{"id":33234,"date":"2020-12-24T10:54:11","date_gmt":"2020-12-24T15:54:11","guid":{"rendered":"http:\/\/angry.net\/blog2\/?p=33234"},"modified":"2020-12-24T10:54:11","modified_gmt":"2020-12-24T15:54:11","slug":"america-hit-with-worst-computer-hack-ever","status":"publish","type":"post","link":"https:\/\/angry.net\/blog2\/?p=33234","title":{"rendered":"America hit with worst computer hack ever"},"content":{"rendered":"

Good day all. Last week news broke regarding the worst computer break in ever, all due to a compromised security application used by the government and private industry. The issue turned out to be a vulnerability in one of the most popular computer security applications out there, SolarWinds.<\/p>\n

\"\"<\/a><\/p>\n

<\/p>\n

The news of the hack came out when a private company, FireEye Inc. Found out that their system had been broken into. They started working to locki down the break in and find out how it happened. What they found is right out of a movie. Here are the details from Bloomberg<\/b><\/a>:<\/p>\n

When FireEye Inc.<\/a> discovered that it was hacked this month, the cybersecurity firm\u2019s investigators immediately set about trying to figure out how attackers got past its defenses. <\/b><\/p>\n

It wasn\u2019t just FireEye that got attacked, they quickly found out. Investigators discovered a vulnerability in a product made by one of its software providers, Texas-based SolarWinds Corp. <\/b><\/p>\n

\u201cWe looked through 50,000 lines of source code, which we were able to determine there was a backdoor within SolarWinds,\u201d said Charles Carmakal, senior vice president and chief technical officer at Mandiant, FireEye\u2019s incident response arm. <\/b><\/p>\n

\"\"<\/a><\/p>\n

A backdoor is a bit of code that allows someone to gain access to a secure system without going through the normal authentication processes. It\u2019s also considered a gaping security hole.<\/p>\n

After discovering the backdoor, FireEye contacted SolarWinds and law enforcement, Carmakal said. <\/b><\/p>\n

Well I should hope so! Far to many companies will ignore something like this and tried to hide the exploit, hoping that no one knows about it. It doesn\u2019t take into consideration that the exploit was put there and isn\u2019t a coding error, and this was the case with the SolarWinds breach.<\/p>\n

Hackers, suspected to be part of an elite Russian group, took advantage of the vulnerability to implant malware, which then found its way into the systems of SolarWinds customers when they updated their software. So far, more than 25 entities have been victimized by the attack, according to people familiar with the investigations. But SolarWinds says as many as 18,000 entities may have downloaded the malicious Trojan. <\/b><\/p>\n

I know a few people in the IT Security field and they have commented that this is the first time they are glad that a customer couldn\u2019t be bothered to update\/upgrade the security application.<\/p>\n

There were signs in Washington on Tuesday afternoon that additional bombshells about the hack may be forthcoming. <\/b><\/p>\n

\"\"<\/a><\/p>\n

National Security Advisor Robert O\u2019Brien cut short a trip<\/a> to the Middle East and Europe to deal with the hack of U.S. government agencies. And Senator Richard Blumenthal, Democrat from Connecticut, said a classified briefing on \u201cRussia\u2019s cyber-attack left me deeply alarmed, in fact downright scared.\u201d <\/b><\/p>\n

It should. From what I\u2019ve been reading the last few days, this hack has major ramifications for national security. This software is used by the Government to protect their systems. I\u2019ve heard reports that several departments literally shut down everything when they found out about this disaster. If there is any sort of a bright side to this fiasco, it\u2019s that the hackers may have shot their wad a bit to soon.<\/p>\n

The hackers who attacked FireEye stole sensitive tools that the company uses to find vulnerabilities in clients\u2019 computer networks. While the hack on FireEye was embarrassing for a cybersecurity firm, Carmakal argued that it may prove to be a crucial mistake for the hackers. <\/b><\/p>\n

\u201cIf this actor didn\u2019t hit FireEye, there is a chance that this campaign could have gone on for much, much longer,\u201d Carmakal said. \u201cOne silver lining is that we learned so much about how this threat actor works and shared it with our law enforcement, intelligence community and security partners.\u201d Carmakal said there is no evidence FireEye\u2019s stolen hacking tools were used against U.S. government agencies. <\/b><\/p>\n

I\u2019m sure that as soon as FireEye discovered what had been taken, if not before, they sent out alerts to all their clients as well as the government, along with how to both see and disable their tools if they were used in an attack.<\/p>\n

\u201cThere will unfortunately be more victims that have to come forward in the coming weeks and months,\u201d he said. While some have attributed the attack to a state-sponsored Russian group known as APT 29, or Cozy Bear, FireEye had not yet seen sufficient evidence to name the actor, he said. <\/b><\/p>\n

Oh I think we know who was involved.<\/p>\n

A Kremlin official denied that Russia had any involvement.<\/b><\/p>\n

\"\"<\/a><\/p>\n

I will be honest and say that when I heard about this and how bad it was, my first thought was the Chinese Communist Party and their MSS. They have a very good team of crackers and hackers, and with the fraudulent election of Dementia Joe and Heels Up Harris, and the recent discloser that Kalifornistan Representative Eric \u201cNuke all gun owners Salwell had been shagging a Chinese spy, it would have made sense that they did this.<\/p>\n

FireEye\u2019s investigation revealed that the hack on itself was part of a global campaign by a highly sophisticated attacker that also targeted \u201cgovernment, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East,\u201d the company said in a blog post Sunday night. \u201cWe anticipate there are additional victims in other countries and verticals.\u201d <\/b><\/p>\n

Asia? As in China? Oh wouldn\u2019t that be amusing. I wonder if the Great Firewall of China is based on SolarWinds?<\/p>\n

The Department of Commerce confirmed a breach in one of its bureaus, and Reuters reported that the Department of Homeland Security and the Treasury Department were also attacked as part of the suspected Russian hacking spree.<\/strong><\/p>\n

Carmakal said the hackers took advanced steps to conceal their actions. \u201cTheir level of operational security is truly exceptional,\u201d he said, adding that the hackers would operate from servers based in the same city as an employee they were pretending to be in order to evade detection.<\/b><\/p>\n

That makes me think that the FSB<\/a> or GRU<\/a> was running this and not a bunch of Russian closet cases in their mother\u2019s basement. You generally don\u2019t see that level of sophistication from individuals, no matter how much they brag. Think how Stuxnet came about<\/a> and what it was originally used for.<\/p>\n

The hackers were able to breach U.S. government entities by first attacking the SolarWinds IT provider. By compromising the software used by government entities and corporations to monitor their network, hackers were able to gain a foothold into their network and dig deeper all while appearing as legitimate traffic. <\/b><\/p>\n

And there is the major question of the day. Just how deep did they get in? Some of the things I\u2019ve heard is that the breaches were so bad that companies can\u2019t just wipe and reimage their servers, they will have to replace them since they can\u2019t know if the firmware had been compromised. This also means that backups may have to be scrapped as contaminated. (There are ways to recover potentially compromised backups, but it isn\u2019t easy or cheap)<\/p>\n

One of the people who is being looked at, not for being accessory for the hack but because it was his, until recently, job to prevent them is Christopher Krebs. He was the \u201cGolden shower<\/i><\/span> Boy\u201d of the MSM after President Trump fired him. According to Fox News<\/i>:<\/p>\n

Many in the media wanted to talk to Christopher Krebs, the nation\u2019s former top cybersecurity official, when he disputed President Trump\u2019s unproven allegations of voter fraud. But his name appears to come up less frequently now that his former agency is being scrutinized in the wake of an apparent Russian cyber attack that began in March but was only publicly revealed this week. <\/b><\/p>\n

\"\"<\/p>\n

The reason no one wants to talk to him is that this mess happened on his watch. He has been out there saying that \u201cNo, the election wasn\u2019t stolen, there is nothing to see here, everything is nice and secure.\u201d Now we know it wasn\u2019t.<\/p>\n

Krebs headed the Cybersecurity and Infrastructure Security Agency (CISA) until Trump fired him in November. He had called the 2020 election “the most secure in American history” and said there was no evidence of changed, deleted, lost or otherwise compromised votes. <\/b><\/p>\n

\"\"<\/p>\n

Well, that certainly flies in the face of the recent announcement out of Michigan<\/a> that the Dominion voting machines were set up for the express purpose of rigging elections. Of course, now that this hack has been discovered, it makes me wonder what the Hell the CISA was doing for the last year? Surfing porn? It\u2019s going to be months before the full details and the damage is known. About all you can do is find out if any of the companies you do business with used SolarWinds and if they were hacked by the Rusians.<\/p>\n

Thatisall<\/p>\n\"1\"2\"3\"4\"5 (2<\/strong> votes, average: 5.00<\/strong> out of 5)
<\/span><\/span>Loading...<\/span>\n

~The Angry Webmaster~<\/b><\/i><\/p>\n