- My Forums
- Tiger Rant
- LSU Recruiting
- SEC Rant
- Saints Talk
- Pelicans Talk
- More Sports Board
- Fantasy Sports
- Golf Board
- Soccer Board
- O-T Lounge
- Tech Board
- Home/Garden Board
- Outdoor Board
- Health/Fitness Board
- Movie/TV Board
- Book Board
- Music Board
- Political Talk
- Money Talk
- Fark Board
- Gaming Board
- Travel Board
- Food/Drink Board
- Ticket Exchange
- TD Help Board
Customize My Forums- View All Forums
- Show Left Links
- Topic Sort Options
- Trending Topics
- Recent Topics
- Active Topics
Started By
Message
NYT: Scope of Solarwinds Hack was Massive - Pentagon, DHS, State Department, and F500's
Posted on 12/16/20 at 11:03 am
Posted on 12/16/20 at 11:03 am
quote:
The Pentagon, intelligence agencies, nuclear labs and Fortune 500 companies use software that was found to have been compromised by Russian hackers. The sweep of stolen data is still being assessed.
NYT
WASHINGTON — The scope of a hack engineered by one of Russia’s premier intelligence agencies became clearer on Monday, when some Trump administration officials acknowledged that other federal agencies — the State Department, the Department of Homeland Security and parts of the Pentagon — had been compromised. Investigators were struggling to determine the extent to which the military, intelligence community and nuclear laboratories were affected by the highly sophisticated attack.
United States officials did not detect the attack until recent weeks, and then only when a private cybersecurity firm, FireEye, alerted American intelligence that the hackers had evaded layers of defenses.
It was evident that the Treasury and Commerce Departments, the first agencies reported to be breached, were only part of a far larger operation whose sophistication stunned even experts who have been following a quarter-century of Russian hacks on the Pentagon and American civilian agencies.
About 18,000 private and government users downloaded a Russian tainted software update — a Trojan horse of sorts — that gave its hackers a foothold into victims’ systems, according to SolarWinds, the company whose software was compromised.
Among those who use SolarWinds software are the Centers for Disease Control and Prevention, the State Department, the Justice Department, parts of the Pentagon and a number of utility companies. While the presence of the software is not by itself evidence that each network was compromised and information was stolen, investigators spent Monday trying to understand the extent of the damage in what could be a significant loss of American data to a foreign attacker.
The National Security Agency — the premier U.S. intelligence organization that both hacks into foreign networks and defends national security agencies from attacks — apparently did not know of the breach in the network-monitoring software made by SolarWinds until it was notified last week by FireEye. The N.S.A. itself uses SolarWinds software.
Two of the most embarrassing breaches came at the Pentagon and the Department of Homeland Security, whose Cybersecurity and Infrastructure Security Agency oversaw the successful defense of the American election system last month.
A government official, who requested anonymity to speak about the investigation, made clear that the Homeland Security Department, which is charged with securing civilian government agencies and the private sector, was itself a victim of the complex attack. But the department, which often urges companies to come clean to their customers when their systems are victims of successful attacks, issued an obfuscating official statement that said only: “The Department of Homeland Security is aware of reports of a breach. We are currently investigating the matter.”
Parts of the Pentagon were also affected by the attack, said a U.S. official who spoke on the condition of anonymity, who added that they were not yet sure to what extent.
quote:
“The D.O.D. is aware of the reports and is currently assessing the impact,” said Russell Goemaere, a Pentagon spokesman.
This was the second time in recent years that Russian intelligence agencies had pierced the State Department’s email systems. Six years ago, officials struggled to get Russian hackers out of their unclassified email systems, at times shutting down State’s communications with its own staff in an effort to purge the system.
Then, as now, State Department officials refused to acknowledge that Russia had been responsible. In an interview with Breitbart Radio News, Secretary of State Mike Pompeo deflected the question with generalities, saying that there had “been a consistent effort of the Russians to try and get into American servers, not only those of government agencies, but of businesses. We see this even more strongly from the Chinese Communist Party, from the North Koreans, as well.”
In fact, it is the Russians who have been consistently most effective, though in this case it was not clear which State Department systems they had extracted data from or how much. A State Department spokeswoman declined to comment.
quote:
Investigators were also focused on why the Russians targeted the Commerce Department’s National Telecommunications and Information Administration, which helps determine policy for internet-related issues, including setting standards and blocking imports and exports of technology that is considered a national security risk. But analysts noted that the agency deals with some of the most cutting-edge commercial technologies, determining what will be sold and denied to adversarial countries.
Nearly all Fortune 500 companies, including The New York Times, use SolarWinds products to monitor their networks. So does Los Alamos National Laboratory, where nuclear weapons are designed, and major defense contractors like Boeing, which declined on Monday to discuss the attack.
The early assessments of the intrusions — believed to be the work of Russia’s S.V.R., a successor to the K.G.B. — suggest that the hackers were highly selective about which victims they exploited for further access and data theft.
quote:
The hackers embedded their malicious code in the Orion software made by SolarWinds, which is based in Austin, Texas. The company said that 33,000 of its 300,000 customers use Orion, and only half of those downloaded the malign Russian update. FireEye said that despite their widespread access, Russian hackers exploited only what was considered the most valuable targets.
quote:
The Cybersecurity and Infrastructure Security Agency on Sunday issued a rare emergency directive warning federal agencies to “power down” the SolarWinds software. But that only prevents new intrusions; it does not eradicate Russian hackers who, FireEye said, planted their own “back doors,” imitated legitimate email users and fooled the electronic systems that are supposed to assure the identities of users with the right passwords and additional authentication.
“A supply chain attack like this is an incredibly expensive operation — the more you make use of it, the higher the likelihood you get caught or burned,” said John Hultquist, a threat director at FireEye. “They had the opportunity to hit a massive quantity of targets, but they also knew that if they reached too far, they would lose their incredible access.”
The chief executive officers of the largest American utility companies held an urgent call on Monday to discuss the possible threat of the SolarWinds compromise to the power grid.
For the N.S.A. and its director, Gen. Paul M. Nakasone, who also heads the U.S. Cyber Command, the attack ranks among the biggest crises of his time in office. He was brought in nearly three years ago as one of the nation’s most experienced and trusted cyberwarriors, promising Congress that he would make sure that those who attacked the United States paid a price.
Multiple intelligence agencies used compromised Solarwinds software along with multiple private companies. Also voting systems used in the 2020 election:
This is a huge and embarrassing hit to cybersecurity in the US.
Posted on 12/16/20 at 11:05 am to goofball
quote:
This is a huge and embarrassing hit to cybersecurity in the US.
But our election was 100% secure. The most secure election ever in the history of mankind.
Our government can't even protect a damn nuclear plant?
Posted on 12/16/20 at 11:07 am to goofball
Everyone is gearing up for the impending war and resurrection of the military industrial complex.
Posted on 12/16/20 at 11:13 am to LegendInMyMind
quote:
But our election was 100% secure. The most secure election ever in the history of mankind.
Not sure if that was the Russians are just some assholes in the US.
Posted on 12/16/20 at 11:22 am to goofball
I have some clients that use the Orion product. They are losing their minds right now.
Posted on 12/16/20 at 11:26 am to lsufan1971
quote:
I have some clients that use the Orion product. They are losing their minds right now.
Most companies with large IT infrastructure use it. We use it here. However just because you had the compromised patch doesn't mean you were breached. The APT behind this was very targeted with who they activated the malware on. We had the compromised patch but it never beaconed out.
Posted on 12/16/20 at 11:27 am to Motorboat
quote:It needs resurrection?
resurrection of the military industrial complex
Posted on 12/16/20 at 11:29 am to goofball
Why’d you put dominion software on there? They never used solarwinds.
Posted on 12/16/20 at 11:30 am to agregime1
The picture shows it though, it has to be true.
Posted on 12/16/20 at 11:34 am to goofball
And by Russia they mean China
Gotta learn to speak leftist
Gotta learn to speak leftist
Posted on 12/16/20 at 11:41 am to Centinel
quote:
Most companies with large IT infrastructure use it
We use it too but weren't impacted.
Posted on 12/16/20 at 11:42 am to theunknownknight
quote:
And by Russia they mean China
No, it was pretty clearly Russia. APT 29 to be exact.
Posted on 12/16/20 at 12:04 pm to agregime1
quote:
Why’d you put dominion software on there? They never used solarwinds.
Right and wrong. Dominion was using an FTP software from Solarwinds, not the Orion software Solarwinds which was what was compromised.
Posted on 12/16/20 at 12:28 pm to fallguy_1978
quote:
We use it too but weren't impacted.
Some were not impacted at all. Supposedly a targeted attack.
This post was edited on 12/16/20 at 12:30 pm
Posted on 12/16/20 at 12:34 pm to dewster
quote:
Some were not impacted at all. Supposedly a targeted attack.
Correct. On top of this, the compromised software had logic to look for the existence of EDR products. If it found them, it basically deactivated itself. If it tried to beacon out and couldn't reach the infrastructure domain, it also deactivated itself. APT 29 were after a very targeted group of government and private agencies, and wanted to hold off detection for as long as possible.
Posted on 12/16/20 at 12:51 pm to goofball
quote:
was found to have been compromised by Russian hackers.
I hate how it went from the WSJ saying "Russia may have been involved" to the NYT saying it as definitive. Especially since way down in their article, they say this has not been confirmed.
Not that I care to defend Russia, and they should certainly be one of the prime suspects, I just get the feeling they determine which boogeyman to land on based on their political leanings rather than any actual evidence. China is a huge cybersecurity threat to the US, as are several other nations. It appears they would rather ignore that possibility here and just tell you with certainty that it was muh Russia.
Posted on 12/16/20 at 12:51 pm to dewster
quote:
Not sure if that was the Russians are just some assholes in the US.
It wasn't the Russians. The Russians are collectively dumb as a rock. It is the Chinese. It always has been the Chinese.
ETA: you are right about it came from within the US. We invited those asshoes in!
This post was edited on 12/16/20 at 12:53 pm
Posted on 12/16/20 at 12:53 pm to GRTiger
quote:
I just get the feeling they determine which boogeyman to land on based on their political leanings rather than any actual evidence.
Uh, no. Each APT has certain TTPs, and that becomes even more prevalent when you're talking APTs from different countries.
The TTPs used by this breach are from APT 29, which is Russian. And no, it's not just as simple as emulating another APT's TTPs.
Popular
Back to top
Follow TigerDroppings for LSU Football News