Login/Sign up

World Association of International Studies

PAX, LUX ET VERITAS SINCE 1965
Post US Government under Cyber Attacks
Created by John Eipper on 12/20/20 3:59 AM

Previous posts in this discussion:

Post

US Government under Cyber Attacks (A. J. Cave, USA, 12/20/20 3:59 am)

In my previous post on elections hacking (written on December 10 and posted on December 11), I wrote a little about cybersecurity, hacking and warfare. I mentioned that FireEye, a Silicon Valley cybersecurity firm, had been hacked by someone (a nation-state) and something we hadn't seen before.

That, unless you have been living in a cave (literally), turned out to be the understatement of the year.

The FireEye hack turned out to be the tiny tip of a massive cyber spying iceberg ring.

On December 13, Reuters reported that (the same) hackers had gained access to several (unconfirmed publicly) US Federal Government agency networks. And it went downhill from there.

We (my private mailing list--mostly techies and mostly CTOs, one from a competitor of the IT company I am going to mention in a minute) have been hotly debating the massive hack--actually technically a state-sponsored espionage-cyber attack and even cyber warfare. Not just between us kids, but all across the technical media, the discussion of the hacking of the presidential elections as a part of or connected to this bigger massive hack has been unavoidable.

As of this writing (December 18), 18,000++ institutional and governmental entities (80%) in US have been hacked, probably starting in March 2020 and still ongoing. Among the hacked is Microsoft, who with the help of FireEye and the courts, literally went to war against the hackers overnight once the hack became known.

Here are the known sectors impacted so far, according to Microsoft (subject to increase):

IT companies: 44%

Government: 18% (including treasury, energy, homeland security, national security and health, among many more--OK, almost all)

Think Tanks/NGOs: 18%

Government contractors: 9% (including defense and national security)

Other: 11%

After spending tens of billions of dollars to secure our networks from cyber attacks in the last few years, this sure makes us look like newbies.

Note:

As a precaution, I never include any links and I hope that John and others just do an online search, if interested, but skip the temptation of adding any links, because WAIS is not secure and many communications networks (like AT&T) have been impacted. Microsoft has the best technical explanation on their website: clever and simple.

Nitty gritty:

Company at the eye of the storm: SolarWinds--an IT network infrastructure management company out of Austin, Texas

Competitors: IBM, CISCO, Micro Focus (old HP software), Microsoft, and a few others

Name of infected software: Orion network monitoring (gives you a bird's eye view of what's happening across your network)

Type of software: proprietary (black box vs open source, used by IBM and others)

Name of malware: solorigate (called starburst by Microsoft)

Type of infection: software supply-chain

Explanation: This has to do with how big software systems are built. These systems are built in components by various groups--inside or outside a company--and the integrated into a big package and if everything works (compiles), then it is deployed in the field and used by customers. It is a lot like preparing a Thanksgiving feast by buying foodstuff from various grocery and specialty stores and combining to make the giant meal.

By using the software supply-chain, these boys and girls infected one source (SolarWinds Orion network management) and once that update version was released to 33,000++ customers around the world (10%+ of their customer base), at least 18,000++ were activated.

Total number of customers who could have been infected, if the hack had remained hidden: 300,000+

When: the malware was added between March and June (when we went into national lockdown)

Deleted page from SolarWinds website: "...all the 5 branches of US military are customers..."

Why SolarWinds? Their product is cheaper (and obviously lower quality) than their competitors

When did SolarWinds know about the malware in their Orion software?

Unknown. On December 7, a week before the news hit the fan, their CEO resigned and two of their major investors, Silver Lakes and Thomas Bravo, two Silicon Valley private equity firms, sold $286 million worth of stocks. Silver Lake, $157.5 million, Thomas Bravo, $128.3 million. They claim they didn't know. The stock took a dive after the hack became public. Lawsuits are being filed and SEC insider trading investigation is next.

Microsoft role: SolarWinds builds on Microsoft's Windows operating system, while IBM and others use Linux. When Microsoft was hacked too, the malware probably made its way to their customers base (denied by MS). 40 of their big customers in UK, Belgium, Canada, Israel, Mexico and Spain are being notified.

CISA advisory: CISA, if you are good with acronyms, is the US Cybersecurity and Infrastructure Security Agency, who said that the 2020 elections were the most secure in the [US] history. Here is their advisory about this hack: "This threat poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organization." Duh.

Was Dominion hacked? They say no, even when nobody asked them.

White House response: Nothing so far

Government agencies' responses: Nothing official yet

Who did this? It is still ongoing. Fingers point in the direction of Russia. They used the software supply-chain method in 2016 in Ukraine (Notpetya virus).

What's the damage? No one knows. They have been roaming around freely in our public and private networks without being detected, probably since March 2020. But, I spy, you spy, we all spy. The unknown is what they exactly did and why and how we are going to respond, now that we know.

Is this a cyber attack? yes.

Is this cyber attack an act of war? Espionage is not normally considered reconnaissance. If we think of this as cyber military reconnaissance, then yes.

Did they get the nuclear launch codes? With my fingers crossed behind my back: No, the codes are on a classified network. Only declassified networks were attacked. But who knows, if the attack hadn't been detected.

JE comments:  This is very alarming, especially the part about the military relying on an off-the-shelf product for its most sensitive information.  A. J., you always give great explanations of techy stuff, so here's a question of immediate relevance to Little ol' WAIS.  Why is it dangerous to repost links?  Is the risk limited to links containing malware, or is there a wider danger I'm unaware of?  For example, isn't it safe to put up a Wikipedia link?


SHARE:
Rate this post
Informational value 
Insight 
Fairness 
Reader Ratings (0)
0%
Informational value0%
Insight0%
Fairness0%

Visits: 307

Comments/Replies

Please login/register to reply or comment: Login/Sign up

  • The Dangers of Clicking on Links: A Primer (A. J. Cave, USA 12/21/20 4:23 AM)
    Before I unpack the dangers of clicking on a link (URL) in an unsecure environment like "little ol' WAIS," I ought to clarify couple of misconceptions.

    My comment about the US military branches being SolarWinds customers, didn't mean they are using off-the-shelf software. The Orion network management software is a proprietary piece of software that runs on Microsoft's Windows operating system.


    Mini OS Primer (optional reading):


    An operating system [OS] is like the big bad boss that controls everything that happens on a device (a piece of hardware). There are five main operating systems:


    Linux (open source)


    Microsoft Windows (proprietary, on almost all PCs)


    Apple macOS (proprietary, competitor of Windows in the Apple universe)


    Google Android (open, mobile operating system for android smartphones, based on Linux)


    Apple iOS (proprietary, mobile operating system for iPhones)


    The majority of mission-critical (really important stuff) software is written for Linux, mostly because it is open source, meaning it has been debugged by bazillion developers for free.


    Apple macOS doesn't have a big enterprise mission-critical footprint, and Google is trying hard, but the big desktop OS players are Linux and Windows. And as God and everyone else knows, Windows is buggy and crappy, but certainly not cheap. That's why Bill Gates is one of the richest people on earth. The advantage of developing something on top of Windows OS is that Windows is already in a lot of (almost all) enterprises, so it's an easier sale, because there is already a sales relationship in place.


    In the mobile world (the future), Apple and Google dominate the OS market, with Microsoft being a bit player.


    About [hyper]links:


    Now, why reposting and clicking on email links is bad:


    How many times you have gotten official-looking emails from a bank or a credit card company or Yahoo that says "we have suspended your account, clink [here] to verify your information"? How do you think they got your email or your information?


    Or, how many times you have heard of some unsuspecting soul clicking on a link or opening an attachment that crashed the entire networks of companies? Or hacked various organizations?


    In plain (accented) English, a website (like the WAIS website) is like a house that is built and lives on a server (a physical computer) somewhere. I don't know where WAIS website moved after it left the Stanford University servers. But wherever it is physically located, waisworld.org is like the street address of that house.


    The WAIS posts, in form of emails sent to WAISers and posted on the website, are mini websites themselves. When those emails are sent out daily, they "travel on various roads" to get to the email inboxes of WAISers. Those roads are the various networks, like AT&T, or T-Mobile, or others, and in case of networks outside of US, the emails are handed off to international network operators, like BT, or Vodafone, or Telefonica, or Orange, or NTT Docomo, and the rest. The way the emails travel on these roads (networks) vary from riding private cars (secure networks, difficult to hack), limousines, taxis, gypsy cabs (unsecure, easily hacked), or whatever Lyft is available.


    Now, if these emails (mini websites) contain links (hyperlinks) to third-party content, you actually really don't know where clicking on that link would take you, because you can't see the code that is generating that link. That goes for clicking on images too.


    That link could be "phishing," meaning it would take you to a fake website, grab some information off your device, and then redirect you to the real site, without you realizing it.


    Or, the link could take you to a website that would immediately infect your computer with a malware or virus (really bad stuff), that could lock down your computer for ransomware, or download a keylogger (something that captures your every key stroke and send them along to someone).


    Those really creepy long links, even if they are links to legit websites, have a lot of tracking code attached to the actual link to track that link wherever it goes and report back to the tracking software, usually for a fee (or alternatively, for targeting those readers directly with similar stories). It works like this: somebody reads something on a website and puts the link to that piece in her email and sends it to a group. If, let's say, 10 people click on that link, the website gets a report and charges the advertiser for 11 views--the original reader and the 10 who clicked on her link, instead of just the original reader.


    The big danger with links has to do with how those emails (content) are actually sent across the networks. The way we actually send content and information around on networks is a bit complicated. Everything digital is either a zero or a one--on or off--and the way they are shuffled around is by breaking them into smaller packets for speed and efficiency and distribute the load across the networks evenly. Each packet has a head and a tail. These packets could take various routes depending on the traffic cops (routers) that are directing the traffic in the networks. When these packets arrive at their destination, they are reassembled into the original format by matching those heads and tails. If these routes are open and unsecure, any virus can attach itself to those packets without the sender or receiver of the emails knowing. It's like driving in muddy waters. Your car gets muddy no matter how good a driver you are.


    To avoid getting held up by highway robbers or getting muddy, you can travel in an armored car. That's what is called end-to-end encryption. The email and everything in it is locked before it is sent out and is unlocked at the destination. But that doesn't still make the link inside the email any safer.


    A lot of emails and a lot of links from trusted sources, like Wikipedia, are usually fine. But they can easily be corrupted and sometimes it is hard to tell the difference. So, no good reason to risk it.


    JE comments:  Many thanks for your patient explanation, A. J.  I do check every link/URL that goes into a WAIS post, primarily to ensure that it works.  I also cull out anything that looks suspicious.  But the malefactors are clever at outsmarting even the most vigilant--and I'm anything but a techy guy.


    This is a good opportunity to remind WAISers of our editorial "norms" (I should republish them soon):  Please, no more than three links in a post, unless more are absolutely necessary.


    Please login/register to reply or comment:


Trending Now



All Forums with Published Content (44645 posts)

- Unassigned

Culture & Language

American Indians Art Awards Bestiary of Insults Books Conspiracy Theories Culture Ethics Film Food Futurology Gender Issues Humor Intellectuals Jews Language Literature Media Coverage Movies Music Newspapers Numismatics Philosophy Plagiarism Prisons Racial Issues Sports Tattoos Western Civilization World Communications

Economics

Capitalism Economics International Finance World Bank World Economy

Education

Education Hoover Institution Journal Publications Libraries Universities World Bibliography Series

History

Biographies Conspiracies Crime Decline of West German Holocaust Historical Figures History Holocausts Individuals Japanese Holocaust Leaders Learning Biographies Learning History Russian Holocaust Turkish Holocaust

Nations

Afghanistan Africa Albania Algeria Argentina Asia Australia Austria Bangladesh Belgium Belize Bolivia Brazil Canada Central America Chechnya Chile China Colombia Costa Rica Croatia Cuba Cyprus Czech Republic Denmark East Europe East Timor Ecuador Egypt El Salvador England Estonia Ethiopia Europe European Union Finland France French Guiana Germany Greece Guatemala Haiti Hungary Iceland India Indonesia Iran (Persia) Iraq Ireland Israel/Palestine Italy Japan Jordan Kenya Korea Kosovo Kuwait Kyrgyzstan Latin America Liberia Libya Mali Mexico Middle East Mongolia Morocco Namibia Nations Compared Netherlands New Zealand Nicaragua Niger Nigeria North America Norway Pacific Islands Pakistan Palestine Paraguay Peru Philippines Poland Polombia Portugal Romania Saudi Arabia Scandinavia Scotland Serbia Singapore Slovakia South Africa South America Southeast Asia Spain Sudan Sweden Switzerland Syria Thailand The Pacific Tunisia Turkey Turkmenistan UK (United Kingdom) Ukraine USA (America) USSR/Russia Uzbekistan Venezuela Vietnam West Europe Yemen Yugoslavia Zaire

Politics

Balkanization Communism Constitutions Democracy Dictators Diplomacy Floism Global Issues Hegemony Homeland Security Human Rights Immigration International Events Law Nationalism NATO Organizations Peace Politics Terrorism United Nations US Elections 2008 US Elections 2012 US Elections 2016 US Elections 2020 Violence War War Crimes Within the US

Religion

Christianity Hinduism Islam Judaism Liberation Theology Religion

Science & Technology

Alcohol Anthropology Automotives Biological Weapons Design and Architecture Drugs Energy Environment Internet Landmines Mathematics Medicine Natural Disasters Psychology Recycling Research Science and Humanities Sexuality Space Technology World Wide Web (Internet)

Travel

Geography Maps Tourism Transportation

WAIS

1-TRIBUTES TO PROFESSOR HILTON 2001 Conference on Globalizations Academic WAR Forums Ask WAIS Experts Benefactors Chairman General News Member Information Member Nomination PAIS Research News Ronald Hilton Quotes Seasonal Messages Tributes to Prof. Hilton Varia Various Topics WAIS WAIS 2006 Conference WAIS Board Members WAIS History WAIS Interviews WAIS NEWS waisworld.org launch WAR Forums on Media & Research Who's Who