back to article SolarWinds: Hey, only as many as 18,000 customers installed backdoored software linked to US govt hacks

As the debris from the explosive SolarWinds hack continues to fly, it has been a busy 48 hours as everyone scrambles to find out if, like various US government bodies, they've been caught in the blast. So, where are we at? In terms of the news flow, it started in the middle of last week with FireEye. The specialist IT security …

  1. IceC0ld

    There's a 'theory' going round that it wasn't much of a hack to the US Govt Dept's if tRump sold his passwords to Putin ..................

    I would suggest that every major player is busy doing this hack thing at the moment, it is just that we / the 'good' guys don't share THAT piece of information out to the word, and that everything we catch, is stored for useage when useful

    I doubt if the Russians / Chinese / Norks/ add state player of choice here, would advertise their abilities either, it is just that our side has caught them, and is either trying to avert blame away themselves for allowing it to occur, or trying to place blame by saying "look what we are up against, we need more funding"

    the world got to be very strange the moment IT took centre stage, I mean, before I take the bike out for a spin, I have to charge my hat up, and if that isn't weird enough, maybe I haven't been here long enough yet :o)

    1. msknight

      The one thing I'm not hearing about, are the Rusks/Norks/Chinese/insert, "enemy actor" here getting their government information stolen by the EU/US/UK.

      Are we not doing it? Are the "enemy actors" too embarrassed to admit when they've found us hacking them? Or are we just not getting caught?

      1. IGotOut Silver badge

        https://www.silicon.co.uk/workspace/china-accuses-us-of-hacking-109171/amp

      2. Naselus

        "Are we not doing it? Are the "enemy actors" too embarrassed to admit when they've found us hacking them? Or are we just not getting caught?"

        We are doing it, we are getting caught, and we're not bothering to report it because obviously when we do it it's Our Brave Boys Foiling Putin's Dastardly Schemes and when they do it it's Evil Johnny Foreigner Bent on World Domination.

        1. Chinashaw

          Much like it is in Russia, China etc. All sides will present themselves in the best possible light. However and let's be clear here, the Chinese side has concentration camps, death camps and forced labour camps with well over a million people locked away in them. Russia has slightly fewer but a tendency to murder dissidents. While everyone does spy on each other, it is safe to say that the Russian/Chinese side is certainly not even close to being on the side of the angels.

          This is an article about an incredibly successful and dangerous hack that will have global ramifications.

          1. Anonymous Coward
            Anonymous Coward

            True. The US only has Guantánamo.

            (Plus an undisclosed number of locations around the world, plus cooperative "partners" in various "less developed" jurisdictions)

            1. Michael Wojcik Silver badge

              The US only has Guantánamo.

              Um... ICE and CBP would like to remind you that they're running a whole bunch of concentration camps, thankyouverymuch. Separating children from their parents at scale isn't easy, you know.

              1. MachDiamond Silver badge

                "Separating children from their parents at scale isn't easy, you know."

                If you commit a crime and have kids, don't expect they'll be put in the same cell you are.

    2. The Man Who Fell To Earth Silver badge
      FAIL

      Trump still uses his personal cell phone

      As of December 2019, Trump was still using his personal cell phone to make sensitive official business calls. So you can pretty much count on the Russians, Chinese, Norks, Iranians, & "world + dog" to have access to anything that passes through that phone in any form.

      https://www.cnn.com/2019/12/06/politics/donald-trump-secure-phone-calls-impeachment/index.html

    3. Throatwarbler Mangrove Silver badge
      Facepalm

      I, for one, cannot fucking wait until Bunglito Wussolini is out of office and we can never hear his goddamn name again nor hear the batshit conspiracy theories from all angles of the political environment.

  2. Anonymous Coward
    Anonymous Coward

    36 days left

    You wonder what Putin/Trump can cook up for the remaining 36 days.

    Maybe nukes in Syria threatening the middle east. That would make sense of Trump's recent cancelling of the 'Open Skies' treaty, and the earlier 'Intermediate-Range Nuclear Forces' treaty. Putin has recently affirmed he'll use nukes if they're attacked by conventional forces, obviously rhetoric, but intended to secure any region he captures with threat of nuclear war. Trump tried to withdraw from Iraq and Afganistan urgently before Jan 15th, leaving only hostage levels of troops. That would then have allowed Putin to invade Iraq and secure the region with nukes, and secure US hostages.

    Maybe Trump's "declassify everything": Portray it as an attack on Biden, while actually laying down smoke for a widespread handing over of secrets to Putin. I note he's put a QAnon joker in the Pentagon intelligence unit and a man connected to the Nunes/Russian backchannel in NSA, both shortly after losing the election.

    If you're one of the two QAnon nutters, put in place by Trump, in a job you know you shouldn't be in. Realize that 8kun.net (8Chan) the website largely feeding you your qanon nutjobbery, was hosted by vdsina in Russia, and many other Russian hosts during its life.

    Go ahead, order some hosting from them, you'll need Google translate unless your Russian:

    https://webiplookup.com/62.113.119.159/

    https://vdsina.ru/

    36 days left, I suggest you keep detail records, and keep your nose clean, so you can say, "I did my duty to the USA". If Trump blames you for his crimes, you have your detailed records of every interaction with him.

    1. Anonymous Coward
      Anonymous Coward

      Re: 36 days left

      Iraq! Damn. Now it's so clear that it's exactly what Putin wants! And Trump and Bibi are so obviously working for him! How didn't I see it earlier...

      1. Anonymous Coward
        Anonymous Coward

        Re: 36 days left

        Syria! Damn. Now its so clear exactly what Putin wants! And I suppose Trump will withdraw troops first discussing it with Putin before the Pentagon. Those troops will flee as Putin grabs those US bases. How didn't I see it earlier....

    2. Anonymous Coward
      Anonymous Coward

      Re: 36 days left

      You do know Trump is the only president since Carter not to drum up a full scale war somewhere right?

      He's been very passive when it comes to conficts, hence his 3 nominations for a nobel peace prize...

      Now I cannot stand him but I've a feeling the next 4 years will be very different in terms of conflict, Biden loves a scrap.

      1. Anonymous Coward
        Anonymous Coward

        Re: 36 days left

        Doesn't the murder of a top Iranian politician count?

        1. Anonymous Coward
          Anonymous Coward

          Re: Doesn't the murder of a top Iranian politician count?

          As a full scale war?

          No, it doesn't.

          1. Anonymous Coward
            Anonymous Coward

            Re: Doesn't the murder of a top Iranian politician count?

            It was an act of war - as defined by International Treaty. The fact the Iranians didn't bite is no vindication of Trump.

            1. Claptrap314 Silver badge

              Re: Doesn't the murder of a top Iranian politician count?

              Do I need to post the list of attacks that Iran has perpetrated against US interests for the last 40 years? They have pursued a dirty war this entire time. We held accountable the one man most responsible for carrying them out.

              A most restrained response, all in all.

              1. Anonymous Coward
                Anonymous Coward

                Re: Doesn't the murder of a top Iranian politician count?

                All of that is just revenge for 1958 when the CIA overthrew a democratic elected Iranian government then put the shah in power and kept him there for 20 years odd.

              2. Anonymous Coward
                Anonymous Coward

                Re: Doesn't the murder of a top Iranian politician count?

                The subject is about Trump starting wars. What he did was an act of war, and could have potentially started one.

                You seem to think that I'm an Iran apologist. I'm not.

                Iran's history with America over the last 40 years is irrelevant to the subject in hand.

        2. Claptrap314 Silver badge

          Re: 36 days left

          The "top Iranian politician" was in fact the head of Iran's terror operations. It was literally his job to plan and direct them. As I said at the time, any legal basis for President Trump to have ordered the killing was tenuous at best. However, the moral basis for Donal Trump, like any decent human being, to have stopped such a man by any means available was exceptionally strong.

          One 3-star general stated that one of the duties of a commander is "force protection", and that this action clearly fell in that territory.

          Note also that even President Trump's most ardent supporters planned for him to leave office in Jan 2025. The protection that ex-presidents have is FAR less than the current one (and justifiably so). We have no reason to believe that the Iranian regime's response to this matter has been completed. I expect that the decision to order the mission was taken with this in mind.

          1. Anonymous Coward
            Anonymous Coward

            Re: 36 days left

            > " As I said at the time, any legal basis for President Trump to have ordered the killing was tenuous at best. However, the moral basis for Donal Trump, like any decent human being, to have stopped such a man by any means available was exceptionally strong."

            I never said he was a decent chap, I said that killing him was an act of war under international law.

            As you admit the legal reasons were tenuous, you basically agree with me, so your rebuke is puzzling.

            1. Jaybus

              Re: 36 days left

              The Iran-backed attack on the US embassy in Baghdad on 31 Dec 2019 was also an act of war under international law. Your point?

          2. martinusher Silver badge

            Re: 36 days left

            >and that this action clearly fell in that territory.

            You might recall that the Iranians sent a bunch of missiles back in retaliation. These were very precisely targeted, essentially destroying our drone facilities and bracketing a 'consulate', sending an unequivocal message.

            We've been remarkably quiet about what they hit -- "hangars", "workshops" -- but I think it served as a warning that they have the capability to hit anything they please in hte area so maybe everyone should just place nice and try to get on.

            As for the "terrorism/40 years" thing the US has committed numerous outrages against the Iranians, not just the Vincennes incident. We've been at war with this counry since 1979 and its getting a bit tiresome constantly hearing how our brave boys are defending freedom when they quite patently are not. (....and while we're on the subject of freedom and stuff anyone recall someone called "Julian Assange" and wonder what ha[ppened to him?)

        3. Jaybus

          Re: 36 days left

          No. It was a very limited retaliation for the attack on the US Embassy in Baghdad carried out by Iran-ibacked militia.

      2. eric halfabe

        Re: 36 days left

        I upvoted you for the first bit but Trump will be sworn in in January

        1. Anonymous Coward
          Anonymous Coward

          Re: 36 days left

          Do they swear people into jail then?

        2. DS999 Silver badge

          Re: 36 days left

          Wow there are still people this disconnected from reality? I guess you must be assuming Trump will stage a military coup, because that's the only thing that could stop Biden/Harris from being sworn in next month now that the electoral college vote is official.

          You do realize Trump is only perpetrating this deception so he can send suckers you like emails every day begging for money. Maybe you should read the fine print, and see how little of it goes to the "overturn the election" effort. Most of it is going into Trump's PAC, which is money in his pocket he can use for personal expenses and funnel into his money losing businesses to keep them afloat. You're giving your hard earned money to support a rich guy's lifestyle. Maybe you're OK with that, but everyone else is laughing at you MAGAs now!

          1. eric halfabe

            Re: 36 days left

            It appears it is you that is disconnected from reality. You seem to be making a lot of assumptions about me and Trump. Trump has many routes left.

            There are still cases going on in the states and supreme court that can't be dodged like they have so far.

            The republican legislature have forwarded dual voters to the electoral college. I think it is Pence who decides which of the dual voters will vote.

            If the court rules to decertify the results of the election in the 6 or so states in question or even 3 then it goes to a vote in the house. Republicans have a majority of states in the house.

            I guess he could invoke the insurrection act to put down this coup but he is a long way from that yet.

            1. Anonymous Coward
              Anonymous Coward

              Re: 36 days left

              How about this summary of you:

              You are English. You live in England.

              You don't know anything about the court system in America, or its governmental legal process generally. That's fair enough, but curiously, you are pretending you do know what you're talking about, and think that parrotting bogus right wing taking points will convince us.

              1. eric halfabe

                Re: 36 days left

                You did a little better than DS999 as far as location goes but that is about it.

                I came across this this morning

                https://www.youtube.com/watch?v=kkTyJ3igf1Y

                a short video that explains what i said far better than i could.

            2. cmdrklarg

              Re: 36 days left

              No, Trump has no legal path to victory. The Electoral College has voted and Biden won that 306-232 (as expected). January 6th, 2021 is the next step, where Congress officially counts the votes.

              There is a process where one Representative and one Senator can object to a state's EC votes. Once that occurs, both the House and the Senate vote on whether the objections are valid. For the objection to be valid both the House and Senate must agree.

              The Democrats control the House, so any attempt to object to any Biden votes will be summarily dismissed. Mitch McConnell has already indicated that it won't fly in the Senate either.

              Pence's role in the count is purely ceremonial. There is nothing he can do to change anything in the count.

              1. eric halfabe

                Re: 36 days left

                "No, Trump has no legal path to victory" You clearly don't know what you are talking about.

            3. DS999 Silver badge

              @eric halfabe

              Sorry, Pence doesn't get to decide "which electors" to support. If there's an objection to a state's slate of electors it requires a majority vote in both the house and senate. Never could happen with a democratic majority in the house, but even Moscow Mitch went on the record yesterday telling senators "its over" and warning senate republicans not to support efforts in the house to object (the objection itself requires only one from the house and one from the senate)

              The court cases are being led by the most incompetent team of lawyers ever, who are 0-56 so far in their court cases. The fact you think they still have cases that have a shot is evidence you must get your news from a source that's to the right of batshit insane, like Newsmax.

              Trump has no routes left, and never had any in the first place. The fact you are so deluded you believe his claims is a pitiful indictment of how gullible his cult members are, and how deep into the right wing media bubble you are.

              1. eric halfabe

                Re: @eric halfabe

                What do you watch CNN?

                The Trump team have only brought 5 or 6 cases to court. None of the evidence has been heard in court. The cases have been dismissed with some procedural punt. One goes like this: You can't bring a case before the election because no crime has yet been committed. You can't bring a case after the election because Laches (you should have spoken up sooner).

                The Texas case was dismissed because of Standing. A lot of legal experts think that was wrong. However a similar case has been brought by 4 states where they obviously do have standing so we will see.

                It is clear to me the election was stolen. The Dominion machines are not fit for purpose and are totally insecure. Admin passwords often taped to the front of tabulators allowing poll workers access to the file system. They use SolarWinds software and as per this article it is insecure.

                In the Antrim county examination it was found that the sensitivity of the scanners was set so high that 68% of ballots failed the scan and were sent to an adjudication folder (maximum error rate for certification 0.0006%). The ballots in that folder are supposed to be checked and allocated to the candidate depending on 'voter intent'. This procedure was not followed and 8000 votes went to Biden instead of Trump in a county that only has 16000 voters. The same level was found in an Arizona county i think where there are 2.5 million voters. A full forensic examination is now being carried out.

                If you haven't heard any of this then maybe it is you that is in a bubble.

                As an American (i assume) you should be demanding true and fair elections. As a software guy (i assume) you should be demanding that these garbage machines be scrapped and replaced with something that is not so prone to errors and open to manipulation by so many bad actors.

      3. Anonymous Coward
        Anonymous Coward

        Re: 36 days left

        > You do know Trump is the only president since Carter not to drum up a full scale war somewhere right?

        That's a good observation. I hazard a guess that high-ranking professional politicians all have established ties with the military industrial complex, whereas this guy didn't.

        1. Michael Wojcik Silver badge
          WTF?

          Re: 36 days left

          On the other hand, Trump didn't need to start another war; we have plenty already.

          More importantly, Trump was never interested in policy. He's interested in the adulation of crowds and ego-stroking by his handlers. Those crowds are currently more focused on domestic shibboleths (directing their hatred at anyone in the country who doesn't share their beliefs) than foreign adventures at the moment, and the people those handlers represent are less concerned with short-term profiteering than with instituting a Buchananite plutocratic state.

        2. DS999 Silver badge

          Re: 36 days left

          Yes, that's the one thing I give Trump credit for, but that's mostly because his attention span is far too short to start a war anywhere but Twitter.

          If he believed for one second that starting a war would have helped get him re-elected, he would have been asking his aides "who do I bomb?"

      4. Anonymous Coward
        Anonymous Coward

        Re: 36 days left

        >>Now I cannot stand him but...

        Right, I won't be sorry to see him go "at all" but... I'm not convinced he's been THAT much worse than some of our other leaders.

        I wonder how people would have reacted if he'd just put on a more civil face, been less "noisy"?

        I really wish I could live another 50 years and read about him with some historical perspective.

        I'm too old now, will never know.

        1. Anonymous Coward
          Anonymous Coward

          Re: 36 days left

          Who cares about him being noisy.

          It was the fact that everything he does is for his own benefit. He has gladly and intentionally divided the country, and is now trying to abolish democracy.

          A constant liar, narcissistic sociopath. Literally mentally ill.

          1. Michael Wojcik Silver badge

            Re: 36 days left

            In other words, he's Nixon, minus the intelligence, education, policy interests, and occasional bouts of sympathy for the victims of injustice. Nixon was by no means a good person - megalomaniacal, vindictive, prejudiced, and so forth - but he did some good things1 for the country (rapprochement with China) in general and for certain groups (returning Blue Lake and other changes to "Indian policy").

            I don't see any evidence that's Trump has ever been interested in anything that doesn't benefit him personally or get him psychological rewards from his followers or handlers. I'd say that from any reasonable, historically-informed perspective he's the worst president (by whatever combination of policy, character, or any other sensible metrics) at least since McKinley, and is definitely in the running for worst of all time. (Harrison at least had the good grace to die without doing any real damage.)

            I'm certainly no fan of, say, George W. Bush; but he was President during a difficult time (9/11 and then the beginning of the global liquidity crisis) and on numerous occasions he showed real concern for the nation. I don't think Trump gives a shit about America.

            1Among plenty of bad, of course. Continuing to prosecute, and escalate, the war in Vietnam and Cambodia; attempts to suppress anti-war protesting; COINTELPRO and other attempts to combat the civil rights movements; and so on.

            1. DS999 Silver badge

              Re: 36 days left

              No, he's much more dangerous than Nixon. Nixon was out for himself, and a lot smoother than Trump, but he believed in democracy and the constitution.

              Biden's administration will have to work with congress to plug up some of the holes Trump exposed in our systems. I'd start by making appointments to the DOJ and FBI be one way (i.e. can't be fired by a president, only removed by impeachment) and require a 2/3 majority to confirm. The DOJ needs to be independent, not have a yes man like Bill Barr who protects the president's friends.

              I also hope the rumors are true that Trump will try to force his DOJ to appoint a special counsel to look into election fraud before he leaves so the investigation continues inside Biden's DOJ. Trump is self-deluded enough he actually believes there was fraud, just like he claimed in 2017 because he was butt hurt over losing the popular vote to Hillary (when he created an "election commission" to investigate those "millions of votes" worth of fraud, which quietly disbanded after a couple years having found zilch)

              Having a special counsel Trump put in place turn up nothing once again (but much more publicly this time) may be the only way all his cultists whose minds he's poisoned might ever accept there was no widespread fraud that stole the election from Trump and it is all a fantasy from a self deluded child who was so emotionally damaged by his father he is incapable of admitting he lost at anything.

      5. J__M__M

        Re: 36 days left

        Who's he going to pick a fight with? Dictators and despots are his friends.

    3. StrangerHereMyself Silver badge

      Re: 36 days left

      Of course Russia will use nukes if attacked by conventional forces, their conventional capability is only slightly better than Iraq during both Gulf Wars. And Iraq was defeated in 3 weeks during the Second Gulf War and 3 months in the First Gulf War (3 weeks if you only count only the ground campaign).

      But has Trump uncovered any information on aliens being held hostage by the U.S. Government?

      1. amanfromMars 1 Silver badge

        Re: 36 days left is long enough to leave an Indelible Mark and Blots on a Diseased Landscape

        But has Trump uncovered any information on aliens being held hostage by the U.S. Government? ..... StrangerHereMyself

        If anyone here uncovers information, or hears from any of those ubiquitous anonymous official sources which abound and infest and invest and fester in media, that governments are being deeply captivated by alien technologies with out of this world methodologies and engagingly attractive addictive tautologies, please let El Reg and El Regers know.

        You can be guaranteed that they will certainly thoroughly appreciate the effort and meticulously forensically examine the information for any leading signs of ill-tampering foul play.

        Are you yourself a stranger to/in those fields, StrangerHereMyself?

        :-) Whenever one knows how much can happen and how bigly things can change in one 24 hour period for the likes of Jack Bauer/Kiefer Sutherland types, can you imagine the havoc and bedlam that can be arranged and arraigned in 36 days and left in place both in and from an infinitely more sophisticated space ‽ . ...... if you believe in such strange things, that is ..... and that are possible and eminently doable, and as Lady Luck would have it, not necessarily having to be enabled by humans themselves with their own primitive SCADA Systems versions in Sub-Prime Applications for Exclusive Elite Executive Administrations that Seek to Command Intelligence Controls and Control with Crazy Commands and Insane Demands being nowhere near able and up to the task?

        1. amanfromMars 1 Silver badge

          Re: 36 days left is long enough to leave an Indelible Mark and Blots on a Diseased Landscape

          Here's some more fine classic food for further future thought on all of the above ....... https://www.zerohedge.com/geopolitical/big-brother-disguise-rise-new-technological-world-order

          Do yourself a favour and at least read it. To comprehend it will assist you greatly.

    4. Anonymous Coward
      Anonymous Coward

      Re: 36 days left - meddling kids

      " Trump tried to withdraw from Iraq and Afganistan urgently before Jan 15th, leaving only hostage levels of troops. That would then have allowed Putin to invade Iraq and secure the region with nukes, and secure US hostages."

      *mask whipped off*

      And he'd have gotten away with it too but for those meddling kids!

      Nice tinfoil rant though, its made me laugh. I always enjoy the Scooby Doo ending.

  3. don't you hate it when you lose your account

    Nasty nasty

    But was always a matter of time, always said I can't guarantee we won't be hacked and anyone who does knows their lying or is incompetent. Best to be honest and prepare for the worst.

    1. Anonymous Coward
      Anonymous Coward

      Re: Nasty nasty

      A matter of time indeed...

      "... it is no longer linked-to."

      Cool, because the link to the infected file probably isn't everywhere anywhere.

      I might be paranoid, but I usually set filters on security related files on web servers. I mean "download whatever you want on my infected machine" isn't generally what you want (unless it is... I dunno).

    2. amanfromMars 1 Silver badge

      Re: Nasty nasty

      But was always a matter of time, always said I can't guarantee we won't be hacked and anyone who does knows their lying or is incompetent. Best to be honest and prepare for the worst. ..... don't you hate it when you lose your account

      Somebody/Something at some time must have equated bad hacks with good cracks and best to make great use of them both to result in something else altogether somewhat completely different and addictively engaging ........ absolutely attractively almightily captivating.

      I suppose the big money question is whether you can accept or deny the hellish temptations of such heavenly delights ...... or whether they pass by you and leave you either floundering or basking in their wakes and Private NEUKlearer HyperRadioProACTivated Pirate Shenanigans. ..... Exploring in/on and Experimenting on/in SMARTR Future Courses?

      Find a Better Advanced IntelAIgent Driver Beta than that and you'll have no problem finding camp followers and glorious disciples and empowering angels to boot and master root reboot and re-route. All one needs do is provide the AIMaster Plan with Available Road Maps ....... Displaying Simple Instructions and Directions to Follow to where one be going to or back all the ways to where one be from?

      Either way, IT's one heck of a trip to jump into and onto, and one helluva cracking hack to ensure assures and insures all that it is always for general great use and never ever possible and easily made available for wanton misuse and wilful abuse. Not so much a mighty task as a magnificent calling ...... absolute pleasure to treasure and savour and flavour and devour ie Greatly Enjoy.

      Are there many vital virile vapid markets for those around any parts of the worlds you be spending/sharing your lives in? Does that project one into Global Operating Device territories?

      You ever spend any quality free time in those zones? Ever experienced the powerful rushes that beautifully floor the totally unexpected and unsuspecting? :-)

  4. Anonymous Coward
    Anonymous Coward

    So will they get a years free identity theft monitoring as consolation?

  5. Natalie Gritpants Jr

    Lots of money to be made

    knowing the plans of big companies. Buy/short stock according to good/bad press releases being prepared.

    1. drankinatty

      Re: Lots of money to be made

      Just ask Perdue in GA, I'm sure he'll let you in on a tip or two...

  6. PTW

    once again

    do we have any proof it was the Russians what done it? Good to see McCarthyism alive and well

    1. Anonymous Coward
      Anonymous Coward

      Re: once again

      Once again, Novichok, do we have any proof it was Russians what done it?

      Once again, Mariia Butina, do we have any proof that she was a Russian spy even?

      Once again, Andriy Derkach, Giulliani's handler, do we have any proof he's actually a Russian agent?

      ORPHANS! The meeting was about ORPHANS!

      Just because the troll farm is a Russian company based in St. Petersberg doesn't mean they're Russians, they might be fat men in their basement. Where's your proof?

      Those emails could have been hacked by anyone, even a fat man in his basement!

      Concorde Management? Sounds like a fat French man in his basement to me!

      Did Russian actually pay the Taliban for each US soldier killed, do you actually have real proof or only so called facts and evidence?!

      Alexey Navalny, looks like the Flu to me! Do you have any proof he was poisoned by a nerve agent in Russian? Maybe he had a head cold!

      I for one am sick of all this anti-Russian propaganda!

      Orphans!

      1. PTW
        Trollface

        Re: orphans

        Oh, dear me, you're a bit ranty ac, are you the same ac that always posted those dreary, and oh so long, pro-Democrat posts on every thread here pre-election? Asking for a friend.

        re: Russian bounty program the latest from NBC https://www.nbcnews.com/politics/national-security/u-s-commander-intel-still-hasn-t-established-russia-paid-n1240020 that sort of evidence?

        *I have no donkey, or elephant, in the race, they just bored me to tears

      2. Jellied Eel Silver badge

        Re: once again

        Alexey Navalny, looks like the Flu to me! Do you have any proof he was poisoned by a nerve agent in Russian? Maybe he had a head cold!

        Nope, according to the Sunday Times, Navalny fell ill after wearing contaminated underpants. He appears rather healthy now though. Oddly.

        I do however think revealing some of this shenanigans may prove countreproductive. How terrifying it would be if Russia merged it's poisoning and hacking branches? How would the West defend itself against Fancy Pants?

        Meanwhile, I have popcorn ready for the explanation as to how bears managed to shit in Solar Wind's code repository, compile, and be pushed into production undetected..

    2. Wellyboot Silver badge

      Re: once again

      When there's no definitive proof on display.

      It was, is and always will be - the $CurrentBadGuys$ what done it…

      Because most of the time it actually is them.

    3. Michael Wojcik Silver badge

      Re: once again

      Proof? No. What would such proof consist of?

      An attack like this implies extensive resources, and it was against a broad range of targets, many of which are relatively difficult to monetize (suggesting direct financial profit wasn't the main motive). That pushes the probability toward a nation-state or nation-state-sponsored actor.

      Again, the choice of targets suggests it wasn't a nominal ally country - not because allies don't spy on one another (of course they do), but because allies can get much of the probably-exfiltrated information through other channels, so they'd put their resources elsewhere.

      So, probability favors nominal-foe states known to have groups with the resources (funds, technical capabilities, discipline) to pull off this attack. Iran's working up to this sort of thing but evidence suggests it's not there yet. That leaves China, Russia, and North Korea.

      The DPRK has historically been more interested in more-targeted attacks aiming at hard currency and scientific / technical information.

      Between China and Russia, the style and apparent goals of this attack are more typical of Russia in recent years.

      There may also be technical evidence suggesting Russia; I haven't read the detailed technical reports yet.

      This has nothing to do with McCarthyism (an accusation which is nonsensical in this case, since McCarthyism was ostensibly about International Communism and Communist organization in the US, not Russia, and actually about Joe McCarthy's need for attention) or an anti-Russia bias. The IT security community broadly recognizes a number of nation-state actors performing a wide range of IT-system penetrations around the world, including the US and its allies. Russia has no special status as a bugbear in that regard. They're just one of the players.

  7. Pascal Monett Silver badge
    Trollface

    Thank God they're using red-blooded American software

    It may be a fiasco, but it's a home-made fiasco, so it's all right.

    It's not like they were using some foreign kit widely accused without proof of any kind of being beholden to another government. That would have been <shudder> terrible, right ? Using kit that just might exfiltrate data to an unfriendly country.

    No, thank goodness, that didn't happen. It's just good ol' American incompetence that allowed a foreign government to . . oh, wait.

    1. el kabong

      Shit happens when you insist in overcomplicating things

      Keep piling cruft on top of cruft, hoping your problems somehow get magically solved, and you get shit.

      That's the sad state of the computer defense industry, pilling cruft on top of cruft and then... pile more cruft on top of it all.

    2. el kabong

      Breaking defenses is much easier than building them

      Your defenses may be built by rockstar ninja technical geniuses but if you complicate it too much, piling cruft on top of cruft, you will be increasing the surface area for attack and at some point that surface area will be so large that any sufficiently committed average skill hacker (malicious or not) will find a way in.

      1. Throatwarbler Mangrove Silver badge
        Holmes

        Re: Breaking defenses is much easier than building them

        It's true. The only way to be truly secure is to turn your computers off so they can't be at risk of running bad code. Of course, you may then be subject to wetware hacking in the form of propaganda or other bad information. Best to seal yourself in a locked room or, better yet, kill yourself, for purposes of maximum security of course.

  8. Unicornpiss
    Alert

    My first thought..

    ..when I heard about this yesterday was that Russia must've been pissed off because they were unable to meaningfully manipulate the Presidential election this time around. Russia has needlessly been a fair-weather friend at best to the USA since the cold war ended, and they seem to be nostalgic enough for it that they're pushing for another one with actions like these. Once Trump has finally been evicted they may get their wish.

    1. Anonymous Coward
      Anonymous Coward

      Re: My first thought..

      Putin needs a cold war. His tenure of Russia domestically has been a disaster. He's made a number of his mates VERY rich & they essentially run the country AND a big chunk of the UK too now.

      He needs his external enemies. Rather than making an effort to fix problems inside RUssia caused by the mass theft of Russian People's money by the oligarchs, he's just scaring them with external threats. Much the same propaganda used by Modi, Erdogan, Trump, Johnson, Salvini, Bolsanaro. He can carry on shoveling cash to his mates, keep his place as President and cause enough trouble in other countries to make democracy look weak. The whole idea of the Internet "being a force for good" has gone out the window with Russia, Iran, China, Western PR firms flooding it with so much crap that you don't know whats real and whats not.

      The example of the same Troll Factory employee running anti fascist AND pro white supremacist groups on facebook and then eventually having them both turn up at the same time for counter demonstrations in the same place.

      It's cruel to say but the sooner that Putin is gone and someone who ACTUALLY cares about the Russian people comes in

      1. Anonymous Coward
        Anonymous Coward

        Re: My first thought..

        You come to bury Putin, not to praise him. Right a/c?

        They'll sanction the ass off Russia, until his group ditches him. Pretending it's what he wants and therefore they should do nothing, is to give him what he wants: Inaction in the face of attack.

        The reason he's unpopular is because of all the sanctions. The sanctions are *his* fault, the sanctions can't end as long as he is in power.

        His troll farm people make antagonist groups for confirmation. They pretend to be *both* the enemy you fear, and the people saving you from that enemy. Both a fake leadership of antifascists and a fake proud boys organiser rally the troops against the antifa they create.

        With the GOP and Fox News doing their "Fifth column" work undermining America. Knowingly propagating the lies to divide and weaken the USA in the face of an attacking enemy.

        But your final sentence I agree with. Putin needs to go.

        Cold war be damned, its a hot war, he's actively attacking troops, actively invading targets, there is no cold anything here. Time to recognize that and act accordingly.

        1. Wellyboot Silver badge
          Mushroom

          Re: My first thought..

          It's a Cold war if there's deniability for any direct actions, such as the use of special forces. The current position is more or less as it was throughout the Soviet cold war era, just the latest in a long line of proxy wars since Korea where the great powers were not fighting each other, just assisting their allies in an internal Korean war.

          It's only a Hot war if two nuclear capable regular armies are blazing away at each other as a matter of national policy, and as everyone knows, that would likely get too hot too fast to control so everyone tries hard to avoid it.

    2. Jellied Eel Silver badge

      Re: My first thought..

      ..when I heard about this yesterday was that Russia must've been pissed off because they were unable to meaningfully manipulate the Presidential election this time around.

      This is not how the game is played. So Trump won because of Russian election interference. Now Biden's won because of Russian election interference. Assuming any of the investigations into dodgy voting machines find anything, that was Oceana! I mean Russia!

  9. TimMaher Silver badge
    Unhappy

    Roy Batty was right

    “I've seen things you people wouldn't believe. Attack ships on fire off the shoulder of Orion. I watched C-beams glitter in the dark near the Tannhauser gate. All those moments will be lost in time, like tears in rain”.

    Same Orion right?

  10. Doctor Syntax Silver badge

    "Unfortunately, we are likely to find out over the next year. "

    Fortunately we'll find out some of it. Unfortunately there'll be more we don't find out about.

  11. Claverhouse
    Mushroom

    The Road to a Lasting Peace

    Biden needs a hot war, like all Democrat regime-changists; America is sick of having no new wars: He will probably stay away from attacking Russia, even to please Ukraine. But he will intensify sanctions on Russia to please the McCarthyite hordes in his party and the MSM. Real war, as in Iraq, Syria, Yemen, Afghanistan etc. [ all of which he voted for ] ? Syria or Iran perhaps, North Korea... ? maybe a 20% chance. Most other unAmerican places ? Bigger and better Sanctions...

    1. Anonymous Coward
      Anonymous Coward

      Re: The Road to a Lasting Peace

      "the McCarthyite hordes in his party" Wow, just wow.

      Is it that you don't know what the words mean anymore, or that stringing any set of negatives together and flinging them around will do?

    2. Unicornpiss

      Re: The Road to a Lasting Peace

      Historically, it seems to be the Republican regimes that start the wars. Amazing how partisan people on El Reg seem to be about the US, despite this being a UK site.

      1. WolfFan

        Re: The Road to a Lasting Peace

        That is incorrect. The majority of wars involving the US over the last century or so were started under Democratic administrations. WWI: Wilson, a Democrat. WWII: Franklyn Roosevelt, a Democrat. Korea: Truman, a Democrat. Vietnam: Kennedy and LBJ, Democrats. The Republicans were responsible for the first of the Banana Wars in Central America and the Caribbean, during which the USMC invented dive bombing among other things. Chesty Puller, possibly the most famous Marine ever, bitterly said that he got his first (of five) Navy Cross “collecting taxes for the United Fruit Company”. (There’s a reason why Puller got five Navy Crosses but no Medal of Honor in a career covering 35 years and multiple major wars and places like Guadalcanal, Peleliu, and the Frozen Chosin: he had a big mouth.) The Republicans were also responsible for Gulf Wars I and II, so they have a lot of little wars, it’s the Democrats who have the big ones.

        1. Anonymous Coward
          Anonymous Coward

          Re: The Road to a Lasting Peace

          Hideki Tojo was a Democrat?

          Damn clever those Japanese aren't they.

  12. Doctor Syntax Silver badge

    You wanted back doors? You've got back doors. Happy now?

    1. Danny 2

      Waiter, there's spy software in my spy software

      Who makes watches for the watch makers?

  13. Long John Silver
    Pirate

    Pesky Russians wot dun it?

    The author of this piece has uncritically accepted the prevailing view in the USA that all America's woes are attributable to fiendishly clever Russians hiding in Mr Putin's closet. It would be more productive to look into home grown ineptitude, carelessness, graft, and political misdeeds before pointing fingers elsewhere.

  14. StrangerHereMyself Silver badge

    Wait a minute

    Didn't FireEye use Orion as well on their network? That would explain a lot.

  15. Potemkine! Silver badge

    Assuming this was a state-sponsored attack, and almost everyone assumes it was given the sophistication and determination

    That's something that is going to change in a near future. The resources used by these states may be well interested by a well paid job offered by Mafias, and sometimes they will even have the same boss in both jobs, seen the connection between security offices in Russia and mafias. So one can expect that these high-skilled resources will work for the private sector some day.

  16. David Cotton

    The question we should be asking is:

    With seemingly admin access to the networks of so many other software (and other) companies. What other "digitally signed" malware will they have created in the last 9 months whilst they had access to do so?

    Conceivably all kinds of software could have been tampered with, with the access obtained through solar winds Orion. No way of knowing without companies going line by line through all the software they've released in the last 6-9 months. Even the big boys, Microsoft, Google, Apple if they used the compromised version of Orion on their networks, any software they've release since March could also have been compromised.

  17. Muscleguy

    Sigh

    The DNC wasn’t hacked to steal Hilary’s emails, we know this absolutely, it was an inside job. Hilary’s emails were put on a memory stick which was handed through a number of trusted intermediaries until they reached Wiklleaks. The former Ambassador Craig Murray has said he was one of the intermediaries.

    This meme that the DNC was hacked to steal the emails has never been formally said. It seems a hack of the DNC did happen, don’t they always? but that has never been linked to the exfiltration of the emails. The two have been conflated, quite deliberately to pull the wool over people’s eyes so the Russians can be blamed.

    THIS is why the DNC servers were never audited, they knew it was an inside job.

    It is sad to see a Reg hack repeat this disprovable canard.

    1. Throatwarbler Mangrove Silver badge
      FAIL

      Re: Sigh

      Many assertions, no evidence.

      1. Anonymous Coward
        Anonymous Coward

        Re: Sigh

        That's exactly the MO of FireEye and friends, including the trusted anonymous sources in the (ahem) intelligence community.

    2. Potemkine! Silver badge

      Re: Sigh

      Are you talking about the same Craig Murray who asserted that the Skripal poisoning in Salisbury wasn't poisoning before retracted once his assertions were proven false?

  18. Anonymous Coward
    Anonymous Coward

    Likely Misconfiguration of Orion

    I'm going to guess that we will see that the hacked organizations misconfigured their instance of Orion. Like most monitoring packages, Orion is able to poll Windows boxen using WMI by default. While WMI can be delegated to use a least privilege account to do it's work, many a lax/lazy administator will just give it Domain Admin privileges and be done with it. Getting the popcorn out to see how FireEye explains that one.

  19. Anonymous Coward
    Anonymous Coward

    They would say that, wouldn't they?

    > “Recently, we were attacked by a highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack”

    The alternative is to admit that your multimillion dollar hacking prevention business was hacked by a sixteen year old from his bedroom, which wouldn't look terribly good marketing-wise.

    1. Anonymous Coward
      Anonymous Coward

      Re: They would say that, wouldn't they?

      They cannot prove it either way, so why don't just spin it to the best of their corporate PR and political clout?

      1. Anonymous Coward
        Anonymous Coward

        Re: They would say that, wouldn't they?

        I don't know why you were downvoted and whoever it was didn't have the courtesy to leave a comment.

        But indeed, that is how it works as far as the PR department are concerned.

    2. Anonymous Coward
      Anonymous Coward

      Are those "state-sponsored threat actors"

      …so short of cash that they need to sell their exploits online?

      And let's talk about that …123 password.

  20. elip

    source for this claim

    "If you ever wondered how Putin’s Russia was having a disproportionate impact on global affairs.."

    What does Kieren believe 'disproportionate impact on global affairs' means? I'm not seeing it.

    1. Jellied Eel Silver badge

      Re: source for this claim

      What does Kieren believe 'disproportionate impact on global affairs' means? I'm not seeing it.

      Well, obviously having Russian software installed on many Western company's systems is disproportionate given the size/investment in Russian software houses vs US. Ok, so this may have been unwittingly installed, but could still compare US/NATO cyber offence/defence budgets to Russian spending.

      Alternatively, compare the size/budgets of US/NATO soft & kinetic foreign policy divisions. So Ukraine pivoted towards the EU & West, with a few nudges. Russia kept Crimea, and the "Russo-Ukrainian War" has been ongoing since 2014. That situation has been a tad embarrasing to the West & obviously lead to a rapid cooling of relations between superpowers. Not to mention the deaths of a lot of Ukrainian civilians, and those of other nations drawn into the conflict, ie MH17. And ongoing because despite support for Ukraine, the EU/NATO obviously doesn't want to get sucked into direct conflict.

      Or there's Syria. Carefully orchestrated campaign to oust a member of Bush's 'Axis of Evil'. Which helped spawn ISIL, and a lot of attrocities. But that not so civil war has been ongoing since 2011's "Arab Spring". But Russia being invited into Syria allowed Assad to remain in power, and slowly regain control of it's territory. But much like Ukraine, also carried the risk of direct conflict given the presence of US bases & forces inside Syria's borders.. Uninvited.

      Or there's Turkey, waiting in the wings for a long time for EU accession, important NATO member with ambitions to challenge the Saudis as a major regional power.. And currently seeming to pivot towards Russia, assisted by the response to Turkey daring to buy Russian S-400 air defence systems.

      Or there's India, working with Russia on various defence projects. Or sanctions against Russia forcing it to develop it's own industry & forge alliances with China, and other strategic partners.

      So we're living in interesting times, where a small (by population count) country is perhaps having a disproportionate impact on geopolitics.

  21. Anonymous Coward
    Anonymous Coward

    Back doors

    Maybe now the incompetent Trump administration will understand the risk.

    Probably not.

    1. 22ten

      Re: Back doors

      If only it was just the Trump administration! But sadly incompetence is an intrinsic part of any government organisation.

  22. TheSkunkyMonk

    Am i right in thinking they basically held onto exploits(there own tools) instead of notifying companies to have them patched? Sounds like this could be there own doing.

  23. Anonymous Coward
    Anonymous Coward

    Signed Code??

    I would have expected a security product to use signed code for updates.

    If signed code was not being used then they are not a security company.

    If signed code was being used then the certificates must have been compromised. That's a concern how are they securing their signing certificates?

    1. drankinatty

      Re: Signed Code??

      You would have thunk it, right? Even most Linux distributions (open-source) provide signed update packages (even from the user-contributed repositories). Orion, and SolarWinds, the supposedly standard in for profit monitoring -- you just can't make this stuff up. And, my God, 5+ months of unfettered administrative access to just about every high-level government agency on both sides of the pond? Bugger!

      You would think with all the money spent on intrusion detection that someone somewhere would have figured it out before the 18,000th download. And now we have commercials wanting you to sell your gold to buy e-currency? What could possibly go wrong? Count me in on that one...

      And on this side of the pond in the states -- barely a peep of concern from the leadership and not a single mention of accountability for the perpetrators or the security company that flung 18,000 copies of the malicious backdoor around the globe.

      Jan 20 can't come soon enough. At least then perhaps a sane and confidential discussion among allies can be had.

      1. Anonymous Coward
        Anonymous Coward

        Re: Signed Code??

        They appear to be signing the compromised software. Strike 1.

        They appear to be not checking the authenticity of the signed software. Strike 2.

  24. Anonymous Coward
    Anonymous Coward

    State player of choice

    Intrigued as to why this has to be Russian, Chinese, Iranian, etc as it would seem just as likely to be the NSA, CIA or some other US government entity, given their desire to spy on each other?

    1. Anonymous Coward
      Anonymous Coward

      Re: State player of choice

      Of course, most of attribution is to do with calling out your global opponents.

      However the whole SolarWinds thing actually seems to stem from it being used against FireEye.... this is the cause of the FireEye breach.

      I know a lot of people don't like FireEye much, but I'd probably not put any US gumvmint people on that list.

      So I'm going with it was the Chinese or the Russians trying to smack down FireEye, which they have really....its certainly decreased their reputation, which decreases the amount of engagements they will get, which decreases the chances of the bad guys being named elsewhere.

      Was an interesting play.

    2. Anonymous Coward
      Anonymous Coward

      Re: State player of choice

      Or a false flag.

  25. Tom Paine
    Headmaster

    Pedant's corner

    "..hackers, had penetrated FireEye's servers and made off with its crown jewels: the tools it uses to test other companies’ defenses. Armed with those penetration tools, hackers could potentially identify which of their methods will pass FireEye's gaze undetected."

    No. The tools will be things like scanners, exploit frameworks and standalone exploits for vulnerabilities, which they use to find and exploit those vulns in their pentest customers' networks. They don't have anything (directly) to do with FireEye spotting other attackers in action.

  26. Anonymous Coward
    Anonymous Coward

    I have to question the audit procedures used by the US government for suppliers. This should have been identified before release. How many secrets and how many people are endangered by the fowl up? I hope this is not a case of "I paid a good audit firm for....".

  27. Anonymous Coward
    Anonymous Coward

    No wonder the US is paranoid about Huawei backdoors

    If they can't even vet and secure their own home grown security products.

    Let alone have the necessary processes in place to confirm whether software updates are authentic.

    That's a lot of incompetence to explain.

  28. doggod42

    The Russians! The Russians! The Russians!

    Am I the only one who is getting tired of bad things getting blamed on "The Russians" or "The Chinese" (or whoever is the enemy-du-jour) based on zero evidence whatsoever?

    It's always the opinion of some bureaucrat or politician which then gets picked up and tossed around the echo chamber until, before the day is out, it's treated as axiom.

    Sure, it MIGHT be the Russians, but until someone steps forward with some actual EVIDENCE, why not proceed with caution and skepticism, considering all the actors who could benefit from such a thing and investigating them too.

    First on my list would be the NSA or CIA. They have the means, a motive and certainly the opportunity. Means and opportunity need no explanation, but what's their motive?

    They, along with their "defense" establishment buddies, have a dread of anything resembling peace breaking out. Which is why, over the years, they have meddled in foreign governments, overthrowing those whose election they don't approve and, most of all, lying, lying, lying (see Iraq and Syria for two recent examples) about whatever it takes to sustain their narrative of Us (the good guys) vs. Them (the bad guys) and how we need ever more spying and death hardware to keep us safe from them.

    Until someone shows up with some convincing evidence to the contrary, they're going to have the top spot in my list of Usual Suspects.

  29. Jaybus

    And why is your list of usual suspects based on no actual evidence any more believable?

  30. ShortLegs

    Top-Tier nation state hackers? Maybe not

    @El Reg

    Fancy doing some investigative journalism?

    Everyone seems to be accepting the narrative that this was a "sophisticated" attack, carried out by "top tier "nation-state backed" hackers. But no one is questioning that narrative.

    Who started that narrative. FireEye. A security company relied on by F100 and Government agencies. Slightly embarrassing for them to be hacked. So its /only natural they put out a statement that they must have been hacked by someone with awesome skillz/.

    Except they were not. No one breached FireEyes defences. FireEye imported what used to be called a Trojan. That Trojan than ran, and then the highly patient and careful "hackers" were operating from the inside.

    Were did the trojan come from? Solarwinds. So it must have been a "top tier nation state backed..." except the initial compromise wasn't very sophisticated; Solarwinds FTP server had an incredibly weak password; Solarwinds123

    The malware itself? Still undergoing analysis, but its "lightweight" (at 400mb!) stealthy, quiet. None of which are exactly beyond the ability of a half decent coder with access to malware source (RATs, Tojans, credential snars, mimikatz-type tools) on the dark net.

    FireEye has avested interested in 'hyping' up the 'sophistication' and 'skill level' of the attack/attackers to protect its reputation, and its business. Being breached by a RAT/Trojan, is kinda self-damming. Once upon a time companies used to sheep-dip software before install in a production environment. Indeed, it was best practice. A security company not doing that undermines its own reputation.

    And Russia is a convenient target to distract attention away from "we were hacked" to "we were hacked by RUSSIA!!!" and then give the press release an anti-Russian spin, diverting attention away from "we were hacked".

  31. MachDiamond Silver badge

    Dominion

    One unverified (by me) piece of info I read was that Dominion voting machines used Solar Winds software. This really clobbers electronic voting confidence even if vote counting fraud isn't confirmed. Too many "rice bowls" would be smashed if fraud were found so the powers that be are going to be keen on looking too hard.

  32. Fluffy Cactus

    Always fun to speculate

    RE: Solarwinds - did the voting machine companies really use Solarwinds? Seems odd.

    That would be "not so good", because it throws some actual doubt on the voting machine

    integrity. So, then, it "sort of" follows that it might not have been the Russians with their

    Cozy Bears, because, wasn't the whole idea for about four years, that Trump is a puppet

    of Putin? The Russians would have loved to get Trump for another four years.

    So, that confuses me a little. But not too much. Does anyone consider it possible for any American democrat to be smart enough to "pretend to be a fake Cozy Bear, break into Solarwinds, compromise 18,000 companies just to make it look like everyone is getting attacked, including the Dominion software company, and take over something like 20,000 voting machines, most of which are running on separate networks, with separate id's and passwords, in thousands of separate voting places"?

    Highly unlikely. I am not that smart, so how can anyone be smarter than me? (It's a joke.)

    Are there any democrats that speak Russian, write hacking software, and such? Aside from

    Mila Kunis, who I consider "too cute to be a spy", and she doesn't hack, because that's not

    her thing.

    (Yes, I am waiting for a movie with that title "Too cute to be a spy!" )

    Since I am more on the democrat side, I have been told by many Republicans that

    democrats are idiots, dummies, fanatic leftist communist weirdos, environmentalists, involved

    in child sex trade, globalists, crazed socialists who want a (gaaasp) affordable health care system,

    who of course want to destroy "America" as we know it. In other words, if they are right, then I must

    be fairly dumb.

    One thing is certain: A good portion of Republicans simply cannot believe that Trump lost. In their minds, everything is rigged, corrupted, based on lies, etc. A few Republicans can believe that Trump lost, because they are tired of the ongoing absurd nonsensical political theater.

    Next, Democrats of course believe that nothing was rigged, because the system is safe and secure.

    To solve this puzzle, I remember the way one ensures that a pie is divided exactly into two equal parts: Let the democrat cut it in half, and let the Republican choose which half to take. (This works the same the other way round).

    To apply this to a voting process, one would have to obtain two sets of voting machines:

    A set of Democratic voting machines manufactured by a Democratic company, with Democratic security software and democratic/republican supervision,

    and a second set of Republican voting machines manufactured by a Republican company, with a Republican security software, also under a democratic/republican supervision.

    Each voter votes twice, i.e. once on the democratic and once on the republican machine.

    If the count on both sets of these machines comes out to be the same (within a 0.0000005% margin of error) then we could rest assured that neither set was rigged. And if there is a large difference, then we'd have something to bitch about and investigate the why, and how, and what for.

    Of course, this is too expensive, and ridiculous. But then again, if both sides trust each other as much as CIA and KGB in a movie spy exchange (complete with fog, light rain, at night, on a bridge, with stark lighting, guns and binoculars on both sides), then how else can you convince anyone?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like