OSdata tech blog
California EDD and Windows XP
California EDD and Windows XP
Californias EDD (Employment Development Department) places the unemployed at risk of cyber crime by continuing to use Windows XP (an unsupported operating system) on the computers available for public use.
On Friday, May 15, 2014, the California EDD announced that 1,457,000 Californians were unemployed.
Joe McMillan, a network technician and owner of Datamac Computer Systems, pointed out that the Santa Ana office of the EDD is using Windows XP and Internet Explorer 6, both of which are huge security risks.
Not only has Microsoft mounted a huge publicity campaign (that ran for more than a year) warning about the upcoming security problem and the need to upgrade, the U.S Treasury Department warned banks that more than 95% of the nations ATMs used Windows XP and were vulnerable to attack.
When Joe McMillan attempted to point this out to the person in charge, she said that not only did they encourage people to apply for jobs using the govrnment computers, that many people also used them for on-line banking and other secure operations.
Joe said his first thought was are you stupid, woman?
At this point, one must assume that all of the personal information entered into these government computers is immediately available to every cracker, identity thief, and cyber-terrorist is the world. Microsoft has made absolutely clear that these systems (Windows XP and Internet Explorer 6) are no longer supported and are no longer safe.
This means that when people use the computers to sign up for their unemployment benefits or any other purpose, all of their information is vulnerable, including their name, address, phone, and social security number.
These public computers are connected to both the internet and to the EDD local area network (LAN). Any cracker who has broken into one of the vulnerable Windows XP computers can set up a network sniffer and watch the data being moved around internally in the EDD. This means that even if the office computers have been upgraded (and in large organizations computers are usually upgraded as a group, not individually), anything that the EDD workers send on their internal network is potentially available to all of the cyber criminals in the world.
Many cyber criminals set up their computers to step through every valid IP address one at a time and attempt to connect. If their bots have a successful connection, then the bots attempt to invade through any secuity hole. This is all automated. Every computer connected to the internet faces these automated attacks often. These automated attacks will (and have almost certainly already) break into Windows XP machines.
Microsoft recommends that people upgrade to Windows 7 or Windows 8. Apple wants people to switch to the iPad or Macintosh (Mavericks 10.9).
Of course, there is a reliable and free alternative that will save the government money: Linux.
Linux Mint is free and the website provides a free downloadable installer with step by step instructions.
While Linux Mint isnt as nice as Mac OS X Mavericks or Windows 8, it is easier to use than Windows XP (the system being replaced).
Further, the program WINE will allow anyone to run almost any Windows program on Linux, BSD, Solaris, and Mac OS X. And I mean almost any. WINE will run Windows programs from Windows 3.1 to Windows 8, and everything in between. Microsoft themselves, have repeatedly abandoned the ability to run older Windows programs.
The use of firewalls and anti-virus software will not make these computers safe. One must assume that these computers are way too juicy a target to have been ignored by crackers, con artists, identity thieves, and cyber terrorists. And even if the computers are not specifically targeted, many crackers and cyber criminals methodically search all computers connected to the internet and in the last month many of these efforts must have invaded the EDD computers.
As just one example, con artists will find enough personal information to effectively use the relative in peril con. In this con, the con artist makes a cold call and claims to be a government or hospital official and that money needs to be wired immediately to help a relative get out of jail or be admitted to a hospital.
Crackers have access to all of the information provided to potential employers.
And the on-line banking reveals all of the information neeed for both identity theft and for directly stealing from personal bank accounts and the EDD bank accounts set up for distribution of EDD payments.
There is no excuse for the California EDD to be encouraging identity thieves to steal personal information from unemployed Californians who most need help.
And if the EDD is using Windows XP and IE 6 on their office computers, every piece of information that is entered or read on those computers is hand-delivered to every cracker and cyber criminal who wants it.
Depending on the network used (but it is probably an old network), any data sent over the network could potentially be at risk, even if traveling between two otherwise secure computers.
call to action
It seems to me that this would be the perfect opportunity for the government to switch to the free and reliable alternative of Linux, which will run on the old machines for free. Just take a Linux Mint install disk from machine to machine and use WINE to run any of the Windows programs.
California Governor Edmund G. Brown Jr. can be reached at https://govnews.ca.gov/gov39mail/mail.php.