Laptops given to British schools came preloaded with remote-access worm A shipment of laptops supplied to British schools by the Department for Education to help kids learn under lockdown came preloaded with malware, The Register can reveal. The affected laptops, distributed to schools under the UK government's Get Help With Technology (GHWT) scheme, which started last year, came bundled with …
Some schools are on networks shared with local authorities.
Local authorities have network links into central government departments.
Hitting schools is a low cost, low risk supply line attack so well worth doing even if the chance of a big payoff are low as well.
If nothing else hitting schools causes a general disruption especially if kids going home affects industry, government and decreses general trust in the goverment as a whole.
Hmmm, let's see - a "...number of the laptops are infected with a self-propagating network worm ... " Now what could you do with a network worm on a child's laptop? Maybe propagate to dad or mom's computer that connects to their work network? Or that they use for banking? Seems like a possibility to me.
It is a very good education indeed. The young ones have to be taught that getting Pwned is a fact of daily life and work and certainly not to be confused with contradictory to privacy and independent thought. Its like the old motto: "Get'm while they're young".
The ministry and the chain of command has been effective in setting up the future of computing and the next generation of voters. Today it is only calling Moscow to test the back door links to other three and four letter agencies. Next up, automatic thought correction by subliminal computing.
Aka : It only affected a small number of customers.
Yeah. it affected at least 23000 children.
How on God's Green Earth did you order stuff from children without bothering to order from a properly vetted supplier ?
Oh, right, stupid me. It would have cost more.
Well, enjoy your savings now.
Another one to add to the pile for Good Law Project?
“ Oh, right, stupid me. It would have cost more.”
Nope, that’s not how this Tory government works. Contracts go to Tory donors for way above market value, and the donations aren’t that big, typically around £10,000. [1]
[1] As alleged by The Good Law Project. Court case pending.
I would have thought this was in the base image, all or nothing. One assumes as it has been found then it is all.
Utter incompetence on the part of the people procuring them. Presumably the came by the container load and were broken done for distribution without anyone even checking what was in the box.
I love the phrase about Antivirus software. There appear to be Windows 10 so there is Defender built in by default. It just is limited in the protection it gives compared to other products. If they have installed something else then one assumes that it is a freebee so who knows what it is doing.
Putting a tinfoil hat on, is this a case of plausable denability or maybe just too much conspiricy theory?
Either someone in UK Gov is incompetant for giving out comprimised machines OR They are not comprimised and instead contain UK gov approved malware pre-installed with the target being in Russia (rather than GCHQ or similar) for plausable denability purposes.
This post has been deleted by its author
not every malware relies on vulnerabilities. A vulnerability, if at all, you only need as part of an attack vector to infiltrate a system. But as well you can implement a RAT or whatever malware targeted and manually if you can get hold of the machine(s) in question. That doesn't employ a vulnerability.
Thanks for explaining what I was missing instead of just posting a smug reply. I presume Windows Defender would block this 10 year old known malware, so whilst it shouldn't have happened it's still a slight non issue (rather than the articles implication that these laptops are all sending data to Russia)
Apparently only some builds are infected, Windows Defender does detect it, and the recovery partition does not contain the virus so if your build has it then reinstalling from recovery would be the way to go. Read on from here.
Here in the US, smartphones given out through the government's "LifeLine" assistance program come with preinstalled malware that also calls home to Russian (and Chinese) servers:
https://staging-blog.malwarebytes.com/android/2020/07/we-found-yet-another-phone-with-pre-installed-malware-via-the-lifeline-assistance-program/
The phones also contain a backdoor that can grant any app any permission, install apps remotely and runs as SYSTEM.
If you do some napkin maths on the maximum cost of the laptops, then understand that there should be a hefty proffit from that, what sort of 4Gb, Atom 32Gb HDD machines are we talking here? - do they meet the current minimum specs for Windows 10?
Anybody know what the spec of the Laptops were?, did you need to connect them to your internert router with a bit of wet string?
A poke around the Geo website was remarkably uninformative. A poke at Google suggests an entry level Celeron, 4Gb of Ram (notable silence as to the type, so DDR3, one assumes), 64Gb storage (all the other Geo lappys are eMMC).
My 11 year old Asus Zen UL30 is probably still faster (and has a 500Gb hdd) than that piece of shite.
Further poking suggests that most schools IT bods are using either Office 365 via an institutional subscription or Google docs, so as long as the thing can run a browser, it should be OK -- as long as the poor student's network can manage. There is also a microSD slot for expansion if necessary -- although one report on edugeek says that the slot is misaligned and it's possible to post your SD card into the bowels of the machine!
But what horrible machines to have to use all day for school. And that's without going into all the H&S implcations for children of using a laptop all day without a proper egonomically designed workstation.
microSDs are ok if you use them as the floppy disks of old; to move files around. They really are not good enough to install and run applications from (even the ones specifically advertised for app load performance on phones). It may work if you have massive amounts of RAM to cache, and the installs are write once, don't modify later; but it's a terrible experience either way.
I tried running Linux of off top of the line SD card, with 16GB of RAM, and while after everything loaded the machine wasn't much worse to use than with spinning rust HDD, the software updates were taking forever (like literally 6-8h to install ~200-500MiB of updates).
Teachers I've spoken to paint them as singularly awful devices. The eMMC is of such a low spec, Office takes around 45 minutes to install.
This spec as a Chromebook would've been fine. As a Windows 10 machine, it's severely lacking. I don't even understand why the government has specced Win10 when most of the schools that can afford their own limited IT program have gone with Chromebooks. (as have I for my 10 year-old)
"Sources told us reseller XMA sourced the kit but was not asked to configure it."
Does this mean:
XMA sources the kit, but another IT company was then responsible for putting a DfE standard OS install on it (this sort of fragmented division of responsibilities does happen), in which case, who is the second unlucky company?
or (shudder): XMA sources the kit, from a manufacturer that hardly anyone has heard of, and, seeing that the computers already have a manufacturer supplied install (that, being a reputable manufacturer, definitely carries no risk that it could have been mastered from some knocked-together unlicensed passed around warez DVD), thinks (or, worse, is told by DfE): "Yeah, reckon that'll be fine. Ship 'em!"
I'm confused and sceptical about all this too. There isn't enough information to speculate about who to blame but a few thoughts.
The malware is old and detectable but is quite stubborn to remove. My searches have not found a clear description of what the payload might be -- I've seen references to currency mining and general purpose command and control network snooping/data grabbing. All of these activities are high cpu which will show up on such a low spec computer.
The hardware does not have a wired ethernet port, although some models support PXE booting from a USB ethernet dongle. The most likely deployment scenario is from a USB flash drive, which is one of the malware's easiest infection mechanisms. During deployment or WinPE booting, the malware will be running as System so plenty of opportunities to dig in deep on Windows 10. A clean image installed from an infected WinPE boot drive is perfect for it. An alternative infection route is that devices were 'touched up' by a technician running as Admin after the image was installed.
Who might be the culprit?
* Supplier of the original image -- I believe that this was created to specs provided by the DfE.
* Installer of the image -- XMA, another service provider, laptop manufacturer, other?
* Somebody customising the installation post-imaging.
How many laptops affected?
Delivery and manufacture/imaging would have been spread over many weeks. Lots of opportunities for infection via USB drives, perhaps with somebody cleaning up the drives without mentioning it... Unless the base image was infected, it is unlikely that the infection rate is 100% but anything else is speculation.
Is the supplier obscure?
Yes and no. I'd heard of them as an OEM for supermarket brand basic laptops. Reviews scared me from going near one of them but I guess that they are based on a reference design for low cost laptops.
Good value for money?
There may be slightly better buys for c. £200 but you are never going to get much at that price. Apologies in advance for the broad statement which follows. There is a long standing mistaken belief in education that a cheap and cheerful computing device will last as long as the 'standard spec', albeit with lower performance. It is likely that schools will be disrupted for another 12 months and that these laptops will be heavily used. I sincerely hope that HMG and school managers do not think that they will have an extended life.
Much government purchasing during the Covid pandemic is questionable. XMA are participants in a number of public sector purchasing frameworks so tax payers should expect that these craptops were purchased on framework terms -- cost plus a percentage or cost plus a calculated margin. If not, why not?
Let's also bear in mind that reports of the problems are dumbed down for non-technical readers. We have not been told a lot and there is conflicting information. There are a lot of people trying to do the right thing, maybe not getting it right 100% of the time, but let's wish them well.
Says a lot about this government’s psychotic attitude towards cyber security. Makes this Tory government look like fools when they are sending out malware infested laptops provided by their pals all the while banning foreign telco manufactures from future 5G rollout on security grounds. Where was the report from GCHQ this time? Makes total sense!
"It appears that at least one school is formatting and reimaging the laptops from a known clean build before issuing them to pupils."
Good. Anyone who doesn't do this as standard practice when sourcing any machine for any purpose whatsoever deserves a paddling. Your PCs should arrive blank, and if they don't arrive blank you should *make* them blank and then load a known-good environment yourself. This sort of stuff has happened far too many times to be worth risking.
You assume they have the resources to do that. Most schools, particularly Primary Schools do not even have full time IT support. They simply cannot afford it. A large 1000+ pupil school probably will have a dedicated IT techie BUT they are generally not top end in skills because the schools cannot afford it.
If schools were taking a month to send out laptops because they were reimaging them there would be another outcry about "incompetence".
This will only be an issue for (what were) LEA schools as any public school will have the resources, is highly unlikely to have pupils in the category and if they did, would already have provided them with the equipment as part of their bursary.
Is the government also providing broadband, free of charge, to those disadvantaged souls. Computers without a reliable healthy broadband connection to access services nowadays, are surely no better than trash for recycling?
And can you imagine all the dangers and forbidden delights that lurk in the dark and await the unwary and inquisitive newbie whenever the genies contained in the worlds accessible through that Internet Services Provider connection escape to infect and infest virgin hearts and minds?
Harvesting data from schoolkids who are most likely to be using it to do their schoolwork can't be a matter of national security. All that will be received is a jumble of banality about who is going out with who, and the current trends in angst.
Sounds like it's simply insufficient testing and care on behalf of the distributors. Well done the schools for actually picking this up before giving out the items.
I'm not convinced there is any nefarious motive grander than making the UK government look even more like chumps, and sitting back and watching the flapping about whilst sipping a chilled Smirnoff Black. It's good value for little effort, compared to creating or exposing a new, sophisticated virus. Either way, not a good look.
"Miss, Miss, the media and opposition parties told me to do it faster"
"Well, Billy, if the media and opposition parties told you to stick your head in the fire, would you do it?"
"No Miss"
"Well, then..."
Blaming "the media and opposition parties" is a complete and absolute disgrace. Civil servants act on instruction from the government. Regrettably this is the kind of shoddy response typical of the current administration.
It strikes me that when many houses have access to more than one TV and there is a national curriculum and a shortage of laptops, there are cheaper and, potentially, more effective, ways of delivering education than by ad-hoc provision by individual schools. By all means have local - and familiar - teachers available to review work and answer questions, but turning every classroom into a broadcast studio seems a curious approach for a government that is otherwise committed to centralising everything. They have had a year.
"They have had a year."
Not really. No one was planning for a year. Everyone was optimistically hoping it would be over much more quickly than the reality of the situation. Yes, the science was telling us what was likely to happen, the media was all over the worst case scenarios, but on the whole, very few people believed it would be as bad as it now is or for as long as it has been. Governments of all colours and nationalities with a few notable exceptions have been treading a fine line between "wasting" money by doing too much, being too authoritarian and not doing enough. Most have erred on the side of "not enough" because they hoped and prayed that it would not be as bad as the worst predictions.
You would like to think so, wouldn't you. But have you never noticed how some stuff takes an age to get through the slow-grinding wheels of Whitehall while other stuff seems to fly through with nary a hitch?
Never wondered why the senior civil servants have no problem ignoring ministers when asked to do something they don't want to, but run like scared little mice when Priti Patel calls them on their malfeasance?
If you mean "disposable face masks are not clinical-grade protection" then you are correct. If you mean "disposable facemasks cannot reduce the threat from people frothing at the mouth spewing their germs along with their bile" then you are wrong. Anything that reduces the amount of virus being spread by the infected breathing over everything around them helps.
How many times does it need to be said before it sinks in - you do not wear a facemask to stop you catching Covid-19. You wear the facemask to reduce the risk of you spreading it to those around you.
Read this, if you don't change your mind afterwards then it's a pretty good indication that you've been indoctrinated by a social media echo chamber:
A room, a bar and a classroom: how the coronavirus is spread through the air
Who'd have thought Computacenter secured this rancid deal without going through tender after making a £100,000 donation to the Tory party in November 2019 through Non-exec and founder Philip Hulme's spouse? Not me. Just no longer surprised by this.
https://schoolsweek.co.uk/96m-laptop-contracts-went-to-tory-donors-firm/
The Tory Chumocracy is shaping up to be one of the greatest liquid shit stains splattering the door of No.10 in our time.
If all then the DfE is at fault for not checking the image properly before distributing it. If NOT all then someone else has stuffed up somewhere along the line.
Don't forget that the DfE is not the Tory Party, it is the career civil servants who remain in place regardless of which party is in power at the time, so does the fault lie with the politicians or the Whitehall mandarins who often have their own agendas and their own idea of how things should be done, regardless of what the Government (or the voters) want...
FTFA: "... a batch of 23,000 computers, the GeoBook 1E running a bootleg copy of Windows 10, made by Shenzhen-headquartered Tactus Group, contained the units that were loaded with malware."
I've made the necessary correction above.
Best way to get malware installed on your computer is to download a bootleg version of a Microsoft product off the filesharing networks.
Computacenter’s founder, Sir Philip Hume, is linked to the Conservative party. His wife donated £100,000 to the party and Hulme himself donated £10,000 to former Tory MP Nick Herbert. This is how you get a knighthood and lots of government contracts.
I worked as an I.T. consultant (nearly 20 years) for multiple clients across multiple industries (including some educational clients). Every single machine that was to be assigned to anyone would first get the disk storage wiped, in favor of a "trusted", customized image. They could have used software tools to "push" the required image to hundreds of laptops connected to a LAN. I've pushed such images to as many as 200 laptops (simultaneously) in less than 20 minutes. Shame on them for not knowing "pre-installed" operating systems typically come with undesired "crap" installed. They really should have hired people who know what the hell they're doing. In my opinion, this appears to be a failure of The Department for Education.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
