- My Forums
- Tiger Rant
- LSU Recruiting
- SEC Rant
- Saints Talk
- Pelicans Talk
- More Sports Board
- Coaching Changes
- Fantasy Sports
- Golf Board
- Soccer Board
- O-T Lounge
- Tech Board
- Home/Garden Board
- Outdoor Board
- Health/Fitness Board
- Movie/TV Board
- Book Board
- Music Board
- Political Talk
- Money Talk
- Fark Board
- Gaming Board
- Travel Board
- Food/Drink Board
- Ticket Exchange
- TD Help Board
Customize My Forums- View All Forums
- Show Left Links
- Topic Sort Options
- Trending Topics
- Recent Topics
- Active Topics
Started By
Message
re: LA State Computers Hacked (Confirmed)
Posted on 11/20/19 at 9:04 am to TheFonz
Posted on 11/20/19 at 9:04 am to TheFonz
quote:
My understanding is that some of the affected systems displayed a white screen with "RYUK" in bold letters in the middle, and "proton mail" in smaller letters in the top left corner.
Similar to this?
2
Posted on 11/20/19 at 9:06 am to jdd48
quote:
Similar to this?
Don't know. Didn't see it myself. Just what I was told.
Posted on 11/20/19 at 10:43 am to jdd48
There is a rumor currently that the bad actor allegedly has had complete control of active directory since June and that they even changed the encryption keys for the backups.
If that's the case then ho. lee. frick. But this is a rumor.
The issue that hit the education systems across the was more on hardware still being in use with no support on it at all, aka old as frick. That was pretty normal though. Vulnerability scans can overload old equipment like this and cause a DoS. Happens to older, smaller banks using old equipment all the time. Hence why the turnover on most is 6 years by industry standard.
Servers get extra time, and Mircosoft extends support out on server control based operation systems but there are versions still in use in various parts of the state that are losing support at the end of the year.
Only explaining the difference so people don't get the two confused.
The rumor would explain how this is a DDoS, which is what it is, since it's only 130 servers at the moment.
LINK
This dropped last night, and Dardenne says they haven't lost any data but given the rumor to be true, this would be a lie.
Really given the facts that 130 servers were compromised and the state didn't pay the ransom almost doesn't even need the rumor to make it a lie.
Also some reading for all you "gap" enthusiasts.
LINK
Gapped computers hacked because bad actors targeted white-listed vendor maintenance access. ELI5: they didn't hack the gap, they just hacked a third party workstation who was white-listed on the network. Hack the person, don't hack the gap. They got access to the Mars mission jet propulsion data.
If that's the case then ho. lee. frick. But this is a rumor.
The issue that hit the education systems across the was more on hardware still being in use with no support on it at all, aka old as frick. That was pretty normal though. Vulnerability scans can overload old equipment like this and cause a DoS. Happens to older, smaller banks using old equipment all the time. Hence why the turnover on most is 6 years by industry standard.
Servers get extra time, and Mircosoft extends support out on server control based operation systems but there are versions still in use in various parts of the state that are losing support at the end of the year.
Only explaining the difference so people don't get the two confused.
The rumor would explain how this is a DDoS, which is what it is, since it's only 130 servers at the moment.
LINK
This dropped last night, and Dardenne says they haven't lost any data but given the rumor to be true, this would be a lie.
Really given the facts that 130 servers were compromised and the state didn't pay the ransom almost doesn't even need the rumor to make it a lie.
Also some reading for all you "gap" enthusiasts.
LINK
Gapped computers hacked because bad actors targeted white-listed vendor maintenance access. ELI5: they didn't hack the gap, they just hacked a third party workstation who was white-listed on the network. Hack the person, don't hack the gap. They got access to the Mars mission jet propulsion data.
This post was edited on 11/20/19 at 10:47 am
Posted on 11/20/19 at 10:50 am to TheFonz
The hackers use proton mail because it’s encrypted end-to-end. Not necessarily because of anything nefarious with proton mail itself.
From what I understand the attack was unsuccessful at encrypting backups or exfiltrating data, so it’s all good in that regard. Just a big inconvenience.
I hope they release details because there’s a couple of things (possible bad info) shared that doesn’t line up with Ryuk and we would like to know what they learned.
From what I understand the attack was unsuccessful at encrypting backups or exfiltrating data, so it’s all good in that regard. Just a big inconvenience.
I hope they release details because there’s a couple of things (possible bad info) shared that doesn’t line up with Ryuk and we would like to know what they learned.
Posted on 11/20/19 at 10:50 am to Hunter_H_Helmsley
This is a clusterfrick no matter the end result.
From what I have heard, a number of agency heads are planning a meeting with JBE on this subject, probably because state processes are so computerized that being locked out of the network has basically killed any work from being done.
I figure if Dickie Howse’ House wasn’t on fire before, it would be after this.
From what I have heard, a number of agency heads are planning a meeting with JBE on this subject, probably because state processes are so computerized that being locked out of the network has basically killed any work from being done.
I figure if Dickie Howse’ House wasn’t on fire before, it would be after this.
Posted on 11/20/19 at 10:51 am to BeepNode
quote:
I hope they release details
We're sorry but unfortunately those were destroyed in a house fire.
Posted on 11/20/19 at 10:56 am to Hunter_H_Helmsley
quote:
Gapped computers hacked because bad actors targeted white-listed vendor maintenance access. ELI5: they didn't hack the gap, they just hacked a third party workstation who was white-listed on the network. Hack the person, don't hack the gap. They got access to the Mars mission jet propulsion data.
That was also (allegedly) the method used to get Stuxnet onto the Natanz airgapped network.
Posted on 11/20/19 at 10:58 am to jdd48
quote:
That was also (allegedly) the method used to get Stuxnet onto the Natanz airgapped network.
Finally someone who keeps up!
Posted on 11/20/19 at 11:01 am to cleeveclever
quote:
Shhhh....
he's having his moment.
this sounds like a dis from a dude who always is two weeks behind on office memes. Those are the types who deal in moments lolPosted on 11/20/19 at 11:10 am to BeepNode
quote:
From what I understand the attack was unsuccessful at encrypting backups or exfiltrating data, so it’s all good in that regard. Just a big inconvenience.
if the attack was unsuccessful at encrypting the backups then why didn't the system revert to that yesterday. My guess is that they can't, because they are.
Actions not words.
we didn't pay the ransom. services are still down. they tried to revert to some backups they had. and servers are still down. The actions don't match what you claim.
I mean no disrespect, but it just sounds like a bunch of fluff.
This post was edited on 11/20/19 at 11:12 am
Posted on 11/20/19 at 11:11 am to Hunter_H_Helmsley
I work for Tangi Parish School System and we are still not back to 100% since the hack and its been 4 months.
Posted on 11/20/19 at 12:19 pm to teke184
quote:
From what I have heard, a number of agency heads are planning a meeting with JBE on this subject, probably because state processes are so computerized that being locked out of the network has basically killed any work from being done.
So they’re going to move away from using technology?
Posted on 11/20/19 at 12:22 pm to BeepNode
Don’t know nothing bout birthing no babies.
I’m just pointing out the agency heads are going to be showing up with pitchforks and torches.
I’m just pointing out the agency heads are going to be showing up with pitchforks and torches.
Posted on 11/20/19 at 12:53 pm to teke184
quote:doubtful. those agency heads "serve" at the pleasure of the governor. They'll be brown-nosing.
I’m just pointing out the agency heads are going to be showing up with pitchforks and torches.
Posted on 11/20/19 at 12:55 pm to hashtag
I didn’t say they would be raging at him. I mean they would be raging at OTS and Dickie Howse for them having their asses in a sling.
Posted on 11/20/19 at 1:34 pm to teke184
quote:
I didn’t say they would be raging at him. I mean they would be raging at OTS and Dickie Howse for them having their asses in a sling.
And finding out what hardware was damaged in that "sunny day lightning" that hit his house......as he was leaving it.
I'm sure he just left the deep fryer on.
Posted on 11/20/19 at 3:03 pm to Hunter_H_Helmsley
quote:
bad actor allegedly has had complete control of active directory since June
Good thing they discovered this right after the election!
Posted on 11/20/19 at 3:40 pm to BeepNode
quote:
So they’re going to move away from using technology?
Great now we will be back to the hanging chads issue on our next election.
Posted on 11/20/19 at 4:18 pm to BHM
Probably moving away from Jindal's ill conceived consolidation of IT plans.
Posted on 11/20/19 at 4:37 pm to FNG
quote:
Probably moving away from Jindal's ill conceived consolidation of IT plans.
lol, JBE had 4 years to allocate the funds to improve the hardware for the state, had the makings of an attack hit him in the summer and in response announced building an cybersecurity center next on the Mississippi River during its longest sustained high flood levels, and you blame Jindal?
Page 8 of 9
Popular
Back to top
Follow TigerDroppings for LSU Football News