nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
FedEx: TNT NotPetya infection blew a $300m hole in our numbers

$300M!!

"Holy crap!" said every CEO in America. "Let's convene an emergency meeting of the Board and all the IT/Security department heads and find out exactly what's needed in the 2018 budget to prevent it happening here!"

And then I woke up.

24
0
Silver badge

Re: $300M!!

It is "holy crap", but from a different department - the "find excuses for a write-off/declare losses" department.

So, actually, the reaction at board level was: "Holy crap, why we did not get infected too, we should reduce the security spend".

10
0
Gold badge

Re: $300M!!

It is "holy crap", but from a different department - the "find excuses for a write-off/declare losses" department.

That's exactly what I thought. To borrow a line from the former New Labour press staff, it was clearly a good time for bad news.

4
0
Silver badge
Facepalm

Re: $300M!!

They would, but they got rid of their IT security as a cost saving measure last financial year to ensure their bonuses.

The emergency meeting is about who they can blame if "when" the excreta hits the fan.

8
0
Silver badge

Re: $300M!!

The emergency meeting is about who they can blame if "when" the excreta hits the fan.

I'm sure that there are plenty of rogue engineers that they can blame.

In fact, I'm suspecting that these companies will soon be recruiting for the post of "official rogue engineer" - someone who doesn't actually have to do anything, but is prepared to be the sacrificial lamb whenever someone vaguely technical needs to be blamed.

After all, why spend good money on a large team of people who know what they are doing when you can outsource stuff to a lowest-bid offshore team and keep a sacrificial goat at low cost?

More bonuses and a pre-prepared fall guy.

In fact, I think I'm going to patent it and sit back to wait for the sweet, sweet $CURRENCY_UNITS to flow in.

2
0

Re: $300M!!

Sounds like a job for Barney Stinson as his last job title was P.L.E.A.S.E. (Provide Legal Exculpation and Sign Everything)

1
0
Anonymous Coward

Congratulations!

Can these companies summarize this and send it to all their customers and employees to congratulate them on being collateral damage?

Wake them up to the importance of international behaviours and misbehaviours by likening this digital fallout to the bogeyman of nuclear fallout? "Kim might blow up Nagoya!" they fret. Putin blowing up something you depend on is more likely, because it has already happened.

5
0
Silver badge
Pirate

Re: Congratulations!

Security is hard but I have this app that will help. Just give it the network password and it will tell you what to do.

4
0
Silver badge
Big Brother

Re: Congratulations!

> Putin blowing up something you depend on is more likely

"Clear and present dangers", on page 55 at the bottom, directly before NAZIS detected on Twitter protecting statues of General Lee.

0
1
Anonymous Coward

300m? .. How may 'IT Pros' would that pay for?

300m gotta hurt! Wonder how many IT souls they could have hired for that meantime??? But no, 'Tight-Ass' corporations that have been shit-canning & outsourcing IT / Tech staff for years, since the 90's... So hey, time to reap the whirlwind fuckers... And meantime look what at what Fed-Ex are still doing:

~~~~~~~~~~~~~~~~

https://www.theregister.co.uk/2017/03/24/fedex_paying_five_dollars_to_install_flash/

"FedEx will deliver you $5.00 just to install Flash. That page offers a link to download Flash, which is both a good and a bad idea. The good is that the link goes to the latest version of Flash, which includes years' worth of bug fixes. The bad is that Flash has needed bug fixes for years and a steady drip of newly-detected problems means there's no guarantee the software's woes have ended. Scoring a $5 discount could therefore cost you plenty in future."

2
0
Silver badge

Re: 300m? .. How may 'IT Pros' would that pay for?

AC - Security as well as other areas of IT demand competence and competence does not come cheap. Dumbsourcing IT is a guarantee of a disaster waiting to happen. What dumbsourcers forget is an employee's first loyalty is the company issuing the paycheck not to the ultimate client. So if you want first loyalty the staff needs to be internal not external.

5
1
Silver badge

Well lets estimate

Well at 100k of costs a year for a decently competent employee, that's 3000 man years.

The Cray 1 supercomputer took about 100 man years to develop, so did the 6502. So depending on how to do it, you can design the hardware for your own computer with 200 man years.

Software is a different question, but writing a UNIX-clone takes a few man years. I know that because I've started writing one based on the FreeRTOS operating system and I got rather far in about half a year. So if you build your software with state of the art security, i.e. making it mostly provable, it'll take something between a hundred and a thousand man hours.

So essentially they could have gone the route of developing their own systems for exactly their own purposes with state of the art security for less than this cost them. They then would have been sure that there were no fileservers running they don't want. They would have been sure that their e-mail client wouldn't execute word macros, etc.

1
1
Silver badge

Re: 300m? .. How may 'IT Pros' would that pay for?

"competence does not come cheap."

That's not fully true, incompetent people aren't necessarily cheaper than competent ones, because they suffer the Dunning Kruger effect and believe they are highly competent.

0
1
Anonymous Coward

The clue is in the title

Inadequate patching

Incompetent management

No DRP

Outsourcing

Malware

Literally an explosive recipe that detonated.

0
0
Anonymous Coward

TNT NotPetya infection blew a $300m hole in our numbers

TNT management incompetence blew a $300M hole in their numbers.

Everything else is extra detail.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing