Birmingham’s $125M ‘Oracle Disaster’ Blamed on Poor IT Project Management

It was “a catastrophic IT failure,” writes Computer Weekly. It was nearly two years ago that Birmingham City Council, the largest local authority in Europe, “declared itself in financial distress” — effectively declaring bankruptcy — after the costs on an Oracle project costs ballooned from $25 million to around $125.5 million.

But Computer Weekly’s investigation finds signs that the program board and its manager wanted to go live in April of 2022 “regardless of the state of the build, the level of testing undertaken and challenges faced by those working on the programme.” One manager’s notes “reveal concerns that the program manager and steering committee could not be swayed, which meant the system went live despite having known flaws.”

Computer Weekly has seen notes from a manager at BCC highlighting a number of discrepancies in the Birmingham City Council report to cabinet published in June 2023, 14 months after the Oracle system went into production. The report stated that some critical elements of the Oracle system were not functioning adequately, impacting day-to-day operations. The manager’s comments reveal that this flaw in the implementation of the Oracle software was known before the system went live in April 2022… An insider at Birmingham City Council who has been closely involved in the project told Computer Weekly it went live “despite all the warnings telling them it wouldn’t work”….

Since going live, the Oracle system effectively scrambled financial data, which meant the council had no clear picture of its overall finances. The insider said that by January 2023, Birmingham City Council could not produce an accurate account of its spending and budget for the next financial year: “There’s no way that we could do our year-end accounts because the system didn’t work.”

A June 2023 report to cabinet “stated that due to issues with the council’s bank reconciliation system, a significant number of transactions had to be manually allocated to accounts rather than automatically via the Oracle system,” according to the article. But Computer Weekly has seen a 2019 presentation slide deck showing the council was already aware that Oracle’s out-of-the-box bank reconciliation system “did not handle mixed debtor/non-debtor bank files. The workaround suggested was either a lot of manual intervention or a platform as a service (PaaS) offering from Evosys, the Oracle implementation partner contracted by BCC to build the new IT system.”

The article ultimately concludes that “project management failures over a number of years contributed to the IT failure.”

Read more of this story at Slashdot.

New Linux Version of Ransomware Targets VMware ESXi

“Researchers observed a new Linux variant of the TargetCompany ransomware family that targets VMware ESXi environments,” reports BleepingComputer:

In a report Wednesday, cybersecurity company Trend Micro says that the new Linux variant for TargetCompany ransomware makes sure that it has administrative privileges before continuing the malicious routine… Once on the target system, the payload checks if it runs in a VMware ESXi environment by executing the ‘uname’ command and looking for ‘vmkernel.’ Next, a “TargetInfo.txt” file is created and sent to the command and control (C2) server. It contains victim information such as hostname, IP address, OS details, logged-in users and privileges, unique identifiers, and details about the encrypted files and directories. The ransomware will encrypt files that have VM-related extensions (vmdk, vmem, vswp, vmx, vmsn, nvram), appending the “.locked” extension to the resulting files.

Finally, a ransom note named “HOW TO DECRYPT.txt” is dropped, containing instructions for the victim on how to pay the ransom and retrieve a valid decryption key.

“After all tasks have been completed, the shell script deletes the payload using the ‘rm -f x’ command so all traces that can be used in post-incident investigations are wiped from impacted machines.”

Thanks to long-time Slashdot reader joshuark for sharing the article.

Read more of this story at Slashdot.

Is Nuclear Power in America Reviving – or Flailing?

Last week America’s energy secretary cheered the startup of a fourth nuclear reactor at a Georgia power plant, calling it “the largest producer of clean energy, and the largest producer of electricity in the United States” after a third reactor was started up there in December.
From the U.S. Energy Department’s transcript of the speech:

Each year, Units 3 and 4 are going to produce enough clean power to power 1 million homes and businesses, enough energy to power roughly 1 in 4 homes in Georgia. Preventing 10 million metric tons of carbon dioxide pollution annually. That, by the way, is like planting more than 165 million trees every year!

And that’s not to mention the historic investments that [electric utility] Southern has made on the safety front, to ensure this facility meets — and exceeds — the highest operating standards in the world….

To reach our goal of net zero by 2050, we have to at least triple our current nuclear capacity in this country. That means we’ve got to add 200 more gigawatts by 2050. Okay, two down, 198 to go! In building [Unit] 4, we’ve solved our greatest design challenges. We’ve stood up entire supply chains…. And so it’s time to cash in on our investments by building more. More of these facilities. The Department of Energy’s Loan Programs Office stands ready to help, with hundreds of billions of dollars in what we call Title 17 loans… Since the President signed the Inflation Reduction Act and the Bipartisan Infrastructure Law, companies across the nation have announced 29 new or expanded nuclear facilities — across 16 states — representing about 1,600 potential new jobs. And the majority of those projects will expand the domestic uranium production and fuel fabrication, strengthening these critical supply chains…
Bottom line is, in short, we are determined to build a world-class nuclear industry in the United States, and we’re putting our money where our mouth is.

America’s Energy Secretary told the Washington Post that “Whether it happens through small modular reactors, or AP1000s, or maybe another design out there worthy of consideration, we want to see nuclear built.” The Post notes the Energy department gave a $1.5 billion loan to restart a Michigan power plant which was decommissioned in 2022. “It would mark the first time a shuttered U.S. nuclear plant has been reactivated.”

“But in this country with 54 nuclear plants across 28 states, restarting existing reactors and delaying their closure is a lot less complicated than building new ones.”

When the final [Georgia] reactor went online at the end of April, the expansion was seven years behind schedule and nearly $20 billion over budget. It ultimately cost more than twice as much as promised, with ratepayers footing much of the bill through surcharges and rate hikes…

Administration officials say the country has no choice but to make nuclear power a workable option again. The country is fast running short on electricity, demand for power is surging amid a boom in construction of data centers and manufacturing plants, and a neglected power grid is struggling to accommodate enough new wind and solar power to meet the nation’s needs…

As the administration frames the narrative of the plant as one of perseverance and innovation that clears a path for restoring U.S. nuclear energy dominance, even some longtime boosters of the industry question whether this country will ever again have a vibrant nuclear energy sector. “It is hard for me to envision state energy regulators signing off on another one of these, given how badly the last ones went,” said Matt Bowen, a nuclear scholar at the Center on Global Energy Policy at Columbia University, who was an adviser on nuclear energy issues in the Obama administration.
The article notes there are 19 AP1000 reactors (the design used at the Georgia plant) in development around the world. “None of them are being built in the United States.”

Read more of this story at Slashdot.

US Justice Department Indicts Creators of Bitcoin-Anonymizing ‘Samouri’ Wallet

America’s Justice Department “indicted the creators of an application that helps people spend their bitcoins anonymously,” writes Reason.com:

They’re accused of “conspiracy to commit money laundering.” Why “conspiracy to commit” as opposed to just “money laundering”?

Because they didn’t hold anyone else’s money or do anything illegal with it. They provided a privacy tool that may have enabled other people to do illegal things with their bitcoin… What this tool does is offer what’s known as a “coinjoin,” a method for anonymizing bitcoin transactions by mixing them with other transactions, as the project’s founder, Keonne Rodriguez, explained to Reason in 2022: “I think the best analogy for it is like smelting gold,” he said. “You take your Bitcoin, you add it into [the conjoin protocol] Whirlpool, and Whirlpool smelts it into new pieces that are not associated to the original piece.”

Reason argues that providing the tool isn’t a crime, just like selling someone a kitchen knife isn’t a crime:

The government’s decision to indict Rodriguez and his partner William Lonergan Hill is also an attack on free speech because all they did was write open-source code and make it widely available. “It is an issue of a chilling effect on free speech,” attorney Jerry Brito, who heads up the cryptocurrency nonprofit Coin Center, told Reason after the U.S. Treasury went after the creators of another piece of anonymizing software…

The most important thing about bitcoin, and money like it, isn’t its price. It’s the check it places on the government’s ability to devalue, censor, and surviel our money. Creators of open-source tools like Samourai Wallet should be celebrated, not threatened with a quarter-century in a federal prison.
Long-time Slashdot reader SonicSpike shared the article…

Read more of this story at Slashdot.