Suspected Russian Hackers Breached Department of Homeland Security (reuters.com) 55
Reuters: A team of sophisticated hackers believed to be working for the Russian government won access to internal communications at the U.S. Department of Homeland Security, according to people familiar with the matter. The breach was part of the campaign reported Sunday that penetrated the U.S. departments of Treasury and Commerce.
Must be important, it's RED! (Score:4, Funny)
Re: Must be important, it's RED! (Score:2)
You mean *grabbed*? :D
Re: (Score:2)
My best guess would be they penetrated the other departments that had limited access.
I would liken this to a hosting provider... some customer maybe set a weak password on their email account and it gets guessed and misused by unauthorized users.
The intruder "gained access" to send email on that user's behalf, but they did not "penetrate" the hosting provider.
In some kind of fashion like that... it's possible the criminals somehow got limited access to some communications through DHS systems without
"According to people" (Score:3)
"According to people familiar with the matter." Anonymous sources from security researches are often lies. That's why we say, POC||GTFO.
Re: "According to people" (Score:2)
Yeah, I always love that.
You can state whatever you want, and as soon as you add "according to anonymous sources", tadaa, It's News! Fair and balanced! I would only suggest adding "Americans think $somethingTheyDont" and "Think of the children! (Not in that way! That is reserved for us!)". ;)
I think it is realistic to assume everyone's hacking everyone at this point, mind you. Hell, isn't infiltrating the other one's anus, err, I mean surveillance organizations basically the main goal of every spying agency
This is what I spent all day on, if there are ques (Score:2)
Yeah whatever.
Anyway, this is what I and part of my team spent my day on, so if anyone has any actual questions, shoot.
Questions as in, something that involves using at least two brain cells. For anything with the word Trump in it, or suggesting that we should stick our heads in the sand and pretend attacks don't happen - it looks like you guys did the stupidness all day. Any adults have questions about how the attack was carried out or what the consequences are likely to be?
Re: (Score:3)
Anyway, this is what I and part of my team spent my day on, so if anyone has any actual questions, shoot.
OK, so how do you know it was Russians?
Re: (Score:2)
Attribution wasn't my job on this one, but this will give you an idea of how it works:
https://slashdot.org/comments.... [slashdot.org]
Note that this is what we do for a job, all day every day for however many by are (25 in my case). Which means it's not at all unusual for that random guy on Slashdot, based on nothing but a Slashdot headline, indeed couldn't make an attribution. Just like they can't reverse a malware. But this is our job, we learn how to do it, and get the information needed to do so.
Re: (Score:2)
I know how attribution works. I also know that the US government intelligence agencies lie, a lot. So again, they should show the proof or gtfo. There's no evidence here that it's Russia (I admit more evidence may have been presented since this story was released, I haven't looked).
Re: (Score:2)
You can, of course, believe what you want.
I will tell you there are thousands of professionals digging deep into this, professionals at thousands of organizations. That includes professionals who do nothing but analyze Cozy Bear, all day every day.
If DHS lied about this and said it's Cozy Bear when it's not, it'll take about 24 hours for people to start figuring that out. We do know that the attackers stayed undetected for months, in organizations with significant cybersecurity programs watching for indicat
Re: (Score:2)
We do know that the attackers stayed undetected for months, in organizations with significant cybersecurity programs watching for indicators of compromise.
Do we? How do we know?
Re: (Score:2)
We know because if we had caught them earlier, our all-nighter wouldn't have been Sunday-Monday.
If you want to think everyone in cybersecurity is lying to you, I guess to protect Hillary's source for the Trump dossier or something, that's cool. Kinda wasting your time and mine bringing your conspiracy theories to me, though.
Re: The Russians are coming! The Russians are comi (Score:2)
Look around past news comments and moderations, and laughweep.
Re: The Russians are coming! The Russians are comi (Score:2)
Re: The Russians are coming! The Russians are com (Score:2)
omg someone actually saw the movie!
The DOH? (Score:3, Funny)
The same people who have caught exactly zero terrorists?
Re: The DOH? (Score:1)
False. They have demonstably caught *minus* some number of terrorists. (In other words: Bred them.) :D
(And yeah, Russian leadership is evil too. Can you please imply that when I criticize the US? I just think they're all fuckers. Happy?)
Re: (Score:1)
And even if they did hack, the Democrats control all the media, so you'd never hear about it anyway.
Re:Trump's watch (Score:5, Insightful)
At this point it's clearly leadership incompetence at play. We've known for a while the importance of security, yet Trump neglected to have a comprehensive plan to secure these agency.
I spent more than a couple of years working as a contractor in several different US federal agencies with insight into information security policy, planning, and operations. The US President plans no discernible role in determining information security policy and implementation in these agencies. I'm not sure why you felt it necessary to comment on this matter other than to bash Trump, which really isn't the point of discussing this breach.
Let's talk about how to secure widely-used management software from hackers, or how valuable it is to *not* have "automatic updates" turned on, or whether we need new models/patterns for implementing enterprise networks that keep corporate data totally separate/walled off from users on network with Internet access (hint- yes, we do).
Let's not continue to take any/all opportunities to continue to hash/re-hash/complain ad nauseum about political issues that are barely even tenuously connected to a story posted on the forum.
Re: (Score:3)
Well, because of course if you are an unthinking partisan, when a guy you don't like is in the big chair, everything rolls up to him. However, if it's a guy you do like, he can't do any wrong and it's middle-management / incompetence / opposition sabotage / fake news that is the problem.
Reality probably falls somewhere in between. And I say that while hating the living guts of the current occupant of the White House.
Re: (Score:2, Informative)
Trump's exact words were, "..and we'll have the best cyber."
And of course that happens quickly (Score:3)
Re:Trump's watch (Score:4, Interesting)
Hey fakenews boy, you seem to be confused.
Violent crime went UP under Obama, went down under Trump through 2019.
https://www.statista.com/stati... [statista.com]
The failure of this article is a failure of Microsoft Office365 and Windows infrastructure and Solarwinds (windows based tool) and government IT boys. Don't blame a president for the decades long shitshow that is Microsoft infrastructure.
Re: (Score:3)
Re: (Score:2)
Re: (Score:1)
If presidents affect crime at all, final years are best glance? Or was something else happening. Maybe Trump years low due to Obama but lagged. Anyway, the notion that "violent crime went up under Trump" is B.S. and just a sound bite that sounded good to retard that said it.
Re: (Score:1)
also worth noting things flat until May 2020 when pandemic hit. Blame Trump, or the virus?
Re: (Score:2)
However, the DoHS would best be renamed Department of Homeland Insecurity,
Foolish assertion (Score:2)
Performance Monitoring group, not DA (Score:5, Interesting)
The initial intrusion came from subverting Solar Winds.
The attackers then used various techniques to remain undetected as they went on a rampage across the network.
Many companies use Solar Winds for monitoring and reporting, for gathering data about the network and devices and generating reports. Yet they run Solar Winds, Netwrix, and other data-gathering tools as Domain Admin! The accounts need to *read* data, but people give them *write* access to everything in the entire network. That means the bad guys got write access to anything and everything.
If you're using a monitoring tool like this, an appropriate group for the service account is the Performance Monitoring group. It has read access via wmi to do that monitoring, to gather the data and then report on it. The Domain Administrators group is the appropriate group for people who Administer your Active Directory. It's not the appropriate group for a service that needs to read logs! That's what the Performance Monitoring group is for.
If you also use Solar Winds or something similar for deploying updates, that can actually use a separate service for that part, ta least with Solar Winds it can.
Re: (Score:2)
They have been embedded (literally) in stupidities like Windows for Warships since the early 2000s. While I can sort of understand the idea of using Winhoze within an insecure civilian network, using it for military purposes and/or secure government systems is mi
APT is Coming, APT is Coming!!! (Score:1)
If you fell for the russian hack of DNC by APT28, fancy bear, identified by how they used the hacking software that all the cool russians use. The russian hackers. Several years old software that russians use...d.
Now the next APT is russians hacking various US institutions, definitely being hacked by that APT thing the russians are doing with old ukrainian hacking tools that are publicly available.
Kina disappointed at how low-information the editing on /. is these days.
Re: (Score:2)
Several years old software that russians use...d.
Half of the world by now has copies. It is used by everyone when they need a false flag.
Who to root for? (Score:2)
Evil?
Or the other evil?
Oh, I know! ME! Us!
Fight! Fight! Fight!
Popcorn for everyone!
*puts on 3D glasses*
Interesting timing (Score:3)
Christopher Krebs, who was the head of the Cybersecurity and Infrastructure Security Agency, was fired by the con artist on November 17th because he, Krebs, stated unequivocally this election was the most secure ever. This in contrast to the continuing lies by the con artist of "massive" vote fraud despite a) providing no evidence of vote fraud and b) not listing vote fraud in any of the 50 lawsuits they've filed and had slapped back in their faces by the courts as without merit.
You don't suppose the con artist put another pillow salesman in charge of this security and this is the result, do you?
Re:Interesting timing (Score:4, Informative)
You don't suppose the con artist put another pillow salesman in charge of this security and this is the result, do you?
If you bother to look up the details on what happened, you'll find Solarwinds was compromised as far back as March 2020. The hack injected malware code into Solarwinds, which was distributed as legitimate software from that point forward. You can argue that automatic updates should not be turned on, but beyond that it's difficult to pin blame on anyone who got caught in the hack. The Solarwinds Orion software that got distributed came from a "trusted" source (Solarwinds itself), had a valid digital certificate, etc. If you installed the update there was nothing to indicate it was boobytrapped unless you're doing detailed analysis of network traffic and happened to catch the C2 communications.
The real blame lies with Solarwinds, who got rooted somehow (they're saying email is involved so I suspect someone got a malicious attachment and opened it) and eventually got their source code compromised.
Ms mash and beauHD are super dupers (Score:1)
not now... (Score:2)
There was a time when this country had the balls to respond to outright acts of war by foreign powers. Not any more, though... People might have to put down their phones and actually DO something. Heaven forend!
Well, on the bright side... (Score:1)
Sophisticated cyber BS .. (Score:1)
Well then, silly Homeland Security for standardizing on Microsoft Windows to keep all their secrets on
Timing Would Be Interesting (Score:2)
But I find myself thinking about this from a larger context. With all the focus on the Russians "hacking" the 2016 election, with the implementation of CISA and the Team run by Chris Krebs in support of protecting election security, is it possible/likely that hostile agents would have effe