Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 16 submissions in the queue.
posted by janrinok on Wednesday July 10, @01:23PM   Printer-friendly

Propublica report July 8, 2024 https://www.propublica.org/article/cyber-safety-board-never-investigated-solarwinds-breach-microsoft

"After Russian intelligence launched one of the most devastating cyber espionage attacks in history against U.S. government agencies, the Biden administration set up a new board and tasked it to figure out what happened — and tell the public."

"The intruders used malicious code and a flaw in a Microsoft product to steal intelligence from the National Nuclear Security Administration, National Institutes of Health and the Treasury Department in what Microsoft President Brad Smith called "the largest and most sophisticated attack the world has ever seen.""

"A full, public accounting of what happened in the Solar Winds case would have been devastating to Microsoft. ProPublica recently revealed that Microsoft had long known about — but refused to address — a flaw used in the hack. The tech company's failure to act reflected a corporate culture that prioritized profit over security and left the U.S. government vulnerable, a whistleblower said."


Original Submission

This discussion was created by janrinok (52) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 5, Insightful) by Runaway1956 on Wednesday July 10, @01:30PM (4 children)

    by Runaway1956 (2926) Subscriber Badge on Wednesday July 10, @01:30PM (#1363645) Journal

    At this point in time, only stupidity allows vital information to be connected to the World Wide Web. Stupidity, laziness, cheapness, and complacency. Air gapping is at least a partial solution. Or building a separate infrastructure that doesn't connect back to the web. Or, maybe relying on paper instead of digital communications.

    If everyone in the world can connect to your outward facing servers, it's only a matter of time until someone gets inside. Disconnect those outward facing servers from the network holding vital information. Allow actual security experts to decide on the infrastructure, not the MBAs.

    --
    A MAN Just Won a Gold Medal for Punching a Woman in the Face
    • (Score: 5, Interesting) by canopic jug on Wednesday July 10, @01:43PM

      by canopic jug (3949) Subscriber Badge on Wednesday July 10, @01:43PM (#1363646) Journal

      There's that. Then, like in the article, is the additional problem of some people still running Windows:

      [...] A full, public accounting of what happened in the Solar Winds case would have been devastating to Microsoft. ProPublica recently revealed [propublica.org] that Microsoft had long known about — but refused to address — a flaw used in the hack. The tech company’s failure to act reflected a corporate culture that prioritized profit over security and left the U.S. government vulnerable, a whistleblower said.

      Once again, an administration covers over problems inherent to the cult of M$, mistaking it for a "tech company". At this point the M$-based ransomware industry is getting so vast [nbcnews.com] that it could join regular businesses and hire lobbyists, and bring us a whole additional set of problems.

      What would be truly interesting would be to get some daylight onto the gag clauses presumably in the maintenance contracts which the government, large businesses, and schools sign with M$.

      --
      Money is not free speech. Elections should not be auctions.
    • (Score: 4, Interesting) by Username on Wednesday July 10, @02:42PM

      by Username (4557) on Wednesday July 10, @02:42PM (#1363653)

      It's either that, feds putting stuff online when they shouldn't, or the hack didn't get anything sensitive, and they just want to shout russia, russia, russia and It is Trumps fault since he colluded with them.

    • (Score: 4, Informative) by Gaaark on Thursday July 11, @12:38AM

      by Gaaark (41) on Thursday July 11, @12:38AM (#1363705) Journal

      At this point in time, only stupidity allows vital information to be connected to the World Wide Web

      At this point in time, only stupidity allows vital information to be handled by Microsoft O/S's and programs. Windows is a gaming platform at best.

      --
      --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
    • (Score: 2, Insightful) by shrewdsheep on Thursday July 11, @07:30AM

      by shrewdsheep (5215) on Thursday July 11, @07:30AM (#1363738)

      Air gapping is at least a partial solution.

      Only that there is no such thing. Everything is - and has to be - connected via some sort of network. The times when USB-stick were carried around are over and arguably that was not for the bad security-wise.

      The answer is network segmentation and security elevation. Important resources have to be isolated in a separate network which can only be accessed by security elevation. These concepts can be layered for more critical infrastructure. The important lesson is that the work is never done. Infrastructure has to be permanently scanned for technical and social engineering holes and measures for instant network separation have to be in place. ... and backups....

  • (Score: 4, Interesting) by ikanreed on Wednesday July 10, @01:55PM (3 children)

    by ikanreed (3164) Subscriber Badge on Wednesday July 10, @01:55PM (#1363647) Journal

    Perhaps the Russians used a government-mandated backdoor and the desire to prevent embarrassment is the underlying cause here.

    • (Score: 4, Insightful) by canopic jug on Wednesday July 10, @02:10PM (2 children)

      by canopic jug (3949) Subscriber Badge on Wednesday July 10, @02:10PM (#1363649) Journal

      Well, there were reports going back decades that if m$ is informed of a bug, especially an exploitable one, and before exploits run rampant in the wild, they sell it to various three-letter agencies and leave it unpatched for as long as they can get away with. Even then, after trying to patch one, it usually takes two or three tries to get it right.

      FSB, FBI, NSA, CIA, etc.

      --
      Money is not free speech. Elections should not be auctions.
      • (Score: 2) by aafcac on Wednesday July 10, @05:16PM (1 child)

        by aafcac (17646) on Wednesday July 10, @05:16PM (#1363667)

        Which is rather stupid because any bug that the 5 eyes can make use of is a bug that the rest of the world can make use of. It's why it's so important for the NSA to actively look for these things and pass the information on to the relevant organization to fix as quickly as possible. It can be incredibly hard to determine if a bug has yet to be exploited or if you just haven't identified anybody that is exploiting it.

        • (Score: 2) by canopic jug on Wednesday July 10, @06:46PM

          by canopic jug (3949) Subscriber Badge on Wednesday July 10, @06:46PM (#1363674) Journal

          Yes, any bug that the five eyes can make use of is something everyone else can and will make use of, too. However, near as I can tell neither m$ nor the agencies privy to the bugdoors care even a little bit about that. It certainly looks like they only care if they themselves can get in and truly don't care at all the side effects.

          --
          Money is not free speech. Elections should not be auctions.
  • (Score: 4, Interesting) by quietus on Wednesday July 10, @02:24PM (2 children)

    by quietus (6328) on Wednesday July 10, @02:24PM (#1363651) Journal

    Here's the list of the 'volunteers' who man that cybersecurity board:

    • Robert Silvers, Under Secretary for Policy, Department of Homeland Security (Chair) 
    • Heather Adkins, Vice President, Security Engineering, Google (Deputy Chair)
    • Dmitri Alperovitch, Co-Founder and Chairman, Silverado Policy Accelerator and Co-Founder and former CTO of CrowdStrike, Inc.
    • Harry Coker, Jr., National Cyber Director, Office of the National Cyber Director
    • Jerry Davis, Microsoft, Customer Security Officer
    • Mike Duffy, Acting Federal Chief Information Security Officer, Office of Management and Budget 
    • Jeff Greene, Acting Executive Assistant Director for Cybersecurity, Cybersecurity and Infrastructure Security Agency
    • Jamil Jaffer, Venture Partner, Paladin Capital Group and Founder and Executive Director, National Security Institute, GMU Scalia Law School 
    • Rob Joyce, Owner, Joyce Cyber LLC.
    • Chris Krebs, Chief Intelligence and Public Policy Officer, Sentinel One
    • David Luber, Director, Cybersecurity Directorate, National Security Agency
    • Marshall Miller, Principal Associate Deputy Attorney General, Department of Justice
    • Katie Nickels, Senior Director of Intelligence Operations, Red Canary
    • Bryan Vorndran, Assistant Director, Cyber Division, Federal Bureau of Investigation
    • (Score: 4, Touché) by quietus on Wednesday July 10, @02:35PM

      by quietus (6328) on Wednesday July 10, @02:35PM (#1363652) Journal

      Ofcourse, that's just stage one of "Look over there". Stage two is the good-old-tried-and-trusted method of not to give any powers at all to whoever capable, by an unfortunate set of circumstances, might end up in there: no budget, and no power to subpoena.

      If you wonder where you might have heard this one before, do not think further than the events leading up to the Great Recession in 2008 (and beyond). It's a bit like that little event in the financial sector didn't incur damage enough: let's go and look for an industry where we can have even more disastrous results by using the exact same method of oversight and regulation.

    • (Score: 2) by Gaaark on Thursday July 11, @12:46AM

      by Gaaark (41) on Thursday July 11, @12:46AM (#1363706) Journal

      Dmitri Alperovitch:
      Born in Moscow in the Russian SFSR, a constituent republic of the Soviet Union, Alperovitch came to the U.S. at age 13 in 1994.

      --
      --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
  • (Score: 2) by Username on Wednesday July 10, @02:52PM (3 children)

    by Username (4557) on Wednesday July 10, @02:52PM (#1363655)

    Not sure how this benefits Russia. Did they straight up admit it as a tit for tat thing? I would think it benefits the deep state, Ukraine or some other entities wanting the US more involved in foreign wars.

    • (Score: 4, Interesting) by khallow on Wednesday July 10, @06:54PM (2 children)

      by khallow (3766) Subscriber Badge on Wednesday July 10, @06:54PM (#1363676) Journal

      Not sure how this benefits Russia.

      8-9 months of covert access to large parts of the US government and NATO allies? You really not sure how that benefits Russia?

      I would think it benefits the deep state, Ukraine or some other entities wanting the US more involved in foreign wars.

      Ask the same question of these. How does it benefit the deep state, Ukraine, etc?

      My take is that a real pretext for those groups would be a lot more straight-forward, short, and heinous. Like crashing planes or disrupting hospital equipment. For a historical example of such pretexts, Nazi Germany conducted a number of staged, fake attacks on its own land to create a propaganda casus belli for invading Poland. A key one was staging an attack on a German radio station. While the propaganda angle had been planned out earlier, the people actually tasked [yale.edu] with carrying it out were given much less time.

      On or about 10 August 1939 the Chief of the Sipo and SD, Heydrich, personally ordered me to simulate an attack on the radio station near Gleiwitz, near the Polish border, and to make it appear that the attacking force consisted of Poles. Heydrich said: 'Actual proof of these attacks of the Poles is needed for the foreign press, as well as for German propaganda purposes.' I was directed to go to Gleiwitz with five or six SD men and wait there until I received a code word from Heydrich indicating that the attack should take place. My instructions were to seize the radio station and to hold it long enough to permit a Polish-speaking German, who would be put at my disposal, to broadcast a speech in Polish. Heydrich told me that this speech should state that the time had come for the conflict between the Germans and the Poles and that the Poles should get together and strike down any Germans from whom they met resistance. Heydrich also told me at this time that he expected an attack on Poland by Germany in a few days.

      The staged attack on the radio station was conducted three weeks later on August 31 and the invasion of Poland occurred the next day. They weren't interested in a long, drawn-out affair. Similarly, they acted right after the fake provocation. And finally, an attack on a radio station though it would be dumb, if it had actually happened is something that the general public can grasp.

      So if some other group interested in greater hostilities with Russia were involved, I think the whole thing would have been compressed time-wise with harm that was far easier for the general public to grasp. Not some vague "Russia broke into a bunch of our machines for the better part of a year". And it would have been followed quickly by the escalation, not an inconclusive report three and a half years later.

      • (Score: 2) by Username on Wednesday July 10, @11:48PM (1 child)

        by Username (4557) on Wednesday July 10, @11:48PM (#1363701)

        I just skimmed the article, it's from 2020. Which makes more sense now considering the 2022 invasion. They did it right after the election.

        • (Score: 2, Interesting) by khallow on Thursday July 11, @12:09AM

          by khallow (3766) Subscriber Badge on Thursday July 11, @12:09AM (#1363702) Journal
          Interesting timing that the breach was reported after the 2020 election. Certainly doesn't seem like something the deep state would do given its alleged hostility to Trump. It would have made for a significant October surprise to leak it.
  • (Score: 4, Touché) by Rosco P. Coltrane on Wednesday July 10, @06:55PM (1 child)

    by Rosco P. Coltrane (4757) on Wednesday July 10, @06:55PM (#1363677)

    Microsoft won't suffer any sort of consequences. 200% certain. Because giant big data monopolies are above the law and untouchable.

    • (Score: 2) by RS3 on Thursday July 11, @04:07AM

      by RS3 (6367) on Thursday July 11, @04:07AM (#1363724)

      And when the law (agencies, govt., etc.) are all based on Microsoft software, those agencies might be hesitant to mess with Microsoft.

  • (Score: 4, Interesting) by sjames on Thursday July 11, @03:47AM (2 children)

    by sjames (2882) on Thursday July 11, @03:47AM (#1363721) Journal

    I used Solarwinds at one time because in that time, if you had a bandwidth dispute with one of your upstreams, you better have Solarwinds data on the uplink port if you want it resolved.

    But I diodn't really trust it or any of the other management schemes so it only had read only access to router stats. That's why I didn't need to panic when I heard that Solarwinds was compromised.

    It gives me probably more than a reasonable amount of satisfaction and amusement that a similar mindset is why Galactica wasn't disabled like the rest of the Colonial defenses in the reboot.

    • (Score: 2) by ElizabethGreene on Thursday July 11, @12:54PM (1 child)

      by ElizabethGreene (6748) Subscriber Badge on Thursday July 11, @12:54PM (#1363754) Journal

      I used MRTG for this function about 15 years ago. One of the pieces of code I'm genuinely proud of was that adding a device to our CMDB (an in-house app developed in ColdFusion MX) would automatically add it to Nagios==Netsaint and generate MRTG graphs for it.

      • (Score: 2) by sjames on Thursday July 11, @10:05PM

        by sjames (2882) on Thursday July 11, @10:05PM (#1363822) Journal

        MRTG was superior to Solarwinds in many ways, but for some reason, it's output was less readily taken as definitive in a dispute.

  • (Score: 2) by ElizabethGreene on Thursday July 11, @12:49PM

    by ElizabethGreene (6748) Subscriber Badge on Thursday July 11, @12:49PM (#1363753) Journal

    My understanding is the underlying flaw is that attackers were able to steal the certificate used to sign the SAML tokens off the ADFS server. Like stealing the signing key off your PKI CA, that's a game over flaw.

    Is that right?

(1)