE."
Shop around is good, but if you think that it's just a case of bulk buying at retail from Amazon at the moment you need to procure something for a government contract, then you might want to do a little research into how these things do (or at least should) work for bulk supplies. At the very least you don't want to be basing your bulk supplies on what happens to be available on Amazon at any one time, even if there wasn't an issue with funnelling off government money to foreign corporations instead of British based retailers/suppliers.
"GO FIND a Son of someone thats a GEEK. PLEASE."
Oh, God, FFS no! That's why UK IT projects are always such a huge mess, the Tories usually give them to some minister's son's shell company or someone they went to Eton with rather than finding the most competent contractors. The reason for this stuff being so bad is usually that someone's profiteering, not because they didn't look for people who could do the job efficiently.
[ link to this | view in chronology ]
Re: Re: Would love
as to amazon, use it as a resource to see whats current, and the avg consumer prices. What they paid for a Celeron, even the newest version, is Garbage. I found the company and looked up the specs. 1.1 ghz. Then they could have called AMD, Intel, any of the major companies and delt with them.
As to kids and geeks, I say geek with a Meaning, to compare the current products if you have Nothing to base things on, MOST kids probably know What hardware is current.
Having Anyone except a PRO, IT person is ignorant. Let alone to confuse everyone, The Person that will CARE and distribute the laptops, SHOULD install the basic software ANYWAY.
[ link to this | view in chronology ]
Re: Re: Re: Would love
"as to amazon, use it as a resource to see whats current, and the avg consumer prices"
Which is great for single retail purchases. If you think this is applicable to mass purchase agreements for thousands of items, I hope for the sake of your company that you're not involved in them.
"Then they could have called AMD, Intel, any of the major companies and delt with them."
So, you don't know how laptops are manufactured?
"MOST kids probably know What hardware is current"
Most kids know the popular Pokemon and internet memes too, that doesn't mean you base your business decisions on them.
"The Person that will CARE and distribute the laptops, SHOULD install the basic software ANYWAY."
You think the person making the business decisions on purchasing thousands of laptops, or the person responsible for the logistics of distributing them to thousands of end users, is the person responsible for setting them up?
Have you ever held an actual job?
[ link to this | view in chronology ]