back to article US Treasury, Dept of Commerce hacks linked to SolarWinds IT monitoring software supply-chain attack

SolarWinds' Orion IT monitoring platform has been compromised, and speculation is swirling it was used as a base camp by state-backed hackers to infiltrate major US government organizations. Kevin Thompson, SolarWinds president and CEO, said his company is "aware of a potential vulnerability" that may have been in "updates …

  1. mmccul

    Could be scarier than one might expect

    Where I've seen Solarwinds implemented, the tool was often given administrative credentials to not just the networking gear to pull credentials (and restore them if they change without authorization), but also to perform discovery on Linux systems. Despite having well documented "these are the only sudo permissions needed on Linux", I see many shops just gave it full root.

    Often, I was asking admins to choke down the access and there was surprise that the tool worked with less than full root.

    So, yes, this is a very scary thing to me.

    1. Version 1.0 Silver badge
      Meh

      Re: Could be scarier than one might expect

      Yawn, yes scary but this is normal these days, I've got to head into work early today and clean up the mail server quarantine queue by deleting everything.

      1. Version 1.0 Silver badge

        Re: Could be scarier than one might expect

        And if I hadn't deleted everything then everyone would be opening the "New Purchase Order.pdf.xlsm" attachments - all thee hacks are started when people open emails.

    2. stiine Silver badge

      Re: Could be scarier than one might expect

      When I ran it, I only gave it a read-only user. But it still had networks access to every host, vlan, and network in the company because not every device has an OOB interface.

    3. yoganmahew

      Re: Could be scarier than one might expect

      Like @sitine, I'm concerned at the blast radius. Solarwinds is inside the VPN, inside the the secure zone. The secure zone where all the deprecated machine instances run, where patching is months behind (because why would you need to patch when you're in the secure zone?).

      Jake Williams, Security Analyst, might want to consider the thrill of enterprise security logic before he goes happy clappy.

    4. Muppet Boss

      Re: Could be scarier than one might expect

      >So, yes, this is a very scary thing to me.

      Stop worrying and love the hack! Is this not a fine example of a state-endorsed backdoor that is only to be used by the Good Guys? As an added bonus, your data is now securely backed up for free!*

      *Irony intended. Not to be taken seriously. Does not constitute an offer for a free backup service. T&Cs apply.

  2. amanfromMars 1 Silver badge

    Don't Panic Too Much, They're Surely Insured. Successfully Sue Bill, or George or Mike or Whoever?

    If you’re a SolarWinds customer, assume compromise and immediately activate your incident response team.

    However, if you’re a SolarWinds customer, and they are your active security and incident response team and they have failed to protect servering of your crown jewels, with their value now decimated/reduced to single figure cents on the dollars, what else can you do other than panic a lot and hope they have a case to answer and you can still afford to sue them for whatever can be conjured up and thrown at them?

    After all, is that not the American Way and the normal route to get to the root of such that matters?

    1. DenonDJ DN-2500F

      Re: Don't Panic Too Much,They're Surely Insured.Successfully Sue Bill or George or Mike or Whoever

      Surprised the share price of Solar Winds Corp. is still on the way up. Highest it's been in 5 years.

      https://www.bing.com/search?q=solar+winds+share+price&cvid=76cd4450948941f99b3b819c0f95fce0&pglt=163&FORM=ANNTA1&PC=U531

      1. Zippy´s Sausage Factory
        Devil

        Re: Don't Panic Too Much,They're Surely Insured.Successfully Sue Bill or George or Mike or Whoever

        Everybody knows the stock markets are completely divorced from reality these days. Bad or good news doesn't matter to the algorithms running everybody's pensions. Meanwhile, the smart money has made a killing selling their SolarWinds shares to the bots before somebody wises up and tells them to stop buying.

        Could we have a popcorn icon, please? I'm opening mine, sitting back, and waiting for fireworks...

    2. DenonDJ DN-2500F

      Re:Don't Panic Too Much,They're Surely Insured.Successfully Sue Bill or George or Mike or Who?

      Surprised the share price of Solar Winds Corp. is still on the way up. Highest it's been in 5 years.

      https://www.bing.com/search?q=solar+winds+share+price&cvid=76cd4450948941f99b3b819c0f95fce0&pglt=163&FORM=ANNTA1&PC=U531

      1. It's just me

        Re: Re:Don't Panic Too Much,They're Surely Insured.Successfully Sue Bill or George or Mike or Who?

        Expand that graph from 1 day to 1 week - they lost 17% over this weekend.

    3. Shez

      Sue Bill, or George or Mike or Whoever?

      Trying to work out if that was a deliberate reference to the Johnny Cash track A Boy named Sue

  3. Anonymous Coward
    Anonymous Coward

    https://documentation.solarwinds.com/en/Success_Center/orionplatform/Content/Core-SolarWinds-Orion-Agents-sw467.htm

    No surprise they're boxes are used on Voting Machines Networks. Georgia uses ballot marking and ballot scanning machines, you can count the paper ballot to ensure the machines haven't been compromised in Georgia.

    Texas, and other GOP states have been rolling out paperless voting machines to Democrat polling districts, notably Harris County. The same Harris county Republicans attacked in multiple legal challenges, and in closing ballot drop stations and reduced polling places to create long lines.

    Paperless voting machines cannot be verified. You cannot ensure the voting record the machine has is the actual record of the vote.

    Republican Secretaries of State know this, yet they rolled them out anyway. Republicans rolled out riggable voting machines intentionally.

    You cannot ensure those machines voted Republican to the huge extent they did. It was a ridiculous skewing of the vote that almost saved them. By now, any sense of Republicans = Democracy you have has been dispelled. Given all the voter suppression, Republican attempts at insurrection, Arizon Republicans calling for violent ovethrow of government, Republican slow motion coups. All the things they've tried publicly, you should be in no doubt Republicans are rigging those riggable voting machines in private.

    Texas AG in particular, is indicted on a securities fraud case, but has never been prosecuted, as long as he stays in power, he will not prosecute himself. Do you think he would prosecute voting machine fraud in Texas if it keeps him in power?

    Trump got 74 million votes, vastly up from 62 million of 2016. Yet his popularity slumped from 2016.

    Do people hate Biden so much more than Clinton? No. Is it because "hidden Trump supporters pop out of nowwhere and vote on those machines?" no. Is it because "latinos are difficult to poll?" No, if Facebook can reach them then so can pollsters.

    Its because the machine are set to turn a percentage of votes Republican, and turnout was up as people try to eject Trump, so the machines gave Trump a large chunk of those votes.

    And you cannot verify those votes because Republicans rolled out unverifiable machine voting. But in Georgia the court required they roll out paper ballot machines, so the paper can be checked. Georgia swung to democrat despite massive voter suppression.

    You need to protect US elections from Russia and agents of Russia within the Republican party. You need to force paper audit trails on all voting machines for every future election, to ensure you can verify the vote independent of the machine.

    Have "Trust=confidence" in elections, not "Trust=Blind-Faith" in elections. You verify the result, you don't trust the Republican tally of their votes, you verify it.

    The party of sedition and coups and militias will rig any machine to stay in power, and will seek the help of any foreign power while doing it.

    You think Lindsey Graham would ring Republican States to block votes being counted, but wouldn't ring Putin? Of course he would. He's shown his true nature.

    1. IGotOut Silver badge

      Oh just fuck off and accept he lost.

      1. Jimmy2Cows Silver badge

        Wrong "he". The OP is clearly saying Trump lost and the Republican votes cast in states using paperless voting machines may be higher than they would be had fully auditable voting systems been used.

        Saying it again. And again, and again, and...

        In other words, OP's assertion is the Republicans rigged the vote but failed to rig it enough.

        1. Anonymous Coward
          Anonymous Coward

          I think readers just confuse themselves with terms like GOP and Harris in this post. Let's hope they don't have a vote.

      2. DavCrav

        "Oh just fuck off and accept he lost."

        Do you not think it weird that Trump is incredibly unpopular but still managed to rack up huge amounts of votes? Republicans have been found to be using all methods they could think of to rig the vote, like breaking the USPS, off-rolling voters by the truck-load, voter intimidation, closing polling places. I wouldn't put it past them to engage in ballot stuffing.

        1. Anonymous Coward
          Anonymous Coward

          A lot of republicans apparently voted for the party, but not necessarily for DT. We had the same here in the UK with BJ.

        2. Version 1.0 Silver badge

          There have been vote rigging allegations in US election for about 20 years now ... but so far there has been very little real evidence that it's happening or that it's one party and not the other. I find it interesting that the Republicans are the ones making most of the allegations these days ... clearly they know more about methods of rigging a vote than anyone else.

          Vote rigging in the US is legal if you do it by simple stopping your opponents from voting.

          1. 9Rune5

            so far there has been very little real evidence that it's happening

            Oki, a random search result, on google no less:

            "Former Philadelphia Judge of Elections Convicted of Conspiring to Violate Civil Rights and Bribery"

            https://www.justice.gov/opa/pr/former-philadelphia-judge-elections-convicted-conspiring-violate-civil-rights-and-bribery

            Are you really of the belief that there was no cheating whatsoever? I can understand the belief that there was no significant amount of cheating (that would effectively skew the result), but to assert absolutely no cheating whatsoever is a pretty bold claim IMO.

            On one hand you have countless democrats who decry Trump as being "The Orange Hitler".

            If you (or anyone) was in a position where it would be possible to skew the results, and you thought that one candidate was literally Hitler... Would it not be tempting to do a little skewing? Would you not, in fact, be morally obliged to do so? What would it say about you as a person if you did not do your part to keep Hitler out of office?

            Same if you were a reporter. Is it not your moral duty to help the other candidate win and downplay allegations of fraud? (never mind that said reporters should have done their job prior to the nomination and helped support a candidate who hasn't reached retirement age)

          2. Anonymous Coward
            Anonymous Coward

            "There have been vote rigging allegations DUE TO THE USE OF ELECTRONIC VOTING MACHINES in US election for about 20 years now"

            FTFY - vote rigging is almost a tradition in some parts of the US.

            There has been evidence of voting machine "issues" such as polling booths recording zero votes or more votes than were registered to vote but these have generally been discarded and at a level where they are unlikely to have affected the result (i.e. 1000's of votes when the votes were won by hundreds of thousands or more). Note that I'm not suggesting that there shouldn't be more in-depth investigations or a method to provide a physical audit trail to allow more scrutiny.

            The investigations into voting fraud have centred around people being eligible to vote (i.e. dead voters or foreign nationals) or people voting multiple times. The studies suggest that while these cases happen, the aggregate number of cases across the US is likely to be in the 10's or 100's for votes that are counted. There is less certainty about the number of cases where votes are discarded but I suspect that both parties have skeletons they wish to hide here (gerrymandering/how money is distributed to ensure voters can vote/reliability and accuracy of voting records/policies that disenfranchise voters/electronic voting machine reliability/postal votes being lost or discarded etc).

            TL;DR: the studies suggest voter fraud has an insignificant effect (<1000 counted votes) on electoral college votes and therefore the outcome of US elections. However, there are many very serious issues that need to be addressed to provide a fair system for all US voters.

            Reference studies:

            Multiple votes: https://scholar.harvard.edu/files/morse/files/1p1v.pdf

            Dead voters: https://siepr.stanford.edu/news/dead-people-don-t-vote-study-points-extremely-rare-fraud

            Overall US voter fraud: https://www.brennancenter.org/sites/default/files/2019-08/Report_Truth-About-Voter-Fraud.pdf

          3. John Smith 19 Gold badge
            Unhappy

            "Vote rigging in the US is legal if you do it by simple stopping your opponents from voting."

            Preferred tactic of Republicans since at least Jeb Bush in Florida IIRC.

            They were the party of Lincoln.

            A looooong time ago.

          4. elip

            It's pretty common to find illegal activity/fraud around voting, it just usually takes a few months after it matters for the FBI or whoever to press charges. Here's a recent one from my state:

            https://www.nytimes.com/2019/07/30/us/mccrae-dowless-indictment.html

            Here's a recent case from my old state:

            https://www.salon.com/2016/02/14/election_fraud_chicago_style_illinois_decades_old_notoriety_for_election_corruption_is_legendary/

            1. webhead

              fwiw, locally, we had voter fraud related to a candidate mayor, a social worker harvesting ballots, and (personally) a (dead) family in law voted. But, in all those, the count was not sufficient to sway anything.

        3. Adelio

          I would have expected some sort of federal law that stipulates a min number of polling points per 1,000 of population. Anything else is liable to manipulation.

          1. DavCrav

            "I would have expected some sort of federal law that stipulates a min number of polling points per 1,000 of population. Anything else is liable to manipulation."

            And yet here we are. Most of the issues were with advanced polling places and mail-in ballot locations. Deliberate roadblocks set up to stop people voting during a pandemic.

        4. Anonymous Coward
          Anonymous Coward

          Its why i believe trump when he says its the most corrupt election ever [he should know, yet more trump projection] unfortunately for the impeached former 1 term president, his efforts to corrupt didn't corrupt enough in the right way lol.

          What im looking forward to will be the reality distortion cognitive dissonance caused in his base by him pulling a weinstein zimmer shuffle to court during one of the dozens inevitable days in court come January and then claiming he's fighting fit for 2024.

          Half tempted to place a bet on if he will be found hanging, or dead of an aneurism on the bog....

    2. Anonymous Coward
    3. Anonymous Coward
      Anonymous Coward

      @A/C

      Just fuck off with politics.

      Cheers… Ishy

  4. Anonymous Coward
    Anonymous Coward

    And how stoked am I . . .

    . . . to be working late on a Sunday night/Monday morning performing a forensic analysis on our Solarwinds servers? If I ever meet the arseholes who subverted Solarwinds, they can have a hearty cock-punching.

    1. Anonymous Coward
      Anonymous Coward

      Re: And how stoked am I . . .

      Why's that? They were only doing their jobs just like you. Conceivably they might be pulling a few all nighters themselves to have pulled this lot off in the first place and now keep their selves/paymasters unattributable. I imagine they're nervier than a novel private space launch.

      1. Anonymous Coward
        Anonymous Coward

        Re: And how stoked am I . . .

        You can't imagine how little I fucking care. I hope they wind up in the gulag being beaten by guards 24/7 and living on half a rice bowl a day.

        1. Strahd Ivarius Silver badge
          Devil

          Re: And how stoked am I . . .

          Since they succeeded they won't face this fate...

    2. elip

      Re: And how stoked am I . . .

      Your anger is misplaced. You should be cancelling your SolarWinds contracts, or at the least start questioning your infrastructure choices.

      1. Throatwarbler Mangrove Silver badge
        FAIL

        Re: And how stoked am I . . .

        I disagree. Someone made an affirmative choice to break into Solarwinds and compromise their tool chain. They have a responsibility to secure their assets, but that doesn't change the fact that a criminal entity broke in. Let's not lose focus on the fact that the people who planted the malware are, in fact, criminals. They're the ones who deserve the blame.

  5. Potemkine! Silver badge

    Two comments:

    - How did this update arrive on the targeted computers? Phishing? Corruption of SolarWinds servers?

    - "Security analyst Jake [...]urges readers not to assume the attack automatically translates to an ability to control systems.". Perhaps, but "the .dll [...] retrieves and executes commands, called 'Jobs', that include the ability to transfer files, execute files, profile the system, reboot the machine, and disable system services." Sounds quite serious to me!

    1. big_D

      The first comment, they infiltrated the SolarWinds network and they managed to get the trojan compiled with the SW code signing certificate.

      Yes, the comment from Jake doesn't match with FireEye's description of the system. I can only assume he made his comment based on the information released by SW, which was fairly down played, then the FireEye analysis was released at a later time.

      1. Jaybus

        Yes, but the infiltration may well have been old school, by getting a job there as a developer.

        1. big_D

          Infiltration is infiltration, regardless of how it happened.

          The real question is, how do you deal with it, once you've found out about it...

      2. hoola Silver badge

        My assumption is that like so many things now the installations silently update as soon as an update is available. So many things do this now it is only going to be a matter of time before something wipes out a major application or system that actually matters.

        If there are options for auto-update they should be off by default though that may not help if someone is still logging in, seeing there is an update and then applying it. Even it due process with change control is followed the sooner you do this after release the greater the likelihood of it happening.

        Anyone could get zapped like this, just imagine the chaos if something got into the update packages for Windows, iOS, Android or a major Linux stream. It does not matter who the company is, it could happen. You just hope that the systems are left with sufficient functionality to be able to download any official updates that fix the malicious one.

  6. Anonymous Coward
    Anonymous Coward

    Happy Monday everyone

    What a lovely piece of news to come into.

    Now I get to spend the rest of the day fighting with IT when they say they don't want to do any upgrades coz it's the Xmas halt, everyone is on leave after the COVID summer and you know "Russian's hacking us", well that just in Hollywood isn't it?

    Add to that 365 is having the day off and all is well with the world clearly.

    1. Canary64

      Re: Happy Monday everyone

      Yes - MS had outages, then Google (all - like I could not switch my light on to photo it), AWS, Cloudflare (hmmm). Verizon? .. ->

    2. 9Rune5
      Coat

      Re: Happy Monday everyone

      you know "Russian's hacking us", well that just in Hollywood isn't it?

      Well, yes; in the real world it is the Chinese who are hacking us.

      1. Strahd Ivarius Silver badge
        Joke

        Re: Happy Monday everyone

        It is simpler to assume that they are Mongolian (Chinese looking - check ; use Cyrillic alphabet - check ; tradition of world domination - check)

  7. This post has been deleted by its author

    1. big_D

      Re: DotNet bug

      No, the problem is that SolarWinds was compromised and the bad guys could use SW's build process to build and legitimately sign their malware as an integral part of SW's Orion software.

      1. Anonymous Coward
        Anonymous Coward

        Re: DotNet bug

        What if the UGS was a test run and they really were after google? All of google services are offline, except for their status page....

        1. Anonymous Coward
          Anonymous Coward

          Re: DotNet bug

          really...UGS....USG(overnment)

    2. Filippo Silver badge

      Re: DotNet bug

      There's no bug. The relevant piece of software is working exactly as intended. The problem is, intended by the wrong guys.

  8. IGotOut Silver badge

    Not scary?

    Wonder how many have SNMP write access?

  9. Kane
    Alien

    Time for a classic...

    ...For Great Justice!

  10. trist

    Looks like one big solarshitstorm

    I can already see the brown stuff heading for the fan.

  11. Pascal Monett Silver badge
    Coat

    "all of these organisations boast of having strong defences against such attacks"

    Of course they do. And it's true - until they get hacked.

    But that won't keep them from crowing about their "strong defenses" in the future because, you see, we will forget that they got hacked and, if we remember, they will trot out the good ol' "lessons learned" trope.

    So it's all good, people. No reason to panic.

  12. DaemonProcess

    It is the Achilles heal

    All too often these tools are given too much freedom, partly because the CISO people want to see everything, but in doing so they create openings for an attack Network tools and IDS tools are both hugely tempting targets for attack. I can believe that some orgs are fighting people right now who don't want to turn it off.

  13. Anonymous Coward
    Anonymous Coward

    Your Solarwinds has full access to your estate

    It will sit on a network that has access to your AD, your servers, your firewalls, your appliances. Not only can this compromised server now be instructed to execute whatever the hell it likes to gather information from its own privileged location on the network, it will also likely have full dominion over those devices its monitoring tool.

    If you were going to hack one server to compromise your entire estate, Solarwinds would be it, and it has been fully hacked and compromised remotely.

    This. Is. BAD.

    1. Anonymous Coward
      Anonymous Coward

      Re: Your Solarwinds has full access to your estate

      It really shouldn’t have more than read access to anything else.

      It doesn’t need it.

      OTOH knowing everything about the location, versions etc of every other device is a gift for any intruder.

      1. Anonymous Coward
        Anonymous Coward

        Re: Your Solarwinds has full access to your estate

        This compromise also allows the install of a samdump tool and packet sniffer to watch all that lovely authentication traffic on the wire...

        1. Anonymous Coward
          Anonymous Coward

          Re: Your Solarwinds has full access to your estate

          Don't think just replacing the compromised dll will fix it either. This allowed install of malicious code remotely. Assume your entire Solarwinds server is compromised - and depending how much you reuse local admin passwords, the rest of your servers too....

      2. Strahd Ivarius Silver badge

        Re: Your Solarwinds has full access to your estate

        Read access to some parts of an infrastructure is usually enough to compromise everything...

        1. Anonymous Coward
          Anonymous Coward

          Re: Your Solarwinds has full access to your estate

          "Read access to some parts of an infrastructure is usually enough to compromise everything..."

          I did say... "OTOH knowing everything about the location, versions etc of every other device is a gift for any intruder."

  14. Anonymous Coward
    Anonymous Coward

    The usual fucking excuse.

    "We believe that this vulnerability is the result of a highly sophisticated, targeted and manual supply chain attack by a nation state. We are acting in close coordination with FireEye, the Federal Bureau of Investigation, the intelligence community, and other law enforcement to investigate these matters. As such, we are limited as to what we can share at this time."

    In other words, they are clueless. Maybe they should find a heavyweight P.R. company?

    Cheers… Ishy

    1. StrangerHereMyself Silver badge

      Re: The usual fucking excuse.

      I hope they shut down soon. Just like that other security company that was hacked recently.

  15. man_iii
    Facepalm

    Why Windblows agents?

    Why whyhy in 2020 after wannacry ransomware and peyta and nonpeyta and other crap do wee expect windows to be secure? Install a headless linux and have them on seppparate management and service VLANs.

  16. Anonymous Coward
    Anonymous Coward

    No release control?

    Sounds like a lot of basic controls were missing to ensure the integrity of everything released and the continued integrity of the update server.

  17. Canary64

    Today I have experienced (eg downdetector) google (all) being down. My google login temporarily lost (speakers down). Login issues to put it mildly. Then note AWS. CloudFlare. Ooops - Microsoft similar issues bit earlier. Coincidence :) ? ?

  18. TaabuTheCat

    Limiting the damage

    Right now, a whole bunch of people who should know better need to be asking why their Solarwinds server ever had internet access. Including, and maybe especially, FireEye.

    It's one thing for your server to get compromised by a signed piece of malware - and yes Solarwinds, you have some 'splaining to do, but if you've allowed your Solarwinds server to access the internet then you made the C&C connection that causes all the damage possible.

    1. Paul Hovnanian Silver badge

      Re: Limiting the damage

      "why their Solarwinds server ever had internet access"

      It needs to check that your license is paid up.

      1. TaabuTheCat

        Re: Limiting the damage

        Not sure if you are being sarcastic, but no, the SolarWinds server does not need any form of internet access to remain functional. Source? We run one our instances in a dark network.

        1. Bitsminer Silver badge

          Re: Limiting the damage

          ...and run USB sticks back and forth, no doubt.

          Actually I sympathize. The risk of updates is approximately the same order of magnitude as the risk of not updating, especially in an isolated environment. Pick your poison.

    2. jtaylor

      Re: Limiting the damage

      why their Solarwinds server ever had internet access.

      They might use Orion to monitor things on the Internet: site availability, DNS resolution, CDN, cloud services, etc.

      They might send alerts across the Internet, like to a mobile number. "Company email is down." "Oh bugger, my server is on fire."

  19. Softsuit
    Pint

    Three Things to consider about this Solar Winds Hack

    BUF: The software package was too big to fail. To many security fences provided by one vendor. Break it up or source the software differently.

    Bullet 1) The note on Solar Winds stock drop. Keeping the stock competive has probably been cause for Lean Sig Sigma being applied to the Coders and Compliance Branches processes.

    Bullet 2) Coders not filing their Test Compliance Reports (TPS) and generally showing poor coding practices. Think Boeing and their Space Capsule. Dynamic Link Libraries (DLL) are god’s gift to the coder. You just add a Library and call it fixed. It is'nt really a Box set program review. Dynamic Link Libraries are just a repository for actions in the as built program. I bet you a dollar to a doughnut the library has been creeping in size instead of a whole code rebuild.

    Bullet 3) Compliance is in charge of the code base validation and integrity processes. One part of Validation is certificates for the code. Probably just a fancy word for an MD5 hash of the DLL that was recompiled and added into the check of the entire module’s MD5 Hash. The integrity is real gritty stuff when you are using a modification / monitoring tool like Solar winds. What are the compliance metrics being checked. I’d be interested to see the work breakdown statement on the compliance portion. IMO I’d check my Remedy for the audits after checking its integrity.

    Jeesh

  20. John Smith 19 Gold badge
    Coat

    So basically a "Watering hole" attack on the supplier then?

    Not a very good reflection on your ability to manage your own network, is it?

  21. NonSSL-Login

    Novel Techniques

    FireEye said they was hacked with “novel techniques”. A supply train hack isn't that novel of an idea these days but the update and communicating over the trusted apps protocol is. Its been bugging me since they announced it what it could be and this sounds like it fits.

    All this attack on Hauwei saying the chinese will use their hardware to infiltrate everyone and now we have news that its the Russians using American owned software that could potentially pwn Americas top ten comms companies. Oh and all five branches of the US military, the NSA, the Pentagon, The Office of the President of the US etc.

    Some kind of irony there.

    1. Anonymous Coward
      Anonymous Coward

      Re: Novel Techniques

      They have say that the techniques were novel to save face. Can’t the the world’s greatest security company and be compromised by a script kiddy.

  22. DS999 Silver badge

    Good news for the update laggards

    With only 6% of customers having updated to the hacked version. Though the risk is some PHBs might use this as an excuse for not updating at all and just claiming they are being "cautious".

    1. Bitsminer Silver badge

      Re: Good news for the update laggards

      Is it due to deferred updates, or selection of (choice) victims by the attackers? Did all 18,000 lose data?

      Consider that the attack has been going on for months, did 94% of their customers defer updates all that time? I think I saw somewhere that the malware was distributed/available back in June.

      We'll probably have to wait for an after-action report for all the technical detail.

  23. Anonymous Coward
    Anonymous Coward

    Oops!

    Most of what come out from FireEye appears to be arse covering for a lack of controls and defence in depth. Will have reconsider using them.

  24. Kev99 Silver badge

    Yup, let's put our confidential, proprietary and sensitive data out on the bunch of holes held togethes with string. It's perfectly safe. Besides, it's free.

  25. KimJongDeux

    Bad news: only one in every seventeen of our customers ran the update.

    Good news: only one in every seventeen of our customers ran the update.

  26. StrangerHereMyself Silver badge

    We're doomed

    This entire internet thing is starting to become a liability as far as I'm concerned. If even security and critical system management companies are being infiltrated what hope do we have of being able to win a military conflict or keeping our state secrets secret?

    Our entire society is based on a house of cards, and it's about to come crashing down on us.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like