back to article Cyber-snoops broke into US military contractor, stole data, hid for months

Spies for months hid inside a US military contractor's enterprise network and stole sensitive data, according to a joint alert from the US government's Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and NSA. The intruders somehow broke into the defense org's Microsoft Exchange Server – the Feds still aren't …

  1. elDog

    Given the mentioning of two python scripts being involved, isn't the solution to disable python?

    And of course, PowerShell, cmd.exe, etc.

    And probably the .NET echo-system.

    I think COBOL-68 is still OK, tho.

    1. doublelayer Silver badge

      Re: Given the mentioning of two python scripts being involved, isn't the solution to disable python?

      Given your mention of Cobol, I don't know if you're being serious about blocking Python, but it's an argument I've heard before from people who definitely intend to do it. It doesn't work.

      Of course, blocking Python would prevent some infection. And execution of any code outside the Windows directory. And inside that directory. And in the bootloader. I can provide you perfect security in this vein using the fail-safe security tool known as a blowtorch.

      If you disable every function of a computer, it becomes a lot worse for doing useful things. Maybe nobody uses Python themselves, but there are still applications written in it which disabling every copy of Python will break. That's not a realistic way to block malware because it's a lot easier for the malware writers to port their script to something else or hide their interpreter than for the average user to get around a block that prevents them from working. They clearly didn't think they needed to hide their tooling this time, and they were right, but if it turned out they needed to, that's a day's effort for one programmer and your efforts to block Python are circumvented.

      1. elDog

        Re: Given the mentioning of two python scripts being involved, isn't the solution to disable python?

        Thank you for a serious reply to my flippant comment. I've gotta stop doing that!

        Python has become a very important language in systems that are powering the machine-learning world. In my little knowledge it seems that most natrual-language-processing (NLP) uses Python to run the low-level tools (mainly C/variants and CUDA logic.)

        I might have expected perl to be the glue-type language but it got stuck in a mud-hole a few years ago.

  2. jeff_w87

    If you want to minimize your chances of getting hacked...

    1. Don't connect your network to the Internet (sorry, people you can no longer pretend to work from home)

    2. Don't use Microsoft products on your network.

    3. Spend the money to properly secure and monitor your network (i.e. hire a competent network/SA team, pay them properly and buy appropriate resources/equipment to help protect your network and configure them properly).

    It's not easy, but if you want security you have to make sacrifices.

    1. Anonymous Coward
      Anonymous Coward

      Re: If you want to minimize your chances of getting hacked...

      re: 1 - dumbass

      re: 2 - dumbass

      re: 3 - close but no cigar. You aren't going to find many competent network admins who are aslo competent system admins

      And finally, wrong again. It isn't hard and you don't have to make sacrifices, but with Windows its not simple, straightforward and quick.

    2. MattPi

      Re: If you want to minimize your chances of getting hacked...

      "Tell you've never worked in an enterprise environment with saying you've never worked in an enterprise environment." That's how that meme goes, right?

      1. Kevin McMurtrie Silver badge

        Re: If you want to minimize your chances of getting hacked...

        Very true, but sometimes enterprise environments are bad for bad reasons. Seeking too much safety in standardization can be the flaw that makes thousands of computers dependent on obsolete software.

    3. ElRegioLPL

      Re: If you want to minimize your chances of getting hacked...

      The 'M$ ha ha' boys out in force again with their great advice of turn off all JS, cookies, don't use the internet.

      Thank you for your wisdom.

      Now back to the real world.

      1. John69

        Re: If you want to minimize your chances of getting hacked...

        The M$/linux debate can go on, but Microsoft Exchange is not military grade security, right?

  3. Denarius Silver badge

    odd

    the few document servers/stores/servers I have been forced to use were useless at classifying, let alone search, though one on a very recent M$ platform looks like it may work. All required server farms to not work very well and with user interfaces designed by neuro-atypical types. Yet, small intrusionware can do it to find items of interest while hiding in an existing system.

    1. Anonymous Coward
      Anonymous Coward

      Re: odd

      I think we'll all find that the organzations being hacked successfully allowed too many of their staff to either pick their own tools or allowed upper-upper management to have one-button/one-click access to data. And administrators who use their domain admin accounts as their every-day-use accounts.

  4. To Mars in Man Bras!
    Headmaster

    >Spies for months hid inside...

    Dearie me. Did you just throw some words in the air and see what random order they landed in?

    1. doublelayer Silver badge

      Prepositional phrases in English may proceed verbs. It may not be the most typical order, but it is for most uses accepted by grammarians. Sometimes, to comply with their other rule of not putting the preposition last, this pattern ends up being more common in formal writing than informal speaking, where most rules of grammar are discarded in favor of the "it sounds right and I'm not going to complain about it" principle.

    2. Hurn

      It makes more sense, with more commas:

      Spies, for months, hid inside...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like