Britain Helps Children Learn From Home By Procuring Them Laptops Preloaded With Russian Malware

from the whoops dept

As the COVID-19 pandemic swept across the world, one of the main points of contention has been how to handle schools. Some countries sent all students home to keep them from spreading the virus. Other countries made schools the last thing they shut down, if they ever did, arguing that schools haven't been a major source of transmission and teaching kids is too important to shut down. Here in America, most states did a hybrid model, choosing the absolute worst of both worlds. Teachers get hamstrung having to teach students both locally and remotely, which is basically impossible, while still having students and teachers come into schools to transmit the virus to one another.

Along the way, lots of schools took lots of actions meant to help students learn remotely, most of which were also quite dumb. Incorporating biometrics and AI to assist with remote testing sounds like a good idea, except these always go sideways. Privacy issues are discovered and kids learn how to game the AI-driven tests. Still other districts forced teachers to come into the school solely to teach kids who were at home and then told teachers to take their masks off if they were causing audio problems.

But to see the cake-taking, best combination for good intentions gone horribly wrong, you really have to hand it to the UK ordering a ton of laptops for remote learning... that also came pre-loaded with Russian malware.

The affected laptops, supplied to schools under the government's Get Help With Technology (GHWT) scheme, which started last year, came bundled with the Gamarue malware – an old remote access worm from the 2010s.

The Register understands that a batch of 23,000 computers, the GeoBook 1E running Windows 10, made by Shenzhen-headquartered Tactus Group, contained the units that were loaded with malware. A spokesperson for the manufacturer was not available for comment.

This is almost certainly an instance of someone prepping these machines using an image that somehow was infected with the malware... but still. Not having any checks prior to the machines getting out to school districts for this sort of thing and nearly rolling the machines out to students sure feels like incompetence. Also likely factoring into all of this is the extreme lack of supply for laptops from the more traditional manufacturers, leading some schools to go find off-brand alternatives. The GeoBook is one of those.

But again, still, Gamarue calls home somewhere inside of Russia and allows nefarious actors to remotely access these machines. Machines that almost certainly have webcams on them. That's... not good?

If the pandemic has exposed anything at all about humanity, it surely must be how wildly unprepared we were for it.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: covid-19, laptops, malware, pandemic, school children, uk


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Norahc (profile), 27 Jan 2021 @ 11:00pm

    It was a simple supply chain error. The laptops were supposed to come pre-loaded with British malware so the students couldn't "go dark".

    reply to this | link to this | view in chronology ]

  • icon
    PaulT (profile), 27 Jan 2021 @ 11:58pm

    "Of the Geo brand, another source said: "I'd never heard of Geo before; it's not a known manufacturer. There have been availability issues for a while now, the world has been buying lots of laptops and sometimes they are buying what they can get because the media and opposition parties are saying: 'You've got to roll this out quicker'.""

    "Sources told us reseller XMA sourced the kit but was not asked to configure it."

    So, fairly typical UK IT project, then. Something was overpromised, people are scrambling to get things in place and cutting corners, while even the most basic common sense action to ensure that laptops possibly not being supplied new are fit for purpose (as indicated by another comment about these being 2019 models) is buried away in red tape where both parties can deny it was their responsibility.

    The only surprising things here are that I've not seen any indication that the reseller involved is connected to some Tory MP's relative or side project, or that the project is over budget by tens of million of pounds, but I wouldn't be surprised to see those mentioned for a moment.

    reply to this | link to this | view in chronology ]

  • icon
    Upstream (profile), 28 Jan 2021 @ 1:18am

    I keep a piece of easily removable, opaque masking tape over the webcams of all my computers. Maybe ADT customers should consider this simple privacy measure.

    reply to this | link to this | view in chronology ]

    • icon
      PaulT (profile), 28 Jan 2021 @ 2:48am

      Re:

      It's good advice generally, and not to be argued with on principle. But, if you think that the main takeaway from fears of spying from government-issued laptops being infected with malware associated with hostile foreign powers is that kids should be expected to remember to cover up their webcam when not in use for school work, you might be missing the forest for the trees.

      reply to this | link to this | view in chronology ]

      • icon
        Upstream (profile), 28 Jan 2021 @ 4:48am

        Re: Re:

        No, not missing the forest for the trees. The comment was intended just as an aside. I guess I should have made that clear. I think the idea of government issued laptops is a bad idea to begin with, particularly given the British nanny-state / surveillance-state government. Throw in the Brand-X nature of the laptops, and you have double cause for concern.

        I think it is extremely fortunate that the malware was immediately detected. According to The Register:

        "In all known cases, the malware was detected and removed at the point schools first turned the devices on.

        That makes it sound like maybe some pre-installed anti-virus software picked it up, which would indicate a pretty lame attempt at malware propagation, not to mention the fact that the malware was ancient, by malware standards.

        All in all, it looks like it was probably just sloppiness on the part of Geo (or whoever) rather than an actual attempt at maliciousness.

        reply to this | link to this | view in chronology ]

        • icon
          PaulT (profile), 28 Jan 2021 @ 5:47am

          Re: Re: Re:

          True, this is more incompetence than anything else, but it suggests a number of larger issues. The laptops were apparently 2019 models, which already suggests they were either not from new stock or had some other reason for being left on the shelf. Sure, the AV software apparently found the malware - but the botnet involved was killed in 2017, 2 years before the laptops were manufactured.

          So, even if the whole thing was an accident, it raises major questions about the rest of their ability to supply properly working software overall. What other malware is in there that hasn't been noticed? Is the actual build any good, or is the whole thing as it is because they're using some dodgy licence or other workaround? Are they going to be supported and updated correctly in future? What about when a reinstall is required, do those images contain the same malware, or does the local image have another trojan waiting?

          Whenever I find a compromised system at work, I don't just remove the known compromise and put it all back online. I destroy and rebuild from a known good backup, because once a system is compromised you don't know what else is in there that you didn't spot. But in this case, it seems you can't even trust the original materials.

          reply to this | link to this | view in chronology ]

  • icon
    Siboni (profile), 28 Jan 2021 @ 7:32am

    What kind of Russian malicious software is installed? Usual services from Russian IT companies or spyware?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Jan 2021 @ 7:42am

    and i'll bet it wont be the fault of the laptop supplier, or the person who was supposed to check that the laptops were clean, or the person who suggested buying them, or even the politician who got a backhander from agreeing to spend government money on buying them! it will be the fault of the person(s) who installed the Russian Malware! typical of all governments, it's never their fault, whatever the problem, but in the case of the UK government, just another example of it's complete ineptitude!

    reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    icon
    Koby (profile), 28 Jan 2021 @ 9:01am

    The Great Procurement

    They should have sourced from a Chinese supplier. I hear their equipment doesn't come pre-installed with malware, instead it's only a firewall.

    reply to this | link to this | view in chronology ]

    • icon
      nasch (profile), 28 Jan 2021 @ 11:03am

      Re: The Great Procurement

      They should have sourced from a Chinese supplier.

      I know this is a joke but...

      "The Register understands that a batch of 23,000 computers, the GeoBook 1E running Windows 10, made by Shenzhen-headquartered Tactus Group, contained the units that were loaded with malware."

      Shenzhen is in China.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Jan 2021 @ 5:44pm

      Re: The Great Procurement

      You... really don't read the articles, do you?

      reply to this | link to this | view in chronology ]

      • icon
        PaulT (profile), 28 Jan 2021 @ 10:46pm

        Re: Re: The Great Procurement

        Well, at least in this case he's only wrong about the individual facts in this particular story and would otherwise be making an amusing point, whereas on the section 230 stories he's wrong about every fundamental piece of reality behind the story. Progress, I guess.

        reply to this | link to this | view in chronology ]

  • icon
    ECA (profile), 28 Jan 2021 @ 5:14pm

    Would love

    The Name of the tech company making this suggestion and being the middle man.
    He is making TONS, off of idiots. People who DONT SHOP AROUND, or AT LEAST look on amazon and COMPARE.
    GO FIND a Son of someone thats a GEEK. PLEASE.

    reply to this | link to this | view in chronology ]

    • icon
      PaulT (profile), 28 Jan 2021 @ 11:23pm

      Re: Would love

      "The Name of the tech company making this suggestion and being the middle man."

      That's explained in the linked article. The GHWT project has hired 3 contractors, of which XMA seem to be the ones involved here. XMA is a regular UK government contractor involved with a wide range of government projects.

      "People who DONT SHOP AROUND, or AT LEAST look on amazon and COMPARE."

      Shop around is good, but if you think that it's just a case of bulk buying at retail from Amazon at the moment you need to procure something for a government contract, then you might want to do a little research into how these things do (or at least should) work for bulk supplies. At the very least you don't want to be basing your bulk supplies on what happens to be available on Amazon at any one time, even if there wasn't an issue with funnelling off government money to foreign corporations instead of British based retailers/suppliers.

      "GO FIND a Son of someone thats a GEEK. PLEASE."

      Oh, God, FFS no! That's why UK IT projects are always such a huge mess, the Tories usually give them to some minister's son's shell company or someone they went to Eton with rather than finding the most competent contractors. The reason for this stuff being so bad is usually that someone's profiteering, not because they didn't look for people who could do the job efficiently.

      reply to this | link to this | view in chronology ]

      • icon
        ECA (profile), 29 Jan 2021 @ 3:07am

        Re: Re: Would love

        as to amazon, use it as a resource to see whats current, and the avg consumer prices. What they paid for a Celeron, even the newest version, is Garbage. I found the company and looked up the specs. 1.1 ghz. Then they could have called AMD, Intel, any of the major companies and delt with them.
        As to kids and geeks, I say geek with a Meaning, to compare the current products if you have Nothing to base things on, MOST kids probably know What hardware is current.
        Having Anyone except a PRO, IT person is ignorant. Let alone to confuse everyone, The Person that will CARE and distribute the laptops, SHOULD install the basic software ANYWAY.

        reply to this | link to this | view in chronology ]

        • icon
          PaulT (profile), 29 Jan 2021 @ 5:19am

          Re: Re: Re: Would love

          "as to amazon, use it as a resource to see whats current, and the avg consumer prices"

          Which is great for single retail purchases. If you think this is applicable to mass purchase agreements for thousands of items, I hope for the sake of your company that you're not involved in them.

          "Then they could have called AMD, Intel, any of the major companies and delt with them."

          So, you don't know how laptops are manufactured?

          "MOST kids probably know What hardware is current"

          Most kids know the popular Pokemon and internet memes too, that doesn't mean you base your business decisions on them.

          "The Person that will CARE and distribute the laptops, SHOULD install the basic software ANYWAY."

          You think the person making the business decisions on purchasing thousands of laptops, or the person responsible for the logistics of distributing them to thousands of end users, is the person responsible for setting them up?

          Have you ever held an actual job?

          reply to this | link to this | view in chronology ]

  • icon
    Gary Fixter (profile), 9 Feb 2021 @ 11:09am

    Great article!

    Is an awesome article!

    reply to this | link to this | view in chronology ]

  • icon
    Osvaldo Roncayolo (profile), 10 Feb 2021 @ 12:44pm

    Nice!

    I think this is a very useful article!

    reply to this | link to this | view in chronology ]

  • icon
    vikram (profile), 11 Feb 2021 @ 12:45am

    nice

    reply to this | link to this | view in chronology ]

  • icon
    BillyJoe (profile), 23 Feb 2021 @ 1:14am

    I would like to share my opinion on that topic. First of all, I've read that scientists have already proven that distance learning does not work. Children should grow among their peers. How can they get socialized if they are sitting in front of the screen? Otherwise, they will be doing that all their life. I do not appreciate that. I understand all the issues connected with the Covid. But there are some solutions. For example, Little Scholars preschools Brooklyn https://littlescholarsnyc.com/ work during the pandemic. They provide a high level of healthcare procedures following all the requirements. It is much better for kids to do to a kindergarten than sitting at home.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt

Tech & COVID is a new project by
Techdirt, with sponsorship from

Essential Reading
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.