Disappointing, the article doesn't say anything new or untold beyond some minor personal details about the people involved and the fact that people repeatedly missed major clues because they weren't talking to each other.
Also, the article repeatedly insinuates that the attack was traced to the Russian government, in fact it says it so often a casual reader could be forgiven for thinking they had proof. But a careful reading shows that they have absolutely no idea who did the SolarWinds hack. The link to the SVR is simply that Kevin Mandia has a "hunch" based on "pattern recognition" from his work in the 1990s. Not only is no proof presented, they don't even have anything that could be called evidence.
Writeups of hacks are always like this nowadays. It's the Russians. How do we know it's not the Chinese, or the Americans, or the British? We don't but if we say it's the Russians everyone will be on our side, so let's roll with that.
I really wish journalists would not try to manipulate readers like that. It'd be more honest to say they don't know. Trying to slip a completely made up SVR connection past the readers like that implies the rest of the article might just be spin too.
I was watching the news last night, and apparently, not only they're pretty sure it was Russia that bombed the half-Russian pipelines to Europe (NordStream2), but it was Russia (or Russian partisans, whatever they mean) that tried to kill Putin last night with a drone attack as well.
You can accuse Russia of anything you want in the current climate, and everyone will take you seriously regardless of evidence.
B) Russia offered to run gas through the remaining pipeline at a higher price, almost immediately after running campaigns pointing fingers at everyone else
Apparently with A whoever did it decided not disable it completely, and with B somehow Russia is extremely confident it won't be attacked again.
It's not a hard conclusion to reach that Russia bombed its own shutdown pipeline, while leaving it functional, in order to cause confusion amongst enemies.
I think in a different time, we'd be able to say that it's become a farce, but ideology doesn't allow that thought to creep in. Even at the height of the cold war, we'd have contrarians and simple sympathizers who tried to nudge us --eventually both sides realized that the other wasn't the evil one thought the other was and that eventually allowed for Gorbachov and Reagan to have constructive dialog. But who in their right mind would be _convinced_ without a doubt that it was Russia who destroyed the pipeline cutting their nose to spite their face? It's so stupid. Even Saddam wasn't accused of being that stupid.
When you have a history of lying and running malevolent information operations, plus invading your neighbors on multiple occasions... yeah, you kinda lose the benefit of the doubt.
Your comment looks like an information operation itself. As far as I can tell, the only claims that the drones "tried to kill Putin" come from Russian state media.
It's amusing how these stories always include the breathless account of the genius hackers. It boiled down to a few thousand lines of code in a dll. There's only so much genius you can get into a few thousand lines of code. In reality, SolarWinds did something stupid, then some of their customers connected it to the internet and didn't even firewall it. Hackers will always have success not because they're brilliant, but because there will always be some marks who didn't cross their i's and dot their t's.
I agree in spirit, and I also share an attitude of "if you're hacked, it's your fault." It's Not That Hard to choose to not run random binaries from the internet, and keep your ports closed.
> There's only so much genius you can get into a few thousand lines of code
That being said, Stuxnet? So clever.
edit: Depending on the language or libraries, 1000 lines is a LOT. Cleverness is frequently in reduction or rotation, not addition. Choice of data structure, etc. c.f. the 'k' or 'j' programming languages.
I’m holding out hope for an NTSB-style investigation report by CISA that is a giant website with 1000s of pages of analyst notes and digital forensic evidence and shows exactly how they found out what they did as it happened.
For all the the $100mil’s that have been spent over the course of this cyber Pearl Harbor event, there should be something monumental added to the public record that every comp sci and cybersecurity student or pro can learn from for the next 50 years.
Data from these big attacks shouldn’t be limited the rarefied few folks who are lucky enough to take a $9000 SANS SEC541 course or work on a CIRT team for a Fortune-100 company whose sausage is among those roasted by the the fire.
Do I understand correctly, that the hackers improved the dll's code deliberately, so that Orion wouldn't manifest bugs which might invite debugging scrutiny that also revealed the backdoor?
This is different, more like putting a trap door in the ceiling and then patching all the leaks in the roof so that the homeowner won’t need to climb up on to the roof to fix those themselves and in doing so stumble on your trap door.
The way I read it, they left the other functionality unchanged and injected their source code change into the .dll source, made the build process build both the hacked version and the unhacked version (for later) and put the hacked version into the installation package and deleted evidence of the hacked dll in the build and restored the unhacked dll to it's place so no one could tell what happened just by looking at the end results and doing a dump or binary diff on just that dll.
Similar to but not the same as the pirated xcode malware injection.
> The practice of placing legal teams in charge of breach investigations is a controversial one. It puts cases under attorney-client privilege in a manner that can help companies fend off regulatory inquiries and fight discovery requests in lawsuits.
I wonder if the new DoJ agrees with this approach.
the simplest abuse of an all-powerful application coded by illiterate criminals who even sold company stock when things were to become public.
the real attack is how they managed to sell this to so many high profile targets. that is conveniently left out of every report, including this lame one from wired.
my guess, since they sold to fireeye, is that it's the same circle of people who can get these type of contracts. a shadow elite of formet NSA consultants helping each other.
Readit News
Also, the article repeatedly insinuates that the attack was traced to the Russian government, in fact it says it so often a casual reader could be forgiven for thinking they had proof. But a careful reading shows that they have absolutely no idea who did the SolarWinds hack. The link to the SVR is simply that Kevin Mandia has a "hunch" based on "pattern recognition" from his work in the 1990s. Not only is no proof presented, they don't even have anything that could be called evidence.
Writeups of hacks are always like this nowadays. It's the Russians. How do we know it's not the Chinese, or the Americans, or the British? We don't but if we say it's the Russians everyone will be on our side, so let's roll with that.
I really wish journalists would not try to manipulate readers like that. It'd be more honest to say they don't know. Trying to slip a completely made up SVR connection past the readers like that implies the rest of the article might just be spin too.
And the build systems sound like they were made by managers.
You can accuse Russia of anything you want in the current climate, and everyone will take you seriously regardless of evidence.
A) it was only partially destroyed
B) Russia offered to run gas through the remaining pipeline at a higher price, almost immediately after running campaigns pointing fingers at everyone else
Apparently with A whoever did it decided not disable it completely, and with B somehow Russia is extremely confident it won't be attacked again.
It's not a hard conclusion to reach that Russia bombed its own shutdown pipeline, while leaving it functional, in order to cause confusion amongst enemies.
https://youtu.be/vm1U5E44W90
Your comment looks like an information operation itself. As far as I can tell, the only claims that the drones "tried to kill Putin" come from Russian state media.
Dead Comment
Dead Comment
> There's only so much genius you can get into a few thousand lines of code
That being said, Stuxnet? So clever.
edit: Depending on the language or libraries, 1000 lines is a LOT. Cleverness is frequently in reduction or rotation, not addition. Choice of data structure, etc. c.f. the 'k' or 'j' programming languages.
I'm on the fence about this. In a perfect world, I agree.
In real life? "They" only need to get lucky once. I need to be perfect all the time, and it probably isn't going to happen.
Don't get me wrong, it is always somebody's fault.
If your is meant as in your business, I'd lean more to the agree side. Security basics are just a cost centre, right?
And how are you supposed to vet a binary from a trusted vendor?
Einstein's paper that introduces E=mc^2 is about three pages long.
For all the the $100mil’s that have been spent over the course of this cyber Pearl Harbor event, there should be something monumental added to the public record that every comp sci and cybersecurity student or pro can learn from for the next 50 years.
Data from these big attacks shouldn’t be limited the rarefied few folks who are lucky enough to take a $9000 SANS SEC541 course or work on a CIRT team for a Fortune-100 company whose sausage is among those roasted by the the fire.
Similar to but not the same as the pirated xcode malware injection.
I wonder if the new DoJ agrees with this approach.
It was a bunch of embarrassing speculation
the simplest abuse of an all-powerful application coded by illiterate criminals who even sold company stock when things were to become public.
the real attack is how they managed to sell this to so many high profile targets. that is conveniently left out of every report, including this lame one from wired.
my guess, since they sold to fireeye, is that it's the same circle of people who can get these type of contracts. a shadow elite of formet NSA consultants helping each other.