Catastrophic Hardware Failure at MSP Data Center

[roadking]

This is the system that's effected: https://mcp.maryland.gov/Directive Manual/3-109.pdf

Sent from my SM-N975U using Tapatalk

Dumb asses can’t even make an acronym properly. How are they going to manage a complex network infrastructure? There’s no E in Maryland. So it actually should be called MTERS. Sometimes attention to detail is silly. Other times, it protect you from catastrophic network failures. Looks like they have both.


Sent from my iPhone using Tapatalk

 

[Shaner]

Or, they had some power distribution hardware flame out, and aren't on a contract that gets it ripped out and replaced in hours, but rather in days ... because, lowest bidder, etc.

Or they're still using an out of date load balancer or other key piece of network infrastructure that was set up in a way they can't easily piece back together without some fresh engineering, and nobody wanted to pay in advance for being ready for that.

So many possibilities because there are SO many failure points in an environment like that (carriers, power, HVAC, wide and local network interfaces, security systems, the applications, the back end databases, storage, management people ... a lot to go wrong. Full redundancy or a viable commitment to getting it back on its feet in short order costs a lot of money, in advance, all the time, every month, like insurance.

This is what COOP plans are for. Regardless of the reason for the failure, this is blatant proof of a failure to plan.

 

[basscat]

A little while back the health department had a similar issue. So did a sheriffs dept. Both systems were hacked and ransom demanded. This smells like the same thing.

 

[Bertfish]

A little while back the health department had a similar issue. So did a sheriffs dept. Both systems were hacked and ransom demanded. This smells like the same thing.

You bet MSP would pay as much as it took to keep that data

I hope they pay and it gets dumped anyways

 

[MigraineMan]

Dumb asses can’t even make an acronym properly. How are they going to manage a complex network infrastructure? There’s no E in Maryland. So it actually should be called MTERS. Sometimes attention to detail is silly. Other times, it protect you from catastrophic network failures. Looks like they have both.

No doubt, running on an IBM AS/400.

 

[IDFInfantry]

I'm starting to hear rumblings and rumors that our data has been compromised. Can someone please confirm this? It does have all of the hallmarks of a serious attack. I'm just wondering what the extent of it is? How much info did the hackers retrieve? All of it? I knew this day would come and I knew it wasn't a good idea to have all of our data stored on State Government owned computers. This is complete and utter B.S.

 

[wingsfan]

I guess the Commodore 64 finally died. Ebay is out of parts too. Can't they just call the Geek Squad and get it fixed?

 

[Bertfish]

I know someone at Baltimore County Sheriffs Office.

System has been down since Sunday. MSP isn't saying much.

 

[dblas]

You bet MSP would pay as much as it took to keep that data

I hope they pay and it gets dumped anyways

Since MSP does is NOT Tasked with maintaining any of the databases LE uses in Maryland, that falls on DPSC, they won't be paying anything.

DPSC on the other hand.....We will have to see what it is worth to them.

 

[dblas]

No doubt, running on an IBM AS/400.

Using LOTUS Notes

 

[gamer_jim]

I know someone at Baltimore County Sheriffs Office.

System has been down since Sunday. MSP isn't saying much.

Which system?

Msp or baco?

Sent from my SM-T320 using Tapatalk

 

[Bertfish]

Which system?

Msp or baco?

Sent from my SM-T320 using Tapatalk

MSP. Said person occasionally needs to access the affected system.

 

[rseymorejr]

Since MSP does is NOT Tasked with maintaining any of the databases LE uses in Maryland, that falls on DPSC, they won't be paying anything.

DPSC on the other hand.....We will have to see what it is worth to them.

THEY won't be paying either.

WE will be paying!

 

[Bertfish]

THEY won't be paying either.

WE will be paying!

I'll pay to see the system flushed

 

[gamer_jim]

Roger, thanks for clarifying.

Sent from my SM-T320 using Tapatalk

 

[cantstop]

The OPM data breach gave a whole lotta folks a certifiable G&S for CCW permit. Perhaps this will give all those Marylanders affected the same certifiable G&S.

 

[IDFInfantry]

I'm starting to hear rumblings and rumors that our data has been compromised. Can someone please confirm this? It does have all of the hallmarks of a serious attack. I'm just wondering what the extent of it is? How much info did the hackers retrieve? All of it? I knew this day would come and I knew it wasn't a good idea to have all of our data stored on State Government owned computers. This is complete and utter B.S.

Does anyone know what kind of info they could have potentially retrieved from the database? Does anyone know if sensitive info like address and social security number were encrypted? Is that required of government agencies to encrypt the data in a database containing sensitive information?

 

[Occam]

Does anyone know what kind of info they could have potentially retrieved from the database? Does anyone know if sensitive info like address and social security number were encrypted? Is that required of government agencies to encrypt the data in a database containing sensitive information?

Even if the underlying database or file system encrypts the stored data, anything that might need to be read by a human being and displayed on a screen somewhere has to have an application that can decrypt that data on the fly for normal use. It a system that hosts and runs the software in question has been compromised, the ability to decrypt that information most likely got compromised as well.

This is different than the way that your password, for example, is encrypted. There isn't usually a decryption process that can expose the password. All there is is the ability to encrypt what you provide as a password every time you log in, and compare the output to what was recorded when your password was first encrypted when you set it up. It's incredibly difficult to get back the actual password in a situation like that, if things are set up correctly. But file or database encryption, for data that will routinely need to be seen in plain text? If someone has access to the network/servers doing the storage, assume that data is not safe.

 

[IDFInfantry]

Geeez... Could 2020 get any worse? Maybe I shouldn't even ask that!

 

[IDFInfantry]

If I had to guess some liberal politically biased group paid to have someone hack into the systems to retrieve the information. I really hope that I'm wrong though and that our data is not compromised. Just think of the fallout from a mess like that. Think what organized criminal groups and terrorists could do with such information. It's a recipe for disaster and was from the start. Did they not see this coming?