Do I detect a whiff of the Huawei protocol here?
It was Russia wot did it: SolarWinds hack was done by Kremlin's APT29 crew, say UK and US
Russia’s infamous APT 29, aka Cozy Bear, was behind the SolarWinds Orion attack, the US and UK governments said today as America slapped sanctions on Russian infosec companies as well as expelling diplomats from that country’s US embassy. One of the sanctioned companies is Positive Technologies, familiar in the West for, among …
COMMENTS
-
-
Thursday 15th April 2021 18:00 GMT bombastic bob
it seems too easy to me, like they were SUPPOSED to conclude it was Russia wot dun it
And after a rather quick investigation (in my opinion, as it was NOT that long ago this happened), we hear an implied message similar to "Nothing to see, move along..." like we're not supposed to dig any further, now. The perp was found. It was Russia wot dun it.
(yet, my instincts tell me that there is more to this - how far down DOES that rabbit hole go?)
-
-
Monday 19th April 2021 11:38 GMT Cliffwilliams44
Re: A Recursive Nightmare
Personally I care less whether it was Russia, China or Switzerland who dun it!
What I care about is we are here again, some company gets infiltrated and in this instance all their customers get infiltrated and we waste time worrying about "who dun it!" Instead of seriously punishing the company who "left their front door unlocked!"
Adversarial governments are going to try this, and continue to try this. It's cheaper and more reliable than spies. Sanctions won't stop this. Going of the telly an puffing your chest out won't either. Making these corporations pay big time (and in the case of government agencies jail time for those who fail to protect their networks) is the only thing that prevents this.
-
-
Thursday 15th April 2021 23:23 GMT doublelayer
"(yet, my instincts tell me that there is more to this - how far down DOES that rabbit hole go?)"
Then go digging. You have the freedom to do it. Just don't complain if you find the security researchers know more about it, having researched it for months, than you can find out. I've seen nothing which suggests Russia couldn't or wouldn't have done it. Nor do I find any major flaws in what I've read so far attributing it to them. The opportunity's always there if you can prove them wrong.
-
Thursday 15th April 2021 23:57 GMT WYSIWYG650
more than meets the eye
I agree we need to know more and question everything that cannot be verified as fact. Did you see the US Gov just went in a pulled a bunch of viruses off Corp systems they say were infected by this. They did so without telling them beforehand.... that should not even be legal, imo.
-
Friday 16th April 2021 08:46 GMT John H Woods
"that should not even be legal"
What, like cops trespassing on your land trying to stop criminals attacking your house?
They basically sought and obtained permission to run through the streets slamming shut doors where the locks had been and then left ajar. I'm not a great fan of routine intrusion by the services but this was an emergency, I'm not sure what else they are supposed to have done.
-
-
Friday 16th April 2021 09:24 GMT John H Woods
Instincts
My instincts, on the other hand, tell me that it probably was the Russians.
I'm well aware of the many and varied faults of the USA, the UK, the EU, India* etc, but I don't think it's a huge stretch that Russia might actually be the bad guys here. I mean: when someone tells you who they are, believe them.
Russia seems to be telling all of us that it is a rogue state in thrall to a gangster oligarchy. This isn't about Russophobia, or politics (what even are Putin's politics?), it's just about his past and current behaviour, and that of Russia whilst under his leadership.
* I haven't included China because they are also the bad guys, just with a very different m.o.
-
Friday 16th April 2021 12:49 GMT Jellied Eel
Re: Instincts
Russia seems to be telling all of us that it is a rogue state in thrall to a gangster oligarchy. This isn't about Russophobia, or politics (what even are Putin's politics?), it's just about his past and current behaviour, and that of Russia whilst under his leadership.
Alternatively, the West is telling us that Russia is a rogue state, and Putin has the eyes of a killer. And that Navalny's a thoroughly decent chap (if you ignore his racist/xenophobic statements) who would make a great replacement for Putin. Even though Navalny was a bit of a nobody in Russian politics.
And then there's Ukraine-
https://www.rt.com/russia/520366-nato-zelensky-ukraine-suicide/
On March 24, 2021, Ukrainian President Volodymyr Zelensky signed into law Decree 117/2021, “On the Strategy of de-occupation and reintegration of the temporarily occupied territory of the Autonomous Republic of Crimea and the city of Sevastopol.” While the stated primary goal of this decree is the “restoration of the territorial integrity of Ukraine within its internationally recognized state border, ensuring the state sovereignty of Ukraine,” the reality is that the issue of restoring Ukrainian “territorial integrity” is merely a vehicle toward “gaining full membership of Ukraine in the European Union and the North Atlantic Treaty Organization.”
With 'de-occupation and reintegration' of Crimea kinda being a declaration of war with Russia, given Crimea's now Russian. Ish. Depending on viewpoint wrt how legal Crimea's independence and then integration is/was. But possession being 9/10ths of the law, Ukraine's probably going to find it hard to get Russia to give it back.
But strangely, not much has been said about that Decree 117/2021 in the Western media. Plenty has been said about Russian troop buildups. Part of which are normal, ie the border area with Ukraine hosts one of Russia's largest military districts, and it's held regular Spring training exercises there. Moving Guards assault divisions into Crimea's perhaps more unusual, but kinda understandable as a response to that decree.
And then there's the other changing of the guard, like Biden being America's man in Ukraine under Biden, along with Victoria Nuland. Famous for her cookies during the peaceful protests around Maidan, and her 'f*ck the EU' comments. Plus some other awkard moments relating to Ukraine, like Hunter Biden's job there. Still, if Kiev ends up getting glassed, evidence might end up getting vaporised.
But such is politics. I do wonder how much of the anti-Russia stuff is being driven by Ukraine. Obviously they're a tad unhappy with Russia. But Biden's involvement in Ukraine's regime change is also a bit tricky, and potentially compromised Biden and some of his cabinet. Plus Russia's kinda spoiled a perfectly good regime change in Syria, with Russia's support for Assad.
We're living in interesting times though, and not entirely convinced Ukraine's worth going to war over. Timing is also a tad inconvenient given Turkey's got the lead for NATO's QRF, and Turkey has it's own internal issues, along with strained relations with Russia.
-
Friday 16th April 2021 14:43 GMT MacroRodent
Re: Instincts
Western media says nothing about Zelensky's degree 117/2021 because it either does not exist, or is nothing like described by the rt.com quote above. All online search results of it appear on shady pseudo-news sites, often parroting precisely the same text. Looks like a propaganda operation.
-
Friday 16th April 2021 17:25 GMT Jellied Eel
Re: Instincts
All online search results of it appear on shady pseudo-news sites, often parroting precisely the same text. Looks like a propaganda operation.
Indeed, but I suspect we'd disagree by whom. So if you don't like RT, try this version-
https://www.ukrinform.net/rubric-polytics/3214479-zelensky-enacts-strategy-for-deoccupation-and-reintegration-of-crimea.html
Decree No. 117/2021 of March 24 on enactment of the relevant decision of the National Security and Defense Council was published on the website of the Head of State, Ukrinform reports.
"To approve the Strategy for De-occupation and Reintegration of the Temporarily Occupied Territory of the Autonomous Republic of Crimea and the City of Sevastopol," the document reads.
As noted, the strategy defines a set of diplomatic, military, economic, informational, humanitarian and other measures aimed at restoring the territorial integrity, state sovereignty of Ukraine within its internationally recognized borders through the de-occupation and reintegration of Crimea.
Where the 'informational' part would include propaganda. Diplomatic would be lobbying Biden, pater et fils, the EU, NATO, although the latter might also be included under military. Along with the shipments of arms being sent into Ukraine at the moment.
Again a bit odd that other pseudo-news sites aren't mentioning that Decree as a reason why Russia might be justified in responding to it.
<spoiler>The National News Agency of Ukraine (Ukrainian: Українське національне інформаційне агентство) or Ukrinform (Ukrainian: Укрінформ) is a state information and news agency of Ukraine. It was founded in 1918 during the Ukrainian War of Independence[5] as the Bureau of Ukrainian Press (BUP). So Ukraine's version of the BBC. So I guess you could describe it as a shady pseudo-news site spreading propaganda.. </spoiler>
-
Friday 16th April 2021 21:45 GMT JohnG
Re: Instincts
Straight from the horse's mouth, so to speak:
https://www.president.gov.ua/documents/1172021-37533
If you use Google Transate, about a quarter of the way down, there is this:
"ensuring sustainable socio-political, humanitarian and economic development of Ukraine in accordance with certain principles of domestic and foreign policy, the strategic course of the state to gain full membership of Ukraine in the European Union and the North Atlantic Treaty Organization."
-
-
Monday 19th April 2021 11:49 GMT Cliffwilliams44
Re: Instincts
Frankly don't care one way or another. The west are blithering ignorant when it comes to Russia it seems. Putin may not be a big teddy bear but the fact of the matter is the average Russian loves the guy. Before Putin Russia was a cluster F! Rampant corruption everywhere. At least now a Russian farmer can get his product to market without paying so many bribes he ends up losing money.
As far as the current situation well you can blame the Obama administration for that. If you think that so called uprising in Ukraine was "spontaneous" I have a bridge and some swamp land I can sell you cheap! That had the CIAs fingerprints all over it! Then he starts an uprising in Russia's main ally in the middle east. Syria was one of the few nations in the middle east where Christians could worship openly. Yes, Assad was a dictator but just exactly what was so bad about him?
This is what adversarial countries do. Used to be Spies, now its cyber attacks. Are we any different? MI6 is far worse than the CIA, That's why the CIA hires them to do things that are too nasty even for them.
-
-
-
-
Saturday 17th April 2021 12:41 GMT Anonymous Coward
The article doesn't even mention the word "evidence".
And then there's this: https://www.thelastamericanvagabond.com/another-mega-group-spy-scandal-samanage-sabotage-and-the-solarwinds-hack/
-
-
Thursday 15th April 2021 18:25 GMT amanfromMars 1
Reading the runes between the lines
It nonetheless remains unclear what specific data points enabled the attribution to the Russian APT29 in particular with such a high level of confidence.
So, we are to be led to believe that oh so convenient tall tale and right dodgy crock ..... absence of evidence does not indicate evidence of absence?
I trust those in the know now know that is no longer acceptable as fact in matters that matter, trying as it does to cover up an absence of knowledge searching after the fact for the facts that have proven themselves to be extremely damaging and/or disruptive and remarkably creative.
And the fact that it tells so many so much about the true state of involved parties, makes the course of future play more than just a tad interesting.
-
-
-
Friday 16th April 2021 03:46 GMT Anonymous Coward
Re: Hypothetical
Wull there are aliens in this direction and there are aliens in th'other direction. When the GOP doesn't want to talk about something they throw hissy fits in a different direction, say, the Mexican border.
Any national party that can sweep 500,000 dead citizens under the rug of denial cannot be underestimated at simply not responding to bad news, or realities.
-
Friday 16th April 2021 08:54 GMT Zare
Re: Hypothetical
Your supposedly gotcha question comes obviously from eating too much Russiagate burgers. What did that theory say? That Trump and his administration/stuff is a puppet of Russia. The most logical connection to his "handlers" would be US ambassador to Moscow. Well, Biden just kept Trump's man in Moscow. (https://edition.cnn.com/2021/04/12/politics/biden-john-sullivan-moscow/index.html ) But do not let the facts disturb you in thinking.
-
Monday 19th April 2021 12:01 GMT Cliffwilliams44
Re: Hypothetical
Do you really think the west will do more than they did when the Soviets invaded Czechoslovakia? Is it really our problem? Do we send men (and women now) to die so the west can have a NATO country on Russia's border?
One can make the same argument, if the Chinese invade Taiwan which side will the Biden's be on, which side will CNN, NBC, ABC, Nike, Coca-Cola, the NBA, etc, etc.
it's a stupid question from an anonymous coward!
-
-
-
Friday 16th April 2021 02:23 GMT Anonymous Coward
Re: I love
So clever, they're better than the best hackers or security professionals in the Western world. Yet apparently too dumb to clean fingerprints off their code, plant a few false flags or even develop their own computer industry.
The "intelligence" services always seem to blame convenient political targets. Actually, I could believe Russia or China have the technical capabilities, not so much North Korea or Iran.
-
Friday 16th April 2021 03:59 GMT doublelayer
Re: I love
Really, why not? Each of those countries, though small and economically troubled, has managed to set up the resources to build nuclear weapons. That's expensive and difficult, but they wanted it badly enough that they have done it (well, giving Iran a bit more credit given we don't know how far along they are). Building a few teams of smart people capable of breaking into stuff isn't that expensive in comparison; you need some computers, some smart people, and for those people not to have great alternatives like working for a tech company. Why couldn't North Korea or Iran manage those requirements?
-
Friday 16th April 2021 07:27 GMT Kabukiwookie
Re: I love
Iran's nuclear bonbs are like fusion power, always just a few months away from completion.
This has been claimed since Netanyahoo showed his professinally drawn bomb picture in front of the UN more than a decade ago.
The US unilaterally pulled out of the nuclear deal that was struck with Iran, who were sticking to tge deal well after the US govt unilaterally slapped sanctions on Iran, while allo other partucipants, including the agency checking that Iran fulfilled its side of the bargain said it was keeping its end.
The only parties escalating tensions is the US and Israeli govts.
Is Iran the good guy in this scenario? Probably not, but they're definitely not the worst of all parties involved.
-
-
Friday 16th April 2021 12:13 GMT Jellied Eel
Re: I love
Yep. Shades of Iraq there - no WMD ever found because there weren't ever any... but then again I'm pretty sure the US knew abou that, they just wanted rid of Saddam and needed an excuse.
But there were. And we knew that because French, German, US, UK and other countries supplied and supported Iraq's WMD. And we know Saddam used WMDs during the Iran-Iraq war, and on his own Kurdish population. Issue then became whether Iraq still had them post 1991 when they were supposed to have ceased WMD production and destroyed any existing stocks.
Which then became a tad politically awkward given the West knew what dual-use stuff had been given export licences. But that all got 'sexed up' as the pretext for the next Gulf War, with fancy infographics showing where Iraqi missiles could land and how quickly they could be launched. Which was all trivially true, ie the Iraqi missiles were liquid fuelled and took 20-40mins before they could be fuelled and launched. And post-GW2, stuff like yellowcake and mustard gas was found, sometimes the hard way. But mustard gas is very nasty as it sticks around for a long time, and shells may have been left over and forgotten from the Iran-Iraq war.
-
-
Friday 16th April 2021 16:35 GMT Anonymous Coward
Re: I love
This seems to be reputable for mustard gas: it looks like it was probably all old. Snopes says the yellowcake thing is misleading: it was removed from Iraq in 2008 but
The yellowcake removed from Iraq in 2008 was material that had long since been identified, documented, and stored in sealed containers under the supervision of U.N. inspectors. It was not a “secret” cache that was recently “discovered” by the U.S, nor had the yellowcake been purchased by Iraq in the years immediately preceding the 2003 invasion.
None of this gives me any confidence in the person you're replying to who smells as if they are effectively a Russian shill.
-
Friday 16th April 2021 17:38 GMT Jellied Eel
Re: I love
None of this gives me any confidence in the person you're replying to who smells as if they are effectively a Russian shill.
So basically a 'yes' then. Snopes isn't exactly a reliable source, but supports my point that Iraq did have 'WMD'. But that's also where the shilling came in, ie pre-1991 actions, post-1991 UN decisions, on/off again permissions for weapons inspectors and then GW2 and the rediscovery. Then finally flogging the yellowcake to Canada. Who sold it to Iraq in the first place seems a bit of a mystery though.
(as for being a Russian shill, I do occasionally smell of vodka.)
-
-
-
-
-
-
Friday 16th April 2021 08:24 GMT Anonymous Coward
Re: I love
One of the oddities of computing is that it's highly democratising. Someone with the patience and access to a machine can learn to break stuff.
Ransomware profits are by all accounts a relatively major source of revenue in the DPRK. Why wouldn't they invest in it. A few laptops, loyalty checks, an internet connection to the outside world.
Equally there are business parks outside Moscow with buildings occupied by ransomware firms. Legit businesses.
I haven't seen the evidence either way that one state or another did it, but the smoking gun that all these states are using offensive tactics is not even remotely difficult to find. And, if you think the UK and US aren't using offensive tactics themselves then you are deluded. Cough, Stuxnet.
A group that releases vulnerability information has either two agendas. 1) they use that equipment and want to make it better, or 2) they want to release tools to the wild to increase disruption.
-
Friday 16th April 2021 11:29 GMT amanfromMars 1
4ILOVEYOU2 is not a bug whenever a Heavenly AI Facility and Diabolical Utility.
One of the oddities of computing is that it's highly democratising. Someone with the patience and access to a machine can learn to break stuff. ...... Anonymous Coward
Hmmm?
Taking that one small step and a giant quantum leap further and deeper and higher along that particular root and peculiar route, AC, one of the strongest of the stranger enigmatic oddities of computing is that it's both equally capable of being highly democratising and easily demonising in one swell equitable swoop.
And, although some may certainly disagree, someone who can be anyone with the patience of saints and sinners with accesses through the portals and auspices of virtual machinery can both break and rake in all manner of interesting nonsense and immaculate stuff and vice versa.
Such is why they are held in such high regard by their peers and deservedly rewarded so extremely appropriately.
Some things are just so good that they are worth everything you can throw at it, although it has to be said, you don't normally get to run into or run up against any of those that often, although that is bleak cold comfort to any who do and are worthy sufferers of and for the consequences of their actions.
But hey, that is only natural if one follows and is tracked in Stellar COSMIC Ways tracing Novel Ennobling Universal Paths.
-
-
Friday 16th April 2021 18:31 GMT Michael Wojcik
Re: I love
I could believe Russia or China have the technical capabilities, not so much North Korea or Iran.
For SolarWinds? SolarWinds was trivial. Any of the significant state-sponsored teams could have done that one. So could independents.
I think Russia's a probable culprit, but to be honest I don't much care who was responsible for the actual attack. The far more interesting question is why SolarWinds were vulnerable in the first place, and as others have pointed out that's right at the feet of the CEO and other executives.
-
-
Friday 16th April 2021 21:47 GMT JohnG
Re: I love
I don't think it is a case of people thinking that our intelligence agencies aren't clever enough to have identified the culprits - I think it is more that some people may suspect that one of our intelligence agencies could themselves be the culprits and could be using the Russian as scapegoats. After Edward Snowden's revelations, perhaps our intelligence agencies are not seen as pure as the driven snow.
-
Saturday 17th April 2021 15:15 GMT Jellied Eel
Re: I love
After Edward Snowden's revelations, perhaps our intelligence agencies are not seen as pure as the driven snow.
But should they be? Or should the fact that intelligence agencies spy on stuff be any great revelation, given that's what they're paid to do. Personally, I think it can be a case that intelligence agencies (or their PR people) think the public isn't clever enough to understand evidence. Trust us, it was Russia. Or as Ronald Reagan once said, trust, but verify.
We're IT geeks, we understand this stuff, so present your case. Especially in a time when public trust in governments isn't exactly great. And especially as IT security is rather critical, and understanding how an attack happened can help businesses prepare and prevent future attacks.
-
Sunday 18th April 2021 01:09 GMT Anonymous Coward
Re: I love
The public will never be told the truth. On either side.
For all anyone knows, Solarwinds could have been retaliation for a US attack. Maybe Iran contracted state level hackers in response to Stuxnet. We'll never know.
Neither side has any motivation to broadcast what they're doing, as it provides intelligence data for the other side.
Interesting though, that the Americans have brainwashed their public into believing the US is the "victim" and they're always on the receiving end of the attacks...
-
Sunday 18th April 2021 06:07 GMT amanfromMars 1
Clouds Hosting Advanced Operating Systems. I Kid U Not. It is an IoT AI Thing.
The public will never be told the truth. On either side. .... Anonymous Coward
What is the truth? And why is it so dangerous to know .... apparently .... because so many aspire and conspire and expire to not have it revealed about them and their activities and those and that which surround and support them?
The hellish difficulty to skip and dismiss, and heavenly opportunity to seize and employ whenever the truth is discovered/realised to have nothing at all to do with either the past or the present, if ever it presents and presented a massive fiction with colossal curtains of lies to deceive and massive trails of fake news to blindly follow to nowhere for real, is to accept novel news of not too distant futures with their alternate augmented virtualised realities at their Work, REST and Play, and question IT more, so that more of it can be general knowledge and universally made clearly known.
And of course, it does have the immaculate bonus and added attraction of not suffering the misfortune which delivers the diseased plague of being blighted and terminally infected by perverse mutations and corrupt manifestations of streams of perished ancient views and old presently ill informed postmodern nonsense masquerading in the guise of actionable intelligence and current news from reliable and trusted sources. Such is the Great COSMIC* Scam and Earthly Sham that Shames and Games Humanity. It is also the true alien nature of so many a present human existence on Earth.
And all of that more than just suggests that the public will know what is truth, and it will bombard them from all sides so that they will not be susceptible to future misleading derailments and exclusive pernicious self-serving lies ..... and they will easily recognise the purveyors of such putrefactions and abominable distractions ...... and be suitably overwhelming armed and zealously inclined to extinguish and obliterate them most satisfactorily to the generous eternal gratitude of the masses and all concerned in the CHAOS of Crowds and Clouds.
Deny it if you like, but that is what confronts and calls you out to play daily and out to 0day vulnerability exploitation play, and in so doing does IT and AI confound all around in your stealthy autonomous engagement.
COSMIC* .. Control Of Secret Materiel in an Internetional Command.
-
-
-
-