So will they get a years free identity theft monitoring as consolation?
SolarWinds: Hey, only as many as 18,000 customers installed backdoored software linked to US govt hacks
As the debris from the explosive SolarWinds hack continues to fly, it has been a busy 48 hours as everyone scrambles to find out if, like various US government bodies, they've been caught in the blast. So, where are we at? In terms of the news flow, it started in the middle of last week with FireEye. The specialist IT security …
COMMENTS
-
-
Tuesday 15th December 2020 09:15 GMT Anonymous Coward
Re: once again
Once again, Novichok, do we have any proof it was Russians what done it?
Once again, Mariia Butina, do we have any proof that she was a Russian spy even?
Once again, Andriy Derkach, Giulliani's handler, do we have any proof he's actually a Russian agent?
ORPHANS! The meeting was about ORPHANS!
Just because the troll farm is a Russian company based in St. Petersberg doesn't mean they're Russians, they might be fat men in their basement. Where's your proof?
Those emails could have been hacked by anyone, even a fat man in his basement!
Concorde Management? Sounds like a fat French man in his basement to me!
Did Russian actually pay the Taliban for each US soldier killed, do you actually have real proof or only so called facts and evidence?!
Alexey Navalny, looks like the Flu to me! Do you have any proof he was poisoned by a nerve agent in Russian? Maybe he had a head cold!
I for one am sick of all this anti-Russian propaganda!
Orphans!
-
Tuesday 15th December 2020 13:29 GMT PTW
Re: orphans
Oh, dear me, you're a bit ranty ac, are you the same ac that always posted those dreary, and oh so long, pro-Democrat posts on every thread here pre-election? Asking for a friend.
re: Russian bounty program the latest from NBC https://www.nbcnews.com/politics/national-security/u-s-commander-intel-still-hasn-t-established-russia-paid-n1240020 that sort of evidence?
*I have no donkey, or elephant, in the race, they just bored me to tears
-
Tuesday 15th December 2020 20:56 GMT Jellied Eel
Re: once again
Alexey Navalny, looks like the Flu to me! Do you have any proof he was poisoned by a nerve agent in Russian? Maybe he had a head cold!
Nope, according to the Sunday Times, Navalny fell ill after wearing contaminated underpants. He appears rather healthy now though. Oddly.
I do however think revealing some of this shenanigans may prove countreproductive. How terrifying it would be if Russia merged it's poisoning and hacking branches? How would the West defend itself against Fancy Pants?
Meanwhile, I have popcorn ready for the explanation as to how bears managed to shit in Solar Wind's code repository, compile, and be pushed into production undetected..
-
-
Wednesday 16th December 2020 16:58 GMT Michael Wojcik
Re: once again
Proof? No. What would such proof consist of?
An attack like this implies extensive resources, and it was against a broad range of targets, many of which are relatively difficult to monetize (suggesting direct financial profit wasn't the main motive). That pushes the probability toward a nation-state or nation-state-sponsored actor.
Again, the choice of targets suggests it wasn't a nominal ally country - not because allies don't spy on one another (of course they do), but because allies can get much of the probably-exfiltrated information through other channels, so they'd put their resources elsewhere.
So, probability favors nominal-foe states known to have groups with the resources (funds, technical capabilities, discipline) to pull off this attack. Iran's working up to this sort of thing but evidence suggests it's not there yet. That leaves China, Russia, and North Korea.
The DPRK has historically been more interested in more-targeted attacks aiming at hard currency and scientific / technical information.
Between China and Russia, the style and apparent goals of this attack are more typical of Russia in recent years.
There may also be technical evidence suggesting Russia; I haven't read the detailed technical reports yet.
This has nothing to do with McCarthyism (an accusation which is nonsensical in this case, since McCarthyism was ostensibly about International Communism and Communist organization in the US, not Russia, and actually about Joe McCarthy's need for attention) or an anti-Russia bias. The IT security community broadly recognizes a number of nation-state actors performing a wide range of IT-system penetrations around the world, including the US and its allies. Russia has no special status as a bugbear in that regard. They're just one of the players.
-
-
Tuesday 15th December 2020 09:03 GMT Pascal Monett
Thank God they're using red-blooded American software
It may be a fiasco, but it's a home-made fiasco, so it's all right.
It's not like they were using some foreign kit widely accused without proof of any kind of being beholden to another government. That would have been <shudder> terrible, right ? Using kit that just might exfiltrate data to an unfriendly country.
No, thank goodness, that didn't happen. It's just good ol' American incompetence that allowed a foreign government to . . oh, wait.
-
Tuesday 15th December 2020 10:20 GMT el kabong
Shit happens when you insist in overcomplicating things
Keep piling cruft on top of cruft, hoping your problems somehow get magically solved, and you get shit.
That's the sad state of the computer defense industry, pilling cruft on top of cruft and then... pile more cruft on top of it all.
-
Tuesday 15th December 2020 10:29 GMT el kabong
Breaking defenses is much easier than building them
Your defenses may be built by rockstar ninja technical geniuses but if you complicate it too much, piling cruft on top of cruft, you will be increasing the surface area for attack and at some point that surface area will be so large that any sufficiently committed average skill hacker (malicious or not) will find a way in.
-
Tuesday 15th December 2020 18:19 GMT Throatwarbler Mangrove
Re: Breaking defenses is much easier than building them
It's true. The only way to be truly secure is to turn your computers off so they can't be at risk of running bad code. Of course, you may then be subject to wetware hacking in the form of propaganda or other bad information. Best to seal yourself in a locked room or, better yet, kill yourself, for purposes of maximum security of course.
-
-
-
Tuesday 15th December 2020 10:05 GMT Unicornpiss
My first thought..
..when I heard about this yesterday was that Russia must've been pissed off because they were unable to meaningfully manipulate the Presidential election this time around. Russia has needlessly been a fair-weather friend at best to the USA since the cold war ended, and they seem to be nostalgic enough for it that they're pushing for another one with actions like these. Once Trump has finally been evicted they may get their wish.
-
Tuesday 15th December 2020 10:21 GMT Anonymous Coward
Re: My first thought..
Putin needs a cold war. His tenure of Russia domestically has been a disaster. He's made a number of his mates VERY rich & they essentially run the country AND a big chunk of the UK too now.
He needs his external enemies. Rather than making an effort to fix problems inside RUssia caused by the mass theft of Russian People's money by the oligarchs, he's just scaring them with external threats. Much the same propaganda used by Modi, Erdogan, Trump, Johnson, Salvini, Bolsanaro. He can carry on shoveling cash to his mates, keep his place as President and cause enough trouble in other countries to make democracy look weak. The whole idea of the Internet "being a force for good" has gone out the window with Russia, Iran, China, Western PR firms flooding it with so much crap that you don't know whats real and whats not.
The example of the same Troll Factory employee running anti fascist AND pro white supremacist groups on facebook and then eventually having them both turn up at the same time for counter demonstrations in the same place.
It's cruel to say but the sooner that Putin is gone and someone who ACTUALLY cares about the Russian people comes in
-
Tuesday 15th December 2020 10:49 GMT Anonymous Coward
Re: My first thought..
You come to bury Putin, not to praise him. Right a/c?
They'll sanction the ass off Russia, until his group ditches him. Pretending it's what he wants and therefore they should do nothing, is to give him what he wants: Inaction in the face of attack.
The reason he's unpopular is because of all the sanctions. The sanctions are *his* fault, the sanctions can't end as long as he is in power.
His troll farm people make antagonist groups for confirmation. They pretend to be *both* the enemy you fear, and the people saving you from that enemy. Both a fake leadership of antifascists and a fake proud boys organiser rally the troops against the antifa they create.
With the GOP and Fox News doing their "Fifth column" work undermining America. Knowingly propagating the lies to divide and weaken the USA in the face of an attacking enemy.
But your final sentence I agree with. Putin needs to go.
Cold war be damned, its a hot war, he's actively attacking troops, actively invading targets, there is no cold anything here. Time to recognize that and act accordingly.
-
Tuesday 15th December 2020 11:48 GMT Wellyboot
Re: My first thought..
It's a Cold war if there's deniability for any direct actions, such as the use of special forces. The current position is more or less as it was throughout the Soviet cold war era, just the latest in a long line of proxy wars since Korea where the great powers were not fighting each other, just assisting their allies in an internal Korean war.
It's only a Hot war if two nuclear capable regular armies are blazing away at each other as a matter of national policy, and as everyone knows, that would likely get too hot too fast to control so everyone tries hard to avoid it.
-
-
-
Tuesday 15th December 2020 21:03 GMT Jellied Eel
Re: My first thought..
..when I heard about this yesterday was that Russia must've been pissed off because they were unable to meaningfully manipulate the Presidential election this time around.
This is not how the game is played. So Trump won because of Russian election interference. Now Biden's won because of Russian election interference. Assuming any of the investigations into dodgy voting machines find anything, that was Oceana! I mean Russia!
-
-
-
Tuesday 15th December 2020 11:40 GMT Claverhouse
The Road to a Lasting Peace
Biden needs a hot war, like all Democrat regime-changists; America is sick of having no new wars: He will probably stay away from attacking Russia, even to please Ukraine. But he will intensify sanctions on Russia to please the McCarthyite hordes in his party and the MSM. Real war, as in Iraq, Syria, Yemen, Afghanistan etc. [ all of which he voted for ] ? Syria or Iran perhaps, North Korea... ? maybe a 20% chance. Most other unAmerican places ? Bigger and better Sanctions...
-
-
Wednesday 16th December 2020 17:08 GMT WolfFan
Re: The Road to a Lasting Peace
That is incorrect. The majority of wars involving the US over the last century or so were started under Democratic administrations. WWI: Wilson, a Democrat. WWII: Franklyn Roosevelt, a Democrat. Korea: Truman, a Democrat. Vietnam: Kennedy and LBJ, Democrats. The Republicans were responsible for the first of the Banana Wars in Central America and the Caribbean, during which the USMC invented dive bombing among other things. Chesty Puller, possibly the most famous Marine ever, bitterly said that he got his first (of five) Navy Cross “collecting taxes for the United Fruit Company”. (There’s a reason why Puller got five Navy Crosses but no Medal of Honor in a career covering 35 years and multiple major wars and places like Guadalcanal, Peleliu, and the Frozen Chosin: he had a big mouth.) The Republicans were also responsible for Gulf Wars I and II, so they have a lot of little wars, it’s the Democrats who have the big ones.
-
-
-
Tuesday 15th December 2020 14:37 GMT Long John Silver
Pesky Russians wot dun it?
The author of this piece has uncritically accepted the prevailing view in the USA that all America's woes are attributable to fiendishly clever Russians hiding in Mr Putin's closet. It would be more productive to look into home grown ineptitude, carelessness, graft, and political misdeeds before pointing fingers elsewhere.
-
Tuesday 15th December 2020 15:57 GMT Potemkine!
Assuming this was a state-sponsored attack, and almost everyone assumes it was given the sophistication and determination
That's something that is going to change in a near future. The resources used by these states may be well interested by a well paid job offered by Mafias, and sometimes they will even have the same boss in both jobs, seen the connection between security offices in Russia and mafias. So one can expect that these high-skilled resources will work for the private sector some day.
-
Tuesday 15th December 2020 17:22 GMT David Cotton
The question we should be asking is:
With seemingly admin access to the networks of so many other software (and other) companies. What other "digitally signed" malware will they have created in the last 9 months whilst they had access to do so?
Conceivably all kinds of software could have been tampered with, with the access obtained through solar winds Orion. No way of knowing without companies going line by line through all the software they've released in the last 6-9 months. Even the big boys, Microsoft, Google, Apple if they used the compromised version of Orion on their networks, any software they've release since March could also have been compromised.
-
Tuesday 15th December 2020 17:50 GMT Muscleguy
Sigh
The DNC wasn’t hacked to steal Hilary’s emails, we know this absolutely, it was an inside job. Hilary’s emails were put on a memory stick which was handed through a number of trusted intermediaries until they reached Wiklleaks. The former Ambassador Craig Murray has said he was one of the intermediaries.
This meme that the DNC was hacked to steal the emails has never been formally said. It seems a hack of the DNC did happen, don’t they always? but that has never been linked to the exfiltration of the emails. The two have been conflated, quite deliberately to pull the wool over people’s eyes so the Russians can be blamed.
THIS is why the DNC servers were never audited, they knew it was an inside job.
It is sad to see a Reg hack repeat this disprovable canard.
-
Tuesday 15th December 2020 18:43 GMT Anonymous Coward
Likely Misconfiguration of Orion
I'm going to guess that we will see that the hacked organizations misconfigured their instance of Orion. Like most monitoring packages, Orion is able to poll Windows boxen using WMI by default. While WMI can be delegated to use a least privilege account to do it's work, many a lax/lazy administator will just give it Domain Admin privileges and be done with it. Getting the popcorn out to see how FireEye explains that one.
-
Tuesday 15th December 2020 21:29 GMT Anonymous Coward
They would say that, wouldn't they?
> “Recently, we were attacked by a highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack”
The alternative is to admit that your multimillion dollar hacking prevention business was hacked by a sixteen year old from his bedroom, which wouldn't look terribly good marketing-wise.
-
Wednesday 16th December 2020 14:24 GMT Anonymous Coward
Are those "state-sponsored threat actors"
…so short of cash that they need to sell their exploits online?
And let's talk about that …123 password.
-
-
Wednesday 16th December 2020 13:30 GMT Jellied Eel
Re: source for this claim
What does Kieren believe 'disproportionate impact on global affairs' means? I'm not seeing it.
Well, obviously having Russian software installed on many Western company's systems is disproportionate given the size/investment in Russian software houses vs US. Ok, so this may have been unwittingly installed, but could still compare US/NATO cyber offence/defence budgets to Russian spending.
Alternatively, compare the size/budgets of US/NATO soft & kinetic foreign policy divisions. So Ukraine pivoted towards the EU & West, with a few nudges. Russia kept Crimea, and the "Russo-Ukrainian War" has been ongoing since 2014. That situation has been a tad embarrasing to the West & obviously lead to a rapid cooling of relations between superpowers. Not to mention the deaths of a lot of Ukrainian civilians, and those of other nations drawn into the conflict, ie MH17. And ongoing because despite support for Ukraine, the EU/NATO obviously doesn't want to get sucked into direct conflict.
Or there's Syria. Carefully orchestrated campaign to oust a member of Bush's 'Axis of Evil'. Which helped spawn ISIL, and a lot of attrocities. But that not so civil war has been ongoing since 2011's "Arab Spring". But Russia being invited into Syria allowed Assad to remain in power, and slowly regain control of it's territory. But much like Ukraine, also carried the risk of direct conflict given the presence of US bases & forces inside Syria's borders.. Uninvited.
Or there's Turkey, waiting in the wings for a long time for EU accession, important NATO member with ambitions to challenge the Saudis as a major regional power.. And currently seeming to pivot towards Russia, assisted by the response to Turkey daring to buy Russian S-400 air defence systems.
Or there's India, working with Russia on various defence projects. Or sanctions against Russia forcing it to develop it's own industry & forge alliances with China, and other strategic partners.
So we're living in interesting times, where a small (by population count) country is perhaps having a disproportionate impact on geopolitics.
-
-
Wednesday 16th December 2020 10:53 GMT Anonymous Coward
Signed Code??
I would have expected a security product to use signed code for updates.
If signed code was not being used then they are not a security company.
If signed code was being used then the certificates must have been compromised. That's a concern how are they securing their signing certificates?
-
Thursday 17th December 2020 08:36 GMT drankinatty
Re: Signed Code??
You would have thunk it, right? Even most Linux distributions (open-source) provide signed update packages (even from the user-contributed repositories). Orion, and SolarWinds, the supposedly standard in for profit monitoring -- you just can't make this stuff up. And, my God, 5+ months of unfettered administrative access to just about every high-level government agency on both sides of the pond? Bugger!
You would think with all the money spent on intrusion detection that someone somewhere would have figured it out before the 18,000th download. And now we have commercials wanting you to sell your gold to buy e-currency? What could possibly go wrong? Count me in on that one...
And on this side of the pond in the states -- barely a peep of concern from the leadership and not a single mention of accountability for the perpetrators or the security company that flung 18,000 copies of the malicious backdoor around the globe.
Jan 20 can't come soon enough. At least then perhaps a sane and confidential discussion among allies can be had.
-
-
-
Wednesday 16th December 2020 17:44 GMT Anonymous Coward
Re: State player of choice
Of course, most of attribution is to do with calling out your global opponents.
However the whole SolarWinds thing actually seems to stem from it being used against FireEye.... this is the cause of the FireEye breach.
I know a lot of people don't like FireEye much, but I'd probably not put any US gumvmint people on that list.
So I'm going with it was the Chinese or the Russians trying to smack down FireEye, which they have really....its certainly decreased their reputation, which decreases the amount of engagements they will get, which decreases the chances of the bad guys being named elsewhere.
Was an interesting play.
-