The guys who actually do the work of cyber defense have very little to do with this or any other politics. They get a budget of dollars and man-hours and do the best job they can with what they are given.
More money does not necessarily equal more security (although it helps). Staff not following security
policy is a more likely infection source than an zero-day exploit no one has ever heard of.
I agree.
I thought I had perceived some attitude of “Those bad Russians!”
We’ll know Russia hacked Trumps twitter account when he concedes.
Putin’s a monster, but even he has limits.
The only reason he has not done it yet is because he is tactically savvy. He might still do it, when the time is right if he thinks it suits his plans! Beware! (Diabolical laughter!)
And Trump, who does not appreciate cats, dogs or any other animal that cannot be cooked for him would not even understand what the whole fuss was about.
Lawmakers ask whether massive hack amounted to act of war
The seriousness seems to be escalating, so I’m a little perplexed why I’m not hearing more about this on the news (are you guys? I’m not seeing much at all unless I seek it out).
It appears nothing will be done by this administration, and as pointed out, the incoming admin isn’t getting security briefings anymore. TBD what it all ends up meaning.
The context of this incident matters.
There is a lot of discussion in this thread, and in the media generally, that seems to perceive the Russians’ penetration of American government systems as a narrowly focused, deliberate act. That is not an accurate perception. The Russians did not specifically and exclusively attack US government technology assets.
Rather, the Russians somehow managed to compromise the codebase of the Orion infrastructure monitoring platform published by the SolarWinds corporation. Orion software has been installed and is being used by literally tens of thousands of companies, including some but not all US agencies.
While facts are still emerging, it would be more reasonable and plausible to regard this as a broad-scope effort against a background component with wide-scale implementation, essentially an attempt to throw out a very large fishing net, which happened to succeed well beyond the planners’ original intent.
When they realized how well it was working, and especially when they realized they had achieved penetration into US government systems, of course they exploited their access for all it was worth. But that, most likely, was not the conscious goal. It’s more like they hung a bug on the collar of everybody walking through the front door of a shopping mall just to see what they could get, and happened to luck into bugging a couple of highly-placed people who routinely discuss sensitive information.
Which means the Trump administration’s failure here is not that by taking their eyes off the ball they essentially invited the Russians to hack into the US government. No — by slashing cybersecurity programs and cutting the legs out from under America’s technological defense posture, they allowed the Russians to hack everybody.
Thanks for this analysis @Cervaise - great post and a much needed contribution.
What Russia does not understand is that the direction they are pushing leads straight to nuclear war. Is that what they are seeking? I mean, a glowing Putin, is something, but such a Putin is likely no longer alive.
And unsurprisingly, Trump has finally been forced to tweet something about this, after Pompeo said yesterday that it was certainly the Russian government behind this.
Trump undercut Pompeo, and suggested that maybe it was China behind it (with no evidence). Because of course he did. Trump is a Russian agent - either willingly or as a useful idiot.
Trump also tweeted some bullshit about how this hack had an effect on the election. With no evidence. Because of course he did. He’s not in this plane of reality.
Of course, because when Putin had unfettered access to the White House, he insisted that what he was installing was just tiny little decorations for the computers, and Trump believed him.
Hey, hey. Whoa, whoa, whoa. I have it on good authority from the Trump supporters who call in to CSPAN in the morning that Trump has been tougher on Russia than any other president, ever.
…if Ossoff and Warnock win, or when Biden’s inaugurated, or bascially anything that might displease the bare-backed horse-rider. The trend will be observed, as the dread sinks in that the really shitty hockey player truly does have us by the short and curlies.
That’s funny as hell. Trump could have a similar video, with golf.
Licensing for Orion can reach well into 6-7 figures depending on your environment. If that’s the attack vector you’re using, I’m not sure I buy that you “mistakenly” hooked major government departments.
I didn’t say mistakenly. What I said was, it struck me as an opportunistic hack that succeeded beyond expectations.
It could lead to nuclear war but I seriously doubt that they’ve done anything that would be so provocative that we’d immediately launch nukes - that wouldn’t be in our interest either.
I don’t pretend to be an expert on cyber warfare, but I see two likely “messages” or intents behind these large scale intrusions (keep in mind, we probably do it to them, too).
This hack sends a message: not that they want to wreak havoc, but they want us to believe that they could if sufficiently provoked. It’s similar to a nuke test: if you’re Russia, you don’t test a nuke on the US by landing an ICBM in Hawaii or Alaska; you’d blow it up in some remote part of Siberia to let us see what would happen if they did.
Russia probably doesn’t want any part of a nuclear war; however, a full-on cyber war that hits our economy and infrastructure may very well be something they’re preparing for. Keep in mind that Russia is getting squeezed by sanctions and they’ve been languishing economically for some time. And politically, Putin and his approach to governance are under some level of strain, and Putin is convinced that the West is fanning those flames. The West is definitely constraining how oligarchs can hide their money in foreign accounts, which has a lot to do with how they run their kleptocracy (See Magnitsky Act).
My conclusion is that Trump knows Putin is using him somehow but he is such an ignoramus in foreign and political affairs that may legitimately be truthful in pleading ignorance. In other words, he knows Putin uses him somehow but he may have absolutely no idea how he’s being used.
It’s worse than you think. It is not only about what was stolen but what might still be stolen.
The Russians had access to 18,000 company computer systems. They almost certainly set about placing more backdoors into those systems. Backdoors they can leave alone for years before turning them on. The Russians will mine this gold mine for years to come. It’s like I robbed your house through the backdoor so you change the locks on the backdoor but cannot see the 100 invisible to you new doors into your house that I made while I was in the house.
Closing the door on the Solarwinds hack is only the barest start to fixing the problem.
It’s a bit like whack-a-mole.