back to article Backdoored SolarWinds software, linked to US govt hacks, in wide use throughout the British public sector

Concern is gathering over the effects of the backdoor inserted into SolarWinds' network monitoring software on Britain's public sector – as tight-lipped government departments refuse to say whether UK institutions were accessed by Russian spies. As reported in the small hours of this morning by The Register, it appears the …

  1. amanfromMars 1 Silver badge

    Hello Ms Goose, Meet Mr Gander

    The hack was carried out by a hacking crew thought to be APT29, aka Cozy Bear, a crew of miscreants linked to Russia's Foreign Intelligence Service, though no firm evidence has yet been put forward publicly.

    Here's pretty current news of wannabe UK miscreants ...... https://www.theguardian.com/technology/2020/nov/19/uk-unveils-national-cyber-force-of-hackers-to-target-foes-digitally ..... which by all accounts is something to be lauded and applauded.

    It's a funny old world and that's for sure. Not many folk laughing though.

    1. el kabong

      An eye for an eye, and soon the whole world will be blind

      But since, apparently, Britain has already committed to retaliation then they better do it properly.

      World beating retaliation is in order, anything short of that will not do.

      1. amanfromMars 1 Silver badge

        Re: An eye for an eye, and soon the whole world will be blind

        But since, apparently, Britain has already committed to retaliation then they better do it properly.

        World beating retaliation is in order, anything short of that will not do. ..... el kabong

        Retaliation specifically against whom and/or what, el kabong, for an errant choice made and actioned upon there, always has invariably the most unfortunate of self-destructive repercussions and worthy consequences ..... as you yourself also alluded to ....... they better do it properly. World beating retaliation is in order, anything short of that will not do.

        Blue on blue has an understandably furious habit of turning teams to see red and bay for blood.

        Quite whether there be many, or even any, who would believe Britain, or any state or non-state actor[s] for that matter, be so well endowed and equipped is worth more money than can ever be counted if one really wanted or absolutely needed to know. ..... with proof provided that didn't cause and create multiple myriad operating systems meltdowns akin to a nuclear core chain reaction and KTH to AI China Syndrome.

        It would though be extremely cheap even at twice that price to know for sure whether such be possible and readily available.

  2. Nursing A Semi

    Yup time to fire off

    An order for some more natural gas, if you don't mind, thank you very much.

    1. Anonymous Coward
      Anonymous Coward

      Re: Yup time to fire off

      excellent handle I must say :-)

      1. Nursing A Semi

        Re: Yup time to fire off

        Thanks, in hindsight I wish I had gone for something like, Nursin Assemy just to leave some room for doubt.

  3. Anonymous Coward
    Anonymous Coward

    No Cause for Concern in the UK

    On the Basis that the infected updates were for 2019/2020 releases of SolarWinds, i don't expect many UK Public Sector IT teams will be anything like that current. We'll be lucky if they have Win 10 yet.

    I mean, the BBC has PCs in the back of shot during the news running Win 7 - what are the chances their back end will be up to date?

    1. HAL-9000

      Re: No Cause for Concern in the UK

      I heard the NHS runs on XP ;)

      1. TRT Silver badge

        Re: No Cause for Concern in the UK

        They run it on milk and alcohol.

      2. Eclectic Man Silver badge

        Re: No Cause for Concern in the UK

        There is allegedly a Royal Navy PC running NT somewhere, or was a few years ago.

      3. Anonymous Coward
        Anonymous Coward

        Re: No Cause for Concern in the UK

        You heard wrong.

      4. DenonDJ DN-2500F

        Re: No Cause for Concern in the UK

        No XP in the NHS hospital I work in - nor for that matter Server 2003. I still have about a dozen 2008 machines that will be gone in a matter of weeks.

        Windows 7 would be gone by now but something cropped up this year - can someone remind me?

    2. Giles C Silver badge

      Re: No Cause for Concern in the UK

      I saw this week that they are planning on updating the backdrops, something about they have used the same ones for years. Doesn’t mean they have updated the computers though...

  4. HAL-9000
    WTF?

    Thanks Vlad

    Another poop storm brewing, the bit where we Brit's aren't even allowed to know WTF has been going on is truly reassuring. I suppose there's a slim chance that Alexander of Uxbridge and South Ruislip will find his mucky web habits posted on Wikileaks imminently, or probably more interesting to know... what the hell our government and security services are up to. Is there a runner up prize for predicting the usual suspects will maintain that software and hardware back doors are essential for maintaining national security, like giving all our secrets away to Russian state backed hackers

  5. Doctor Syntax Silver badge

    And have they learned anything from this about the advisability of back doors in software?

    1. This post has been deleted by its author

    2. This post has been deleted by a moderator

      1. Danny 2 Silver badge

        Re: Yes: that they're good

        SmartAlec,

        Some kids haven't been to school this year, so I'll link to that for them -

        The Ken Thompson Hack

        Similarly, all the criminals who trusted their EncroPhones...

        1. sabroni Silver badge
          Facepalm

          Re: I'll link to that for them

          yeah, thanks for that link:

          notice

          javascript required to view this site

          why

          measured improvement in server performance

          awesome incremental search

  6. aregross

    Digging for Dirt?

    Hmmmm, the U.S. Commerce Dept.? Maybe somebody looking for some(if any) Biden dirt?

    It's happened before! (cough2016 Elections cough cough)

  7. slimshady76
    FAIL

    I still can't understand how companies are using "security products" which run on Windows. The whole OS is a gigantic backdoor. How would you trust the watchmen when they are in fact easily compromised?

    1. herman Silver badge

      Hmm, even Microsoft uses Linux and BSD for their most important stuff.

    2. sabroni Silver badge
      Meh

      re: The whole OS is a gigantic backdoor.

      Or your knowledge is decades out of date......

      1. Volvic

        Re: re: The whole OS is a gigantic backdoor.

        Out of date technical knowledge? In El Reg's comments section? I'm SHOCKED

    3. Giles C Silver badge

      I wouldn’t describe Orion as a security product

      Solarwinds Orion is a monitoring platform, which if configured sensibly has read only access to network devices.

      Yes when monitoring windows servers it needs a domain account, but that account should be configured to allow read only access to the performance counters it needs.

      The only user accounts should be on the access to the console and they should be either local or backed off to ad using a trust.

      If you have given the system write access then well........

      And yes solarwinds does have a lot more products than Orion which could cause bigger problems, but the issue mentioned was Orion specific.

    4. Potemkine! Silver badge
  8. SecretSonOfHG

    Food for the paranoid

    Because, you know, the cloud is not secure enough, so I'll keep my on premises servers which are thightly managed by... oh wait, some compromised product. Assume it, the discussion is not how this can happen, but when. No matter how tight or obscure your infrastructure it is, even if it does not have any degree of exposure to the outside world, assume and be prepared for it to be compromised and prepare to react according to the scope and scale of the attack.

    You cannot stop an attack when the attacker is motivated enough.

  9. Anonymous Coward
    Anonymous Coward

    No need for the MoD to worry

    "A job advert for the MoD's Corsham tech bunker lists SolarWinds as one of the tools used by a third-line software support engineer; similarly, a network design engineer job with the MoD's Defence Equipment and Support agency posted in May also listed SolarWinds proficiency as a "nice-to-have" skill."

    According to the Solarwinds SEC filing (https://www.sec.gov/ix?doc=/Archives/edgar/data/1739942/000162828020017451/swi-20201214.htm) the versions of Orion affected a less then a year old with older or newer versions not affected, the MoD, and I would suggest all branches of the UK Civil Service using Solarwinds products, need not fear that their eight year old version will be an issue (in this regard).

    1. amanfromMars 1 Silver badge

      Re: No need for the MoD to worry

      :-) ..... William Brooke Joyce, nicknamed Lord Haw-Haw, who was an American-born British fascist politician and Nazi propaganda broadcaster to the United Kingdom during World War II, and eventually hanged for treason on 3 January 1946, couldn't have said that any better, AC ........ https://en.wikipedia.org/wiki/Lord_Haw-Haw

      And I'm calling MRDA on any dodgy, according to the Solarwinds SEC filing.

  10. The Griff

    I was worried for a moment...

    but it's OK to be hacked as long the attack was "highly sophisticated".

  11. StrangerHereMyself Bronze badge

    Deep infiltration

    The miscreants will by now have installed backdoors in other software or hardware as well so the entire network should now be considered insecure and under control of a third party. I don't believe you can get rid of an infection like this if properly executed. The only way to stop this is to rip out all the hard- and software and replace it.

    I simply can't believe we in the West are so stupid to let some critical software run an entire network. It's pretty obvious that this will instantly become a target for nation state hackers.

  12. Coastal cutie
    Mushroom

    "The normally talkative cybersecurity sector has been practically silent about the FireEye hack, which sources suggested to The Register was because smaller firms are scared of being seen to criticise one of the industry's largest players."

    Or could they just be too busy desperately scrabbling around in their own vaults to see if the nasties have been in there too?

  13. Anonymous Coward
    Anonymous Coward

    I'm surprised.......

    ......that no one here has mentioned EVEN MORE SOPHISTICATED SPYWARE.

    *

    I refer of course to FB, Google, Twitter......amongst many more less well known snoops!

    *

    Just saying!!

    1. Anonymous Coward
      Anonymous Coward

      Re: I'm surprised.......

      ....and none of these three are either Russian or Chinese!!

      *

      What am I missing?

  14. Anonymous Coward
    Anonymous Coward

    Same old bollocks

    I downvoted the 2 'smart' commentards above claiming that UK Government wouldn't be running up to date software because they were talking shit.

    I am going AC because I actually work for a UK Government Agency.

    We *did* have the compromised software on our Solar Winds installation, but not C:\WINDOWS\SysWOW64\netsetupsvc.dll.

    We only use it to monitor network kit.

    We have now purged the dodgy updates and confirmed that we have seen to traffic to the C2 domain since the expoit was pushed.

    1. Anonymous Coward
      Anonymous Coward

      Re: Same old bollocks

      So you are assuming your switches might now be persistently compromised? It's not like the firmware in any major brands isn't any less porous than a colander and Vlad's flying monkeys have had a few months unsupervised access to them.

    2. amanfromMars 1 Silver badge

      Re: Same old bollocks

      I am going AC because I actually work for a UK Government Agency. .... Anonymous Coward

      Are you one their defenders of the indefensible or a supplier and/or supporter of the unsustainable and purloined, AC, which is their usual old bollocks and a bog standard vapourware?

      Whenever one consider the present current state of UK Government Agencies play, it is surely hardly anything else other than a thoroughly dire and depressingly oppressive picture. Is that all going as well as expected and perfectly according to the greater global masterplan? Or have they no fcuking idea about what to do about everything disintegrating around them and right before their very own eyes and on their watch?

      Your feedback on those few questions would be much appreciated, AC.

  15. Potemkine! Silver badge

    "Treat all hosts monitored by the SolarWinds Orion monitoring software as compromised "

    That must make a pretty number of hosts. You've got Orion? All of your network may be compromised: servers, switches, SAN, and maybe even firewalls,

    I pity the sysadmins involved, they got a huge bag of shit to deal with.

    1. Giles C Silver badge

      Re: "Treat all hosts monitored by the SolarWinds Orion monitoring software as compromised "

      Well it depends on the permissions you gave Orion

      But some of the installations I have worked on

      250-2000 network devices

      Anything from 100 to 1000 servers.

      In fact my latest contract / job is the first in 10+ years where solarwinds isn’t the preferred monitoring platform.

      I would personally never give solarwinds write permission to anything, although I know plenty of companies who do.

  16. cantankerous swineherd Silver badge

    backdoors are good, the police and government told me so.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021