Conversation
Notices
-
Looking like it was an "inside" job...
Microsoft, SolarWinds Face New Criticism Over Russian Breach of US Networks Slashdot
https://nu.federati.net/url/279187
>After Russia's massive breach of both government and private networks in the U.S., American intelligence officials "have expressed anger that Microsoft did not detect the attack earlier
>But new criticisms are also falling on SolarWinds:
>Some of the compromised SolarWinds software was engineered in Eastern Europe, and American investigators are now examining whether the incursion originated there, where Russian intelligence operatives are deeply rooted.... SolarWinds moved much of its engineering to satellite offices in the Czech Republic, Poland and Belarus, where engineers had broad access to the Orion network management software that Russia's agents compromised. The company has said only that the manipulation of its software was the work of human hackers rather than of a computer program. It has not publicly addressed the possibility of an insider being involved in the breach.
>
>None of the SolarWinds customers contacted by The New York Times in recent weeks were aware they were reliant on software that was maintained in Eastern Europe. Many said they did not even know they were using SolarWinds software until recently.
>...
- LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} repeated this.
-
Now I'm wondering even more if this will be a death blow for #SolarWinds. It seems like this network security company was more interested in keeping their costs down than on being secure.
-
> At a minimum it has set off alarms about the vulnerability of government and private sector networks in the United States to attack and raised questions about how and why the nation’s cyberdefenses failed so spectacularly.
Maybe overconnection (connecting some functions which need not be connected) and being too reliant on a small number of vendors? Monopolies and monocultures are bad.
Ever since the days of "Genuine Advantage", I've been thinking that every nation-state on the planet must be trying to get their agents into Microsoft. Imagine the data that they collect (at one point, they even acknowledged that they might upload files and documents from a Windows computer in order to check for violations of their or their partners' rights) and the potential for remote access.
Now, with a small number of vendors' security appliances having ultimate access in every large organization's network, they don't even particularly need to plant spies in Redmond.
-
> The plans would give Russia a hit list of systems to target to keep power from being restored in an attack like the one it pulled off in Ukraine in 2015, shutting off power for six hours in the dead of winter. Moscow long ago implanted malware in the American electric grid, and the United States has done the same to Russia as a deterrent.
There's an example. Knowing how unreliable computers (hardware, but especially the software that runs on the hardware) and networks can be, shouldn't a prudent energy business have the ability to start and run its systems completely without advanced technology?
Why would they make the grid vulnerable to malware, when they know how malware derailed Iranian nuclear processing?
-
> Employees say that under Mr. Thompson, an accountant by training and a former chief financial officer, every part of the business was examined for cost savings and common security practices were eschewed because of their expense. His approach helped almost triple SolarWinds’ annual profit margins to more than $453 million in 2019 from $152 million in 2010.
That's the sort of thing I used to hear about Yahoo. Then, years later, they revealed a series of penetrations, including one that required every single Y! account to change its password. My memory is that the biggest one was revealed during Verizon's purchasing process, and that VZ reduced its price as a result.