Discussion:
SolarWinds Hack Broader and Deeper Than First Reported
(too old to reply)
B1ackwater
2020-12-18 05:55:06 UTC
Permalink
It now appears that MANY crutical govt agencies, banking
and finance entities and large corporate enetites have been
affected by the hack involving a "poisoned" version of the
SolarWinds network-management/monitoring program.

At present Russia is blamed, but frankly this seems more
a Chinese sort of thing.

The main hacks exploited the (many) flaws in Microsoft 365
and enabled detailed monitoring of messages/mails being
exchanged within and between agencies. The hack was
apparently in place as early as March, only revealed just
now.

Of course the SolarWinds top people dumped almost
$300 million in stock just before the problem was
revealed. Oh well, so long as Hunter got a cut they
will be OK ...... :-)

I wonder if Trump's firing of the Homeland cybersecurity
chief a week ago had less to do with elections and more
to do with SolarWinds ? This is a MAJOR hack of VITAL
entities - and nobody noticed a thing.

And why isn't Bill Gates in jail for foisting his hack-friendly
crapware on the universe ? MS products are a national
security risk at every level.

In any case, RAPID and MAJOR reactions are absolutely
required. Can govt DO that, especially during a change in
regimes ??? We are now vulnerable to serious cyberwar
damages.

SolarWinds was supposed to let you dump 90% of your
I.T. people and make it so a few punks could manage
worldwide govt/corporate networks by remote control.
No WONDER it was targeted. SolarWinds (and there
are competitors) was the yellow brick road to absolutely
EVERYWHERE.
unknown
2020-12-18 06:00:16 UTC
Permalink
Post by B1ackwater
It now appears that MANY crutical govt agencies, banking
and finance entities and large corporate enetites have been
affected by the hack involving a "poisoned" version of the
SolarWinds network-management/monitoring program.
At present Russia is blamed, but frankly this seems more
a Chinese sort of thing.
The main hacks exploited the (many) flaws in Microsoft 365
and enabled detailed monitoring of messages/mails being
exchanged within and between agencies. The hack was
apparently in place as early as March, only revealed just
now.
Of course the SolarWinds top people dumped almost
$300 million in stock just before the problem was
revealed. Oh well, so long as Hunter got a cut they
will be OK ...... :-)
I wonder if Trump's firing of the Homeland cybersecurity
chief a week ago had less to do with elections and more
to do with SolarWinds ? This is a MAJOR hack of VITAL
entities - and nobody noticed a thing.
And why isn't Bill Gates in jail for foisting his hack-friendly
crapware on the universe ? MS products are a national
security risk at every level.
In any case, RAPID and MAJOR reactions are absolutely
required. Can govt DO that, especially during a change in
regimes ??? We are now vulnerable to serious cyberwar
damages.
SolarWinds was supposed to let you dump 90% of your
I.T. people and make it so a few punks could manage
worldwide govt/corporate networks by remote control.
No WONDER it was targeted. SolarWinds (and there
are competitors) was the yellow brick road to absolutely
EVERYWHERE.
It is a Trump virus.


Loading Image...

Loading Image...
Jean-David Beyer
2020-12-19 17:04:27 UTC
Permalink
What it reallly IS is a giant stain on "Homeland Security".
They allowed SolarWinds on everything, they used MS
products widely - despite knowing it's the most hacker-
friendly stuff out there. In short they provided both the
growth medium and the infection conduit without ever
checking a goddamned thing. This softwaree was not
meant for Ma Perkins laptop, but for THE most senstive
financial//military infrastructure in existence.
How easy it was, with or without the assistance of the Russian Federation.

"SolarWinds, the company behind the network management software that was
abused to intrude agencies and companies, is known for a lack of security:

SolarWinds’ security, meanwhile, has come under new scrutiny.

In one previously unreported issue, multiple criminals have offered
to sell access to SolarWinds’ computers through underground forums,
according to two researchers who separately had access to those forums.

One of those offering claimed access over the Exploit forum in 2017
was known as “fxmsp” and is wanted by the FBI “for involvement in
several high-profile incidents,” said Mark Arena, chief executive of
cybercrime intelligence firm Intel471. Arena informed his company’s
clients, which include U.S. law enforcement agencies.

Security researcher Vinoth Kumar told Reuters that, last year, he
alerted the company that anyone could access SolarWinds’ update server
by using the password “solarwinds123”"

http://www.informationclearinghouse.info/56049.htm
--
.~. Jean-David Beyer
/V\ Shrewsbury, New Jersey
/( )\ Red Hat Enterprise Linux
^^-^^ up 2 weeks, 3 days, 18 hours, 49 minutes
Winston_Smith
2020-12-18 15:04:42 UTC
Permalink
Post by B1ackwater
And why isn't Bill Gates in jail for foisting his hack-friendly
crapware on the universe ? MS products are a national
security risk at every level.
Back when dinosaurs still ruled the earth there was a lot of usenet
traffic about Windows having back doors for the government. Don't hold
me to the exact version but I recall we are talking about Win98.

I wanted to follow some things people wrote for myself. I searched the
main executable and sure enough among the jumble of symbols and random
numbers and letters of machine code rendered in at text editor, there
was "NSAKEY" set off from the rest of the jumble of code.

Proves nothing in itself but highly unlikely something like that would
come out of the thousand monkeys at a thousand typewriters that is a
code compiler if you are expecting readable English.

In the flurry some of the press claimed that to get an export licence
for software, any software, the government demanded a backdoor.

True or not, your call.
B1ackwater
2020-12-19 04:55:27 UTC
Permalink
On Fri, 18 Dec 2020 08:04:42 -0700, Winston_Smith
Post by Winston_Smith
Post by B1ackwater
And why isn't Bill Gates in jail for foisting his hack-friendly
crapware on the universe ? MS products are a national
security risk at every level.
Back when dinosaurs still ruled the earth there was a lot of usenet
traffic about Windows having back doors for the government. Don't hold
me to the exact version but I recall we are talking about Win98.
I came across some of those myself peeking inside Win2k.
They didn't even do a good job of hiding it back then. Likely
they started with NT - of which W2k was just a version with
a nicer GUI.
Post by Winston_Smith
I wanted to follow some things people wrote for myself. I searched the
main executable and sure enough among the jumble of symbols and random
numbers and letters of machine code rendered in at text editor, there
was "NSAKEY" set off from the rest of the jumble of code.
Yep ! :-)
Post by Winston_Smith
Proves nothing in itself but highly unlikely something like that would
come out of the thousand monkeys at a thousand typewriters that is a
code compiler if you are expecting readable English.
In the flurry some of the press claimed that to get an export licence
for software, any software, the government demanded a backdoor.
True or not, your call.
IMHO the US Govt gets backdoors in there with or without
anybodys approval. If it's software that's very broadly used
or likely to be used in big govt/biz operations they WILL have
spooks working there to make sure a little extra is added to
the code.

And OTHER entities can do the same thing.

How many lines of code in SolarWinds ? Windows/W365 ???
NOBODY really understands how it all works. Big team
projects and it's thus easy for anybody to slip in something
that nobody will notice as being malware.

And they clearly DID.
Winston_Smith
2020-12-18 15:15:51 UTC
Permalink
Post by B1ackwater
At present Russia is blamed, but frankly this seems more
a Chinese sort of thing.
Russia, Russia, Russia is an anti-Trump mantra. The list of friendly
connections between high level Dems and China is long. As is the
compatibility of US socialism and social justice ideas with China's
version of Communism.

That makes it almost certain Russia will be the bad guy and China is a
great trading partner.
B1ackwater
2020-12-19 05:00:40 UTC
Permalink
On Fri, 18 Dec 2020 08:15:51 -0700, Winston_Smith
Post by Winston_Smith
Post by B1ackwater
At present Russia is blamed, but frankly this seems more
a Chinese sort of thing.
Russia, Russia, Russia is an anti-Trump mantra. The list of friendly
connections between high level Dems and China is long. As is the
compatibility of US socialism and social justice ideas with China's
version of Communism.
That makes it almost certain Russia will be the bad guy and China is a
great trading partner.
Russia remains the Great Paraiah ... but the expertise and
hacker-power balance is now firmly in Chinas domain.
This operation required great patience and an eye for the
insidious and ACCESS. Russia is more 'tricks' or blunt
instruments. No, this was China.

Oh well, scapegoats are useful. Russia will be blamed so
Biden can go back to business as usual with China.
Loading...