SolarWinds Hack Got Emails of Top DHS Officials (apnews.com) 27
Suspected Russian hackers gained access to email accounts belonging to the Trump administration's head of the Department of Homeland Security and members of the department's cybersecurity staff whose jobs included hunting threats from foreign countries, The Associated Press reported Monday, citing sources. From the report: The intelligence value of the hacking of then-acting Secretary Chad Wolf and his staff is not publicly known, but the symbolism is stark. Their accounts were accessed as part of what's known as the SolarWinds intrusion, and it throws into question how the U.S. government can protect individuals, companies and institutions across the country if it can't protect itself. The short answer for many security experts and federal officials is that it can't -- at least not without some significant changes. "The SolarWinds hack was a victory for our foreign adversaries, and a failure for DHS," said Sen. Rob Portman of Ohio, top Republican on the Senate's Homeland Security and Governmental Affairs Committee. "We are talking about DHS's crown jewels."
Re: (Score:1)
"email accounts belonging to the Trump administration's head of the Department of Homeland Security and members of the department's cybersecurity staff whose jobs included hunting threats from foreign countries,"
I hope they publish them all, especially the ones where the hunt democrats inside the country.
Sorry they don't exist ... only exist in your mind.
Encryption (Score:3)
Re: (Score:2)
This would have been their unclassified e-mail, and any e-mails sent over those channels containing CUI, FOUO, or PII would have been encrypted with a cert on their PIV/CAC.
So no, likely nothing of any value to be found in those e-mails.
Re: (Score:2)
I do not think Exchange handles encryption that well unless sending emails between non-exchange servers. That is whet you get using proprietary systems. Sadly Thunderbird seems to be going that route with encryption due toits change to embedded pgp.
But if the data was copied from saved emails, I do not know how you can stop that since most people (including Linux) relies on encrypting the full Hard Disk as opposed to encryption saved data.
Below the belt. (Score:1)
We are talking about DHS's crown jewels.
Well that's putting the squeeze on someone.
The SolarWinds hack was a victory for our foreign adversaries, and a failure for DHS
What goes around comes around. [bbc.com]
The Problem (Score:3, Informative)
I'd also like to point out that the problem wasn't with the government agencies themselves, but the capitalist, for-profit company they hired to manage this problem because government agencies are supposedly incompetent at managing these problems for themselves.
Re: (Score:2, Offtopic)
Explains a hundred different Linux distros. No single point of failure there.
Re: (Score:2)
Agreed: never put all your eggs in one basket.
Especially if they're not actually eggs because "We are talking about DHS's crown jewels."
Maybe I'm a simpleton, maybe I wasn't bribed by a lobbyist to grant a services contract to a capitalist for-profit company.
But I think the CIA, NSA, FBI and the Pentagon not only have the competence, but also the resources and knowledge to provide bulletproof cybersecurity services. But that's the thing about the DHS isn't it? Like many departments they are lead by people w
Re: (Score:2)
This. And also layers and layers of complexity... Security and complexity doesn't go well together.
Government Cloud (Score:2)
So was Microsoft's Government Cloud hacked? Those accounts should have been in the Government cloud and have MFA enabled. If not, DHS isn't following the rules. Did they catch these emails in transit somehow?
definately the issue is Microsoft software (Score:2)
... Or (Score:2)
Manufacturing more consent. Watch for a request for more budget.
Re: (Score:2)
~$600M went for federal security in the recently passed stimulus. Along with a comment mentioning that this was just a down payment.
SolarWinds ad is the post below this one lol. (Score:2)
SolarWinds is advertising software on the /. front page just under this post lol.
Re: (Score:2)
Any PR is good PR, I guess?
So now its good bye (Score:1)
at least they said 'suspected' in the headline (Score:2)
getting sick and tired of the bullshit in headlines, treating things as if verified when all we actually have are suspicions - based on info that any competent IT person knows is dodgy proof at best.
Centralising backfired eh? (Score:3)
With the kneejerk reaction to Whistleblowing creating a 'need' to centralise infrastructure control and credentials every competent IT guy saw this kind of event coming - like Steve Irwin playing with deadly animals.
What could go wrong eh?
It's bloody obvious that policy makers are scared shitless that the public is going to find out what is going on and having the evidence to know it's not a 'conspiracy theory' (except to idiots, because facts are ALWAYS conspiracy theories regardless) - and US vendor after vendor that has been trying to sell us products, including Solar Winds, really seem to be focused on 'control' and 'risk management', whilst asking you to hand it all over to them.
Re: (Score:3, Interesting)
So, what did we do? We outsourced damn near every function of government to private contractors who could do everything "better." Oh, and nevermind the fact th
DHS computer security is a joke ... (Score:1)
U.S. Department of Homeland Security Washington, DC 20528 Microsoft Enterprise License Agreement [dhs.gov]