UK Use of Software Linked To Russia-Hack Runs Deep (bloomberg.com) 29
The little-known Texas software company that's been attacked by suspected Russian hackers has a sprawling reach among U.K. government agencies, potentially putting clients from the National Health Service to police forces at risk. From a report: SolarWinds, which fell victim to hackers who put a "backdoor" in the software giving them access to users' computer networks, has been deployed by the U.K.'s Ministry of Justice and the intelligence and security organization GCHQ. Procurement records also show that police forces from Scotland to Cornwall have also used the software. The Home Office, which oversees policing, posted a job opening for a software engineer for the "implementation of a fully resilient platform and architecture SolarWinds Orion monitoring system based upon the upgrade of the existing installation" in 2018. "We are continuing to investigate this incident and have produced guidance for SolarWinds' Orion suite customers," said a spokesperson for the U.K. National Cybersecurity Centre. Representatives for the Home Office and the Ministry of Justice referred requests for comment to the NCSC. "We have issued a high severity alert to the NHS which explains the action to take to mitigate this threat," a spokesperson for NHS said in a statement. "We have been working closely with the National Cyber Security Centre to investigate this issue robustly. So far, we have no indication of any malicious activity, but our investigation is ongoing."
I mean the Russia link, by the way. (Score:2)
Just because I noticed that might not be clear.
Re: (Score:2)
Don't take this the wrong way, but that is some serious guy-mumbling-to-himself-on-the-subway gibberish.
Seriously. Did he have a stroke? (Score:2)
Quoting Barefoot:
-- ...
"To actually us, I of course mean. Not to some FISA something where the emerging clowns
You're OK with me just calling you The Other North Korea now?
--
I have no idea what he's trying to say. To actually us emerging clowns? I'm concerned. Barefoot, if you decided to stop taking your medication, as I friend I say you may want to reconsider that. If you weren't on medication, I urge you PLEASE see your doctor ASAP because something is really wrong. You may have had a stroke.
Re: (Score:2, Interesting)
Are you having a stroke?
Re:It's indeed amazing, how deep something can run (Score:4, Interesting)
It's indeed amazing, how deep something can run that is deliberately never proven with evidence. To actually us, I of course mean.
I'm curious - can you give examples of concrete things would count as evidence for you? I've heard lots of people say what they wouldn't consider as valid evidence, but rarely what they would consider as evidence. Would you believe it if you see server logs that show access from IP addresses associated with APT29? (what kind of presentation of those logs would you trust?) Would you believe it if you saw a "(c) 2013 Cozy Bear" comment in the PE header? These are ridiculous examples, of course. I'm hoping you could fill in something that makes more sense.
I'm just trying to get some examples from you, any.
I'm conceptually interested if there exist any forms of evidence which you would believe? If there are such forms, you should be able to give an example form of evidence that you'd believe? If there are no forms of evidence that you'd believe, and yet it's possible that Russian hacking is happening, then it'd be disingenuous of you to complain that a given piece of evidence isn't good enough. You'd need instead to rethink how you'd approach a world where the answer to a question is important but you have no way of knowing what the answer is. (or, you should be following a different tack, and explaining to people why it's not important to know whether Russia is hacking the US government).
Re: (Score:2)
"I'm conceptually interested if there exist any forms of evidence which you would believe?"
That seems disingenuous to me. Evidence is contextualized, forms don't lead to automatic proof.
We could talk of convincing evidence, but what's convincing? That depends on context too.
In this case we'd have to start with a clear exposition of all the evidence before we can consider it's value. I'm not seeing that. So I think it's fair to say there's not only a lack of evidence ...
"to know whether Russia is hacking the
Re: (Score:2)
In this case we'd have to start with a clear exposition of all the evidence before we can consider it's value.
Not so.
If someone has a bar for what they would consider acceptable evidence, then it should be trivial for them to give examples of the kind of evidence that would satisfy their bar. We certainly don't need to start with evidence and then evaluate its value.
If they have a bar but can't come up with any examples that would satisfy their bar? -- then they likely don't have a bar at all, but are just saying a blanket "no" to everything.
It's like when you do a drug trial. You tell the FDA in advance what bar w
Re: (Score:2)
"It's like when you do a drug trial. You tell the FDA ... "
I don't think medical research is a good analogy.
I'd look towards the legal system. Looking at things like credible expert witnesses, clear presentation of evidence, and proof beyond reasonable doubt.
In this case we'd have to start with a clear exposition of all the evidence before we can consider it's value.
Not so.
Not so? If we want to consider this case we look at the evidence in this case.
Little known....? (Score:1)
Backdoors (Score:4, Insightful)
To all politicians in the world: this is what happens if you have backdoors. It does not matter who installed or required them.
Maybe, just maybe, this is an opportunity for people to learn something.
Re: (Score:2)
This x 10000000000000000000000.
What scares me more is that the politicians actually believe any back doors provided to the government would be kept secret because well, it is the government.
Re: (Score:3)
> To all politicians in the world: this is what happens if you have backdoors
Not THAT kind of backdoor, Bill. Put down the lube.
Re: (Score:2)
Maybe, just maybe, this is an opportunity for people to learn something.
Yes, people... but what about politicians? ;)
Re: (Score:1, Troll)
Why not both? Russians are vodka soaked losers who ruined their own country many times over. They are weak willed, spineless cowards who bend over and lick the boot of any so-called "strong man" who comes along, from Lenin to Putin they never met an autocrat whose backside they won't tongue bathe.
So they find some drink addled idiots and slap them around a bit, keep them off the sauce for a while and tell them "You can get drunk again once you hack those westerners." Like monkeys at the proverbial typewrit
Re: (Score:3)
Russians may be vodka-soaked losers. But there's an old story about the two campers and the bear. You don't have to be faster than the bear. You just have to be faster then your buddy.
The back doors are there. Russians just found them first.
Re: (Score:2)
Sure, if you are willing to bash Russians, you can help. They love it. It validates their twisted world view. And besides that, it's fun!
It's not just SolarWinds (Score:3, Insightful)
The agency also acknowledged Thursday that the hackers used "tactics, techniques and procedures that have not yet been discovered," adding that it is continuing to investigate whether, and how, other intrusion methods may have been used since the campaign began months ago.
So yeah, this is a much bigger deal than first reported. Needless to say, the con artist has not said one word about this attack, especially since it has apparently emanated from his buddy in Russia.
Re:It's not just SolarWinds (Score:4, Insightful)
I'd bet that they used the SolarWinds hack to get in, then, once in, used older, more traditional hacks to hop from system to system.
Re: (Score:2)
Depends on how you interpret "victims appeared to have been breached despite never using the problematic software."
If by "victim" you mean "user", sure. If by "victim" you mean, "organization owning the network," that's a different kettle of fish.