Good day all. Last week news broke regarding the worst computer break in ever, all due to a compromised security application used by the government and private industry. The issue turned out to be a vulnerability in one of the most popular computer security applications out there, SolarWinds.
The news of the hack came out when a private company, FireEye Inc. Found out that their system had been broken into. They started working to locki down the break in and find out how it happened. What they found is right out of a movie. Here are the details from Bloomberg:
When FireEye Inc. discovered that it was hacked this month, the cybersecurity firm’s investigators immediately set about trying to figure out how attackers got past its defenses.
It wasn’t just FireEye that got attacked, they quickly found out. Investigators discovered a vulnerability in a product made by one of its software providers, Texas-based SolarWinds Corp.
“We looked through 50,000 lines of source code, which we were able to determine there was a backdoor within SolarWinds,” said Charles Carmakal, senior vice president and chief technical officer at Mandiant, FireEye’s incident response arm.
A backdoor is a bit of code that allows someone to gain access to a secure system without going through the normal authentication processes. It’s also considered a gaping security hole.
After discovering the backdoor, FireEye contacted SolarWinds and law enforcement, Carmakal said.
Well I should hope so! Far to many companies will ignore something like this and tried to hide the exploit, hoping that no one knows about it. It doesn’t take into consideration that the exploit was put there and isn’t a coding error, and this was the case with the SolarWinds breach.
Hackers, suspected to be part of an elite Russian group, took advantage of the vulnerability to implant malware, which then found its way into the systems of SolarWinds customers when they updated their software. So far, more than 25 entities have been victimized by the attack, according to people familiar with the investigations. But SolarWinds says as many as 18,000 entities may have downloaded the malicious Trojan.
I know a few people in the IT Security field and they have commented that this is the first time they are glad that a customer couldn’t be bothered to update/upgrade the security application.
There were signs in Washington on Tuesday afternoon that additional bombshells about the hack may be forthcoming.
National Security Advisor Robert O’Brien cut short a trip to the Middle East and Europe to deal with the hack of U.S. government agencies. And Senator Richard Blumenthal, Democrat from Connecticut, said a classified briefing on “Russia’s cyber-attack left me deeply alarmed, in fact downright scared.”
It should. From what I’ve been reading the last few days, this hack has major ramifications for national security. This software is used by the Government to protect their systems. I’ve heard reports that several departments literally shut down everything when they found out about this disaster. If there is any sort of a bright side to this fiasco, it’s that the hackers may have shot their wad a bit to soon.
The hackers who attacked FireEye stole sensitive tools that the company uses to find vulnerabilities in clients’ computer networks. While the hack on FireEye was embarrassing for a cybersecurity firm, Carmakal argued that it may prove to be a crucial mistake for the hackers.
“If this actor didn’t hit FireEye, there is a chance that this campaign could have gone on for much, much longer,” Carmakal said. “One silver lining is that we learned so much about how this threat actor works and shared it with our law enforcement, intelligence community and security partners.” Carmakal said there is no evidence FireEye’s stolen hacking tools were used against U.S. government agencies.
I’m sure that as soon as FireEye discovered what had been taken, if not before, they sent out alerts to all their clients as well as the government, along with how to both see and disable their tools if they were used in an attack.
“There will unfortunately be more victims that have to come forward in the coming weeks and months,” he said. While some have attributed the attack to a state-sponsored Russian group known as APT 29, or Cozy Bear, FireEye had not yet seen sufficient evidence to name the actor, he said.
Oh I think we know who was involved.
A Kremlin official denied that Russia had any involvement.
I will be honest and say that when I heard about this and how bad it was, my first thought was the Chinese Communist Party and their MSS. They have a very good team of crackers and hackers, and with the fraudulent election of Dementia Joe and Heels Up Harris, and the recent discloser that Kalifornistan Representative Eric “Nuke all gun owners Salwell had been shagging a Chinese spy, it would have made sense that they did this.
FireEye’s investigation revealed that the hack on itself was part of a global campaign by a highly sophisticated attacker that also targeted “government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East,” the company said in a blog post Sunday night. “We anticipate there are additional victims in other countries and verticals.”
Asia? As in China? Oh wouldn’t that be amusing. I wonder if the Great Firewall of China is based on SolarWinds?
The Department of Commerce confirmed a breach in one of its bureaus, and Reuters reported that the Department of Homeland Security and the Treasury Department were also attacked as part of the suspected Russian hacking spree.
Carmakal said the hackers took advanced steps to conceal their actions. “Their level of operational security is truly exceptional,” he said, adding that the hackers would operate from servers based in the same city as an employee they were pretending to be in order to evade detection.
That makes me think that the FSB or GRU was running this and not a bunch of Russian closet cases in their mother’s basement. You generally don’t see that level of sophistication from individuals, no matter how much they brag. Think how Stuxnet came about and what it was originally used for.
The hackers were able to breach U.S. government entities by first attacking the SolarWinds IT provider. By compromising the software used by government entities and corporations to monitor their network, hackers were able to gain a foothold into their network and dig deeper all while appearing as legitimate traffic.
And there is the major question of the day. Just how deep did they get in? Some of the things I’ve heard is that the breaches were so bad that companies can’t just wipe and reimage their servers, they will have to replace them since they can’t know if the firmware had been compromised. This also means that backups may have to be scrapped as contaminated. (There are ways to recover potentially compromised backups, but it isn’t easy or cheap)
One of the people who is being looked at, not for being accessory for the hack but because it was his, until recently, job to prevent them is Christopher Krebs. He was the “Golden shower Boy” of the MSM after President Trump fired him. According to Fox News:
Many in the media wanted to talk to Christopher Krebs, the nation’s former top cybersecurity official, when he disputed President Trump’s unproven allegations of voter fraud. But his name appears to come up less frequently now that his former agency is being scrutinized in the wake of an apparent Russian cyber attack that began in March but was only publicly revealed this week.
The reason no one wants to talk to him is that this mess happened on his watch. He has been out there saying that “No, the election wasn’t stolen, there is nothing to see here, everything is nice and secure.” Now we know it wasn’t.
Krebs headed the Cybersecurity and Infrastructure Security Agency (CISA) until Trump fired him in November. He had called the 2020 election “the most secure in American history” and said there was no evidence of changed, deleted, lost or otherwise compromised votes.
Well, that certainly flies in the face of the recent announcement out of Michigan that the Dominion voting machines were set up for the express purpose of rigging elections. Of course, now that this hack has been discovered, it makes me wonder what the Hell the CISA was doing for the last year? Surfing porn? It’s going to be months before the full details and the damage is known. About all you can do is find out if any of the companies you do business with used SolarWinds and if they were hacked by the Rusians.
Thatisall
(2 votes, average: 5.00 out of 5)
Loading...
~The Angry Webmaster~
