Russian hack...... again

barbos · Dec 18, 2020

Nobody created thread about that?
Talking heads at CNN have no doubt that it's Russia even though every single neocon they invite says "we have no evidence it's Russia or anyone else"

They bitch about how sophisticated that attack was. Yeah right, SolarWind had a password solarwind123 .... and it have been posted on the internet. Only russians could have figured that out.

Shadowy Man · Dec 19, 2020

Didn't Pompeo just come out and say it was Russia?

Elixir · Dec 19, 2020

Shadowy Man said:
Didn't Pompeo just come out and say it was Russia?

Yes. But Pompeo is a trumpsucking liar. There are lots of better sources.

How to Understand the Russia Hack Fallout

Not all of the victims of this campaign were affected in the same way. In some cases Russia planted a backdoor but didn't go any further; in others, it moved deep within their networks for reconnaissance and data exfiltration. Figuring out the difference—and the implications of each—is going to be increasingly important as investigators dig deeper into the SolarWinds morass.
...
SolarWinds claims to have more than 300,000 customers in total, but not all of them would have been impacted by the company's compromise. For one thing, the situation only affects those who use Orion, and within that group only those who installed the tainted patches would have been exposed. SolarWinds said in a US Securities and Exchange Commission breach filing on Monday that it has notified roughly 33,000 Orion customers about the risk posed by the malicious software updates. But the company also said in its submission that it believes "the actual number" of customers with potential exposure is less than 18,000.

blastula · Dec 19, 2020

all our base belong to russia.

blastula · Dec 19, 2020

Putin's bitch to the end.

[TWEET]https://twitter.com/realDonaldTrump/status/1340333619299147781[/TWEET]

Elixir · Dec 19, 2020

blastula said:
Putin's bitch to the end.

Your debts don't go away just because you're removed from office.

barbos · Dec 19, 2020

Shadowy Man said:
Didn't Pompeo just come out and say it was Russia?

He did, after my post. He must have read it

Pompeo is a liar.
There is no evidence whatsoever. Russian hackers are the default, everybody knows it. So it could be any enemy of Russia, current government in Ukraine for example or Poland. It could be Israel who decided to spy more, Iran, China, North Korea. Could be random hackers, could be CIA/NSA themselves conducting false-flag operation.

Don2 (Don1 Revised) · Dec 20, 2020

So let me get this straight.

Pompeo says it's Russia. He can't give evidence because it's a national security risk to do so.

Russian govt, barbos, Russian agents and Trump say it's not Russia.

barbos knows the backdoor password.

Therefore, I'm supposed to believe barbos?

barbos · Dec 20, 2020

Don2 (Don1 Revised) said:
So let me get this straight.

Pompeo says it's Russia. He can't give evidence because it's a national security risk to do so.

Russian govt, barbos, Russian agents and Trump say it's not Russia.

barbos knows the backdoor password.

Therefore, I'm supposed to believe barbos?

I am not saying "it's not Russia". I merely observe that CNN says "It's Russia!!!!!!" even though their own invited experts say "We have no evidence of anything"

And it was a front-door password

funinspace · Dec 20, 2020

barbos said:
Don2 (Don1 Revised) said:

So let me get this straight.

Pompeo says it's Russia. He can't give evidence because it's a national security risk to do so.

Russian govt, barbos, Russian agents and Trump say it's not Russia.

barbos knows the backdoor password.

Therefore, I'm supposed to believe barbos?

Click to expand...

I am not saying "it's not Russia". I merely observe that CNN says "It's Russia!!!!!!" even though their own invited experts say "We have no evidence of anything"

And it was a front-door password

Who cares if CNN is also saying it's Russia. The whole tech world is saying its most probably Russia.

And at this point we don't even know if Solarwinds really fucking stupid password event is part of what happened...talk about 'not saying'.

https://www.extremetech.com/computi...inds123-password-left-firm-vulnerable-in-2019

The SolarWinds saga keeps getting worse as time goes by. Several days ago, news broke that some 18,000 companies had been compromised by a nation-state actor. The attackers in question are believed to be affiliated with Cozy Bear, aka APT29, aka the Russian government.
<snip>
I want to be clear that this specific password is not thought to be the means by which Cozy Bear accessed SolarWinds network management tool, dubbed Orion, but it speaks to a terrible security culture at the company, given the data security needs of its customers

Additionally, this was a very sophisticated attack. Just getting access to the Solarwinds server, even if handed upon a silver platter, is just the tip of what it would take to pull this off.

Don2 (Don1 Revised) · Dec 20, 2020

barbos said:
I merely observe that CNN says "It's Russia!!!!!!"

CNN said:
(CNN)President Donald Trump on Saturday downplayed a massive cyberattack on US federal government agencies, contradicting Secretary of State Mike Pompeo's public remarks linking the hack to Russia and leaving administration officials scrambling to reconcile the competing statements, according to people familiar with the matter.

"This was a very significant effort, and I think it's the case that now we can say pretty clearly that it was the Russians that engaged in this activity," Pompeo had said of the cyber hack in an interview Friday on "The Mark Levin Show," adding: "I can't say much more as we're still unpacking precisely what it is, and I'm sure some of it will remain classified."

But Trump, in his first public comments on the issue, appeared to undercut Pompeo's remarks in a pair of tweets Saturday, suggesting without evidence "it may be China" that's responsible. Instead of condemning the attack, or Russia, he wrote that he had been "fully briefed and everything is well under control" -- despite officials in his administration having said this week that the cyberattack "poses a grave risk" to networks across both the public and private sector.
White House officials had drafted a statement assigning blame to Russia for the attack and were preparing to release it Friday afternoon but were told to stand down, according to people familiar with the plans. Officials initially weren't told why the statement was pulled back.

https://www.cnn.com/2020/12/19/politics/pompeo-us-government-hack-russia/index.html

barbos said:
And it was a front-door password

I thought the intrusion had to do with Orion patches which installed malicious software while the ORIGINAL infections of Orion patches at SolarWinds was because of the password.

barbos · Dec 20, 2020

Don2 (Don1 Revised) said:
I thought the intrusion had to do with Orion patches which installed malicious software while the ORIGINAL infections of Orion patches at SolarWinds was because of the password.

Yes, password to the server which was doing all that secure stuff was protected with a "solarwinds123" password.

Security researcher Vinoth Kumar told Reuters that he contacted the company in 2019, alerting it that anyone could access its update server by guessing the password “solarwinds123.” Reuters also reports that hackers claiming they could sell access to SolarWinds’ computers since 2017.

ideologyhunter · Dec 20, 2020

Amazing how detached Trump has become since Nov. Nothing on the planet matters to him but his need to sulk. Covid death toll in the 50 states equal to US Army deaths in all of WWII? Dead silence. Urgent need to tell Americans not to gather for T-giving and Xmas? Dead silence. Massive hacking of govt. computers ? Meh. The next 30 days can't pass too quickly. I'm sure he'll have crafted his family's exit strategy and legal parachutes to the extent possible, and of course his base has already given him $250 m. to spend on his noise, because God knows baby don't give away his own binkies. I'm so glad I've never believed the Republicans' boiler plate talking points, because I wouldn't want this douche around my neck and have to rationalize it. The only good Republicans are ex-Republicans.

funinspace · Dec 20, 2020

A good article on some of the details of how Solarwinds was compromised. FWIW, the 'solarwinds123' appears to have been for a FTP account.
https://www.theregister.com/2020/12/16/solarwinds_github_password/

"If they had accessed the build servers, they wouldn’t need FTP credentials. But if they just got hold of a signing certificate and FTP credentials, they could modify the .dll, sign it, and upload it to the FTP server."

Kumar said that once the malicious .dll used for the attack is analyzed to determine whether it was modified or recompiled from source, we may have a better idea about that. "But either way, it was really a weak security measure from a big company," he said.

In its 8-K [PDF] securities filing on Monday, SolarWinds said its Microsoft Office 365 accounts had been hijacked, and build system had been abused, which argues against the possibility that the exposed FTP credentials were used to upload malicious code.

But fuck, this is no way to manage software package releases designed to manage security across environments. It should have been a chrooted jail SFTP environment for people to get their packages. And the server sure as hell shouldn't have allowed user account access from anything other than a few places from within the company (and be monitored). But then again I'd never have a windows server in a DMZ anyway, but that's just my *NIX bias... And where the fuck was the monitoring for changes in key file checksums and dates?

Russian hack...... again

barbos

Contributor

Shadowy Man

Contributor

Elixir

Made in America

blastula

Contributor

blastula

Contributor

Elixir

Made in America

barbos

Contributor

Don2 (Don1 Revised)

Contributor

barbos

Contributor

funinspace

Don't Panic

Don2 (Don1 Revised)

Contributor

barbos

Contributor

ideologyhunter

Contributor

funinspace

Don't Panic