Post #437,729
12/13/20 5:32:20 PM
12/13/20 5:32:20 PM
|
Putin-hacking of Duh-US Govt et al--summarized with latest bucket-list
WaPo
Russian government spies are behind a broad hacking campaign that has breached U.S. agencies and a top cyber firm
[. . .]
The campaign is said to be quite broad, encompassing an array of targets, including government agencies in the United States and other countries. It has been running for months, one person said.
In 2015, the same group compromised the servers of the Democratic National Committee. But unlike a rival Russian spy agency, which also hacked the DNC, it did not leak stolen material. In 2016, the GRU military spy agency leaked hacked emails to the online anti-secrecy organization WikiLeaks in an operation that disrupted the Democrats’ national convention in the midst of the presidential campaign.
The SVR, by contrast, hacks for traditional espionage purposes, stealing information that might help the Kremlin understand the plans and motives of politicians and policymakers. Its operators also have filched industrial secrets, hacked foreign ministries and gone after coronavirus vaccine data.
as Security-itself joins Incredible! ... words not meaning what you think-they-mean. Welcome to the Monkey House© /Kurt. V., whenever you Are.
|
Post #437,738
12/14/20 12:54:36 PM
12/14/20 12:54:36 PM
|
Solarwinds software was hacked then the distro proceeded into govt systems
"Science is the belief in the ignorance of the experts" – Richard Feynman
|
Post #437,749
12/14/20 3:37:17 PM
12/14/20 3:37:17 PM
|
Now DHS..
WaPo
The Department of Homeland Security is the third federal agency to have fallen victim to a major cyberespionage campaign by the Russian government, joining the Treasury and Commerce departments as targets that have been compromised, officials said Monday.
The list of victims is expected to grow and to include more private companies, said officials and others familiar with the matter, who spoke on condition of anonymity because the matter is under investigation.
The fact that the department charged with safeguarding the country from physical and cyber attack was victimized underscores the campaign’s significance and calls into question the adequacy of federal cybersecurity efforts.
DHS spokesman Alexei Woltornist said that DHS is aware of reports of a breach and is currently investigating the matter. The compromise of that agency was first reported by Reuters.
Russia has denied any role in the attacks.
|
Post #437,752
12/14/20 4:14:17 PM
12/14/20 4:14:17 PM
|
Maybe they (and especially NSA) should spend more time on defense instead of attacks
Is cybersecurity the exception to the rule that the best defense is a strong offense?
|
Post #437,754
12/14/20 5:12:27 PM
12/14/20 5:12:27 PM
|
have you met security folks? Theatre mostly
soon as I heard I shut the systems off then called the sec folks
they started whining about I didnt have paperwork to do that "Science is the belief in the ignorance of the experts" – Richard Feynman
|
Post #437,762
12/14/20 10:47:24 PM
12/14/20 10:47:24 PM
|
There is a fix.
Alex
"There is a cult of ignorance in the United States, and there has always been. The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that "my ignorance is just as good as your knowledge."
-- Isaac Asimov
|
Post #437,763
12/14/20 11:04:52 PM
12/14/20 11:04:52 PM
|
The true fix
Throw out all the computers and start over from scratch. Given how hackable UEFI has been shown to be, I wouldn't trust a single computer to not start phoning home even if they do a full wipe & reload.
|
Post #437,772
12/15/20 8:18:02 PM
12/15/20 8:18:02 PM
|
What business are these crackers in?
https://forums.theregister.com/forum/all/2020/12/16/solarwinds_github_password/In a message to The Register, Kumar said that on November 19, 2019, he told SolarWinds "their update server was accessible with the password 'solarwinds123' which is leaking in the public Github repo. They fixed the issue and replied to me on [November 22]. But that Github repo was open for two to three weeks before I reported." Unconfirmed, but if true, I have this sinking feeling that may not have been the only account that password :-/
|
Post #437,774
12/15/20 10:40:04 PM
12/15/20 10:40:04 PM
|
security and monitoring software tools are very lackadasial when it comes to security and monitoring
"Science is the belief in the ignorance of the experts" – Richard Feynman
|
Post #437,777
12/16/20 3:59:49 AM
12/16/20 3:59:50 AM
|
(If you Know this: "why haven't you committed seppuku, rather than staying-on? quietly")
..someone might ask; (I wouldn't; calls for facts not in evidence)
*cough*.
|
Post #437,783
12/16/20 3:21:10 PM
12/16/20 3:21:10 PM
|
I point out the foibles to the pecksniffs
"Science is the belief in the ignorance of the experts" – Richard Feynman
|
Post #437,779
12/16/20 11:46:51 AM
12/16/20 11:46:51 AM
|
C&C domain has been seized and blackholed
|
Post #437,780
12/16/20 12:57:03 PM
12/16/20 12:57:03 PM
|
Krebs' reporting on these things always seems to be good and level-headed.
https://krebsonsecurity.com/2020/12/solarwinds-hack-could-affect-18k-customers/[...]
The breach at SolarWinds could well turn into an existential event for the company, depending on how customers react and how SolarWinds is able to weather the lawsuits that will almost certainly ensue.
“The lawsuits are coming, and I hope they have a good general counsel,” said James Lewis, senior vice president at the Center for Strategic and International Studies. “Now that the government is telling people to turn off [the SolarWinds] software, the question is will anyone turn it back on?”
According to its SEC filing, total revenue from the Orion products across all customers — including those who may have had an installation of the Orion products that contained the malicious update — was approximately $343 million, or roughly 45 percent of the firm’s total revenue. SolarWinds’ stock price has fallen 25 percent since news of the breach first broke.
Some of the legal and regulatory fallout may hinge on what SolarWinds knew or should have known about the incident, when, and how it responded. For example, Vinoth Kumar, a cybersecurity “bug hunter” who has earned cash bounties and recognition from multiple companies for reporting security flaws in their products and services, posted on Twitter that he notified SolarWinds in November 2019 that the company’s software download website was protected by a simple password that was published in the clear on SolarWinds’ code repository at Github.
[ tweet image ]
Andrew Morris, founder of the security firm GreyNoise Intelligence, on said that as of Tuesday evening SolarWinds still hadn’t removed the compromised Orion software updates from its distribution server.
[ tweet image ]
Another open question is how or whether the incoming U.S. Congress and presidential administration will react to this apparently broad cybersecurity event. CSIS’s Lewis says he doubts lawmakers will be able to agree on any legislative response, but he said it’s likely the Biden administration will do something.
“It will be a good new focus for DHS, and the administration can issue an executive order that says federal agencies with regulatory authority need to manage these things better,” Lewis said. “But whoever did this couldn’t have picked a better time to cause a problem, because their timing almost guarantees a fumbled U.S. response.” (Emphasis added.) :-/ Cheers, Scott.
|
Post #437,786
12/16/20 3:44:20 PM
12/16/20 3:44:20 PM
|
tl;dr: The National Incompetence Q. is not confined merely to obv. political: it is Everywhere.
|
