Or someone specific. This may be as bad as Snowden, but there is no Snowden to point at and hate.
a lot of cheap places don’t upgrade unless they are forced to. Which leads to a lot of 70s tech still running all over the US. Way back I used VAX systems and they had default passwords for new systems that some places did not change.
I assume heads will roll at solarwinds probably including the CEO
Hell, it was just a few years ago that Congress let us upgrade from Windows NT!
In the “ghosts of Christmas parties” thread, I mentioned the worldwide membership organization I used to work for. At the time, they had a Seventies mainframe which was accessed via dumb terminals encased in wood.
How about…
Also…
This isn’t going to be much comfort, but the fact that 18,000+ organizations got penetrated doesn’t really increase your exposure. That’s way too many targets to exploit. I would guess that 90% of those never got touched (either at all, or after initial reconnaissance).
Whether you are immediately affected or not depends on your proximity to the actor’s intent. If this was a nation-state adversary, they’re not interested in your bank account (with the possible exception of North Korea). There’s too much actual high-quality espionage target material in the attack space to piddle around with most citizens’ mundane cyber footprint.
With the pandemic, the hacking, and Trump’s last days upon us, I do not think America has been this vulnerable since 1777.
How it started:
How it’s going:
That tweet didn’t age well. Not that any of his do age well.
I’m saving my outrage for until we find out what the hack actually did. This could just mean that Russia has access to the same sort of network traffic information that Solarwind was providing to their customers, and Russia knowing how many bytes of data are transferred between, say, the Pentagon and various overseas bases isn’t really something to worry about. It could mean that Russia has access to what all of those bytes were… which still isn’t something to worry much about, so long as good encryption was used (though somewhat worrisome, because I’m less than completely confident that the DoD is using good encryption). It could mean that they’ve got plaintext of all of those communications, which is somewhat worrisome. And it could mean that they have trojans inserted into all of the navigation and fire control systems of every US vehicle and weapons emplacement, capable of complete takeover of those systems. Or a bunch of other possible threats in between.
There definitely seems to have been a lot of ‘If I did what Hillary did with her emails, I would have been fired/imprisoned/busted in rank’ people who would give long-winded explanations of why her emails were so bad who now are mysteriously absent regarding this hack.
I would appreciate their descriptions of how they would get fired if they allowed this to happen, complete with long-winded technical and legal reasons. Might prove entertaining, even helpful and informative!
The OPM was hacked by the Chinese for more than a year in 2014-15, resulting in the release of background check / security clearance information (i.e., blackmail material) for four million federal employees, and personal information for another maybe 15 million Americans listed as contacts. It barely registered a blip here or in the public at large. China arrested a few people but faced no sanctions.
Indeed, the details on what “Sunburst” was capable of are scarce on the ground. However, given that they were able to compromise the update server, and that the payload was described as a backdoor, and it’s been documented as stealing signing certificates; I’m assuming that it could download and install/run arbitrary code. With the large number of remote exploits for Active Directory servers in the last year, I’m not hopeful for it being easily contained. I’m a Unix guy, but the potential for this particular toehold into Windows systems within the exploits patched for them in last few months makes my brain melt. I’m so glad I’m not personally involved with anything regarding dealing with this hack (nope, not even an email case related to it), but I feel for the folks who are dealing with it.
This is bad, and it probably has nothing to do with Trump. I’d like to blame the son of a bitch for everything, but this can’t really be laid at his feet unless he was running Solarwinds. When an adversary in cybersecurity has an exploit, it’s exceedingly rare for them to wait to use it. For example, this ran from March to June, and then it was apparently not infecting people anymore. For the intruder, it’s never known how long their foothold will work, so they usually strike as soon as they know they can.
True, but Trump’s reaction to it is predictable…
… how dare anybody blame his good buddy Putin!
… on the other hand, maybe they hacked the voting machines!
“The Cyber Hack is far greater in the Fake News Media than in actuality,” Trump tweeted on Saturday morning. “I have been fully briefed and everything is well under control. Russia, Russia, Russia is the priority chant when anything happens because [US media] is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!)”
“There could also have been a hit on our ridiculous voting machines during the election,” Trump wrote, “which is now obvious that I won big, making it an even more corrupted embarrassment for the USA.”
He’s running the country, for fucks sake. Of course he’s responsible. He’s doesn’t duck responsibility by choosing to watch TV instead of reading security briefings, by putting corrupt toadies in charge of key government functions instead of competent people. And specifically:
Yeah, he’s a 24x7 fucktard, and his response is guaranteed to be useless. He may make the results worse, but this was still going to happen no matter who was president.
And if you have any evidence that budget would have been used to move those agencies off of Solarwinds, then it might have something to do with this hack. As far as I can tell, that’s not the case, and not using Solarwinds’ Orion was the only way to avoid this hack.
Sure, there’s no way that a president who’s in Putin’s pocket and has been siphoning funding and talent away from cybersecurity has any plausible relationship to a massive cybersecurity breach to Russia.
How on earth can you think it’s reasonable to assume that people and resources that were not there because of Trump could not possibly have prevented or at least ameliorated this? Your suggestion that I have some additional burden of proof beyond clear evidence that Trump was actively diverting resources away from cybersecurity is preposterous.
Because they simply weren’t planning on moving off the popular piece of software, no matter what the budget. Up until then, it had been relatively trustworthy. It wasn’t like removing Solarwinds from your network was a standard security or hardening practice that you’d follow if you only had the budget to do so.
So however many smart people had hypothetically been devoted to cybersecurity over the past few years while Trump was instead gutting it, none of them could conceivably have spotted any potential problem here or done anything about it?
By your reasoning, presumably you’d advocate that we may as well just shut down the entire cybersecurity division and save the money - because going forward why would you expect it to be any different? There’s nothing anyone could possibly do to improve the situation.
Your position is utterly ridiculous.
The issue never was, is, or will be moving off SolarWinds. That’s a very strange thing to think. The issue is only finding the security vulnerability and fixing it.
If there had been more people looking for vulnerabilities and security breaches they might have found the problem sooner, and fixed it before so many systems were compromised.