The US Commerce Department has admitted that an apparent 2012 cyberattack on one of its bureaus, which it spent a year and almost US$3 million combatting, was in fact a common malware infection.
Federal officials were so worried the infection would spread to economically sensitive information that 200 employees of its job development bureau had to spend months without e-mail or access to internet servers and databases. BlackBerrys were abandoned, and there was no internet communication with regional offices.
Officials spent millions destroying computers, hiring consultants and securing temporary networks before building a new operating network from scratch.
But it turned out the infection, present on just six computers, could have been erased with common anti-virus tools and other security steps.
In a report, Commerce Department inspector general Todd Zinser described a series of errors that led the Economic Development Administration (EDA) to take drastic steps after a Department of Homeland Security team flagged a possible virus in December 2011.
Inexperienced, unqualified IT employees overreacted to information that turned out to be wrong, investigators found in their June 26 report. They spoke past one another and did not validate how many computers had been targeted. They failed to heed early conclusions that this was not a large-scale attack by a foreign entity.
EDA officials hired an outside cybersecurity contractor at a cost of US$823,000 to investigate the "attack". They destroyed desktops, laptops, servers and printers worth US$175,000. The destruction stopped only because they ran out of money - and Commerce officials denied their request for millions of dollars to demolish more equipment.
US$1.1 million was spent on new computers and temporary equipment, now being replaced with permanent networks.
"In retrospect, it was not as serious as they originally thought," said Rebecca Blank, acting commerce secretary in June last year, who ordered the report.