bitflipper Posted December 18, 2020 Share Posted December 18, 2020 Last week I noticed a news report that there'd been a widespread hack into government networks. It didn't set off any alarms in my head, since stealing data has been an international hobby for years. Then I watched the SANS Emergency Webcast from a couple days ago. And holy sh*t, this is big. When you think "hack" you picture some script-kiddie in his mom's basement trying to alter his high school grades. This ain't that. This is a highly sophisticated act of cyberwarfare. Caveat: the above-linked webcast will be very obtuse to most folks, as the intended audience is computer-security propellerheads. But I know there are a few here that will at least get the gist of it, even if you have to look up a few acronyms along the way. 3 Link to comment Share on other sites More sharing options...
Glenn Stanton Posted December 18, 2020 Share Posted December 18, 2020 it looks like it's not so much the product but the updates being hacked because the download mechanisms are not as secure as they should be. basically when an admin goes to retrieve the updates, they typically use FTP (an unsecure protocol) and apparently the hackers changed some of the product code on the update site to allow some logging of user logon activities, and then use that info to logon as a user. takes months of work to do this because of the small amounts of info collected and the backdoor access needed to retrieve it and use it. all the usual main scream media types are "russia russia russia" but there is no definitive signatures except that many of the admin people deploying this software are of asian origin... go figure... Link to comment Share on other sites More sharing options...
paulo Posted December 18, 2020 Share Posted December 18, 2020 2 hours ago, bitflipper said: propellerhead Unfortunate choice of word on the 20th anniversary of the death of Kirsty MacColl. Link to comment Share on other sites More sharing options...
Glenn Stanton Posted December 18, 2020 Share Posted December 18, 2020 3 hours ago, paulo said: Unfortunate choice of word on the 20th anniversary of the death of Kirsty MacColl. actually she took it in the chest saving the life of her son. unfortunately the rich guy driving the boat got away with it. Link to comment Share on other sites More sharing options...
Wibbles Posted December 19, 2020 Share Posted December 19, 2020 The rich guys always get away with it. Link to comment Share on other sites More sharing options...
Mandolin Picker Posted December 20, 2020 Share Posted December 20, 2020 And then there's this from TechDirt and Reuters "No doubt the company [SolarWinds] claims to take security seriously. But while users are being subjected to password requirements that demand them to utilize most of the alphabet and multiple shift key presses, internal security isn't nearly as restrictive. Here's the "OMFG are you ***** kidding me" news via Reuters, which first broke the news of the malicious hacking. Security researcher Vinoth Kumar told Reuters that, last year, he alerted the company that anyone could access SolarWinds’ update server by using the password “solarwinds123”. https://www.techdirt.com/articles/20201215/13203045893/security-researcher-reveals-solarwinds-update-server-was-secured-with-password-solarwinds123.shtml https://www.reuters.com/article/global-cyber-solarwinds/hackers-at-center-of-sprawling-spy-campaign-turned-solarwinds-dominance-against-it-idUSKBN28P2N8 Link to comment Share on other sites More sharing options...
InstrEd Posted December 20, 2020 Share Posted December 20, 2020 On 12/18/2020 at 8:33 PM, Wibbles said: The rich guys always get away with it. Unfortunately this is usually true. Link to comment Share on other sites More sharing options...
Gswitz Posted December 20, 2020 Share Posted December 20, 2020 (edited) I have long suspected the Russians use Cakewalk to steal my VST settings and sell them on the open market! Edited December 20, 2020 by Gswitz 1 Link to comment Share on other sites More sharing options...
Glenn Stanton Posted December 20, 2020 Share Posted December 20, 2020 это ложь! мы делимся этим только за деньги, а не продаем, как капиталистические режимы!!! 1 Link to comment Share on other sites More sharing options...
Glenn Stanton Posted December 20, 2020 Share Posted December 20, 2020 3 hours ago, Gswitz said: I have long suspected the Russians use Cakewalk to steal my VST settings and sell them on the open market! это ложь! мы делимся этим только за деньги, а не продаем, как капиталистические режимы!!! 1 Link to comment Share on other sites More sharing options...
bitflipper Posted December 20, 2020 Author Share Posted December 20, 2020 Oh, yeh. Voxengo SPAN was definitely a trojan horse, a back door that led to me blithely installing many useful plugins DIRECTLY FROM RUSSIA! (btw, this is a joke. AFAIK the Russians have no interest in tricking the NSA into compromising their sample rate conversions or master bus limiting.) 1 Link to comment Share on other sites More sharing options...
Mandolin Picker Posted December 20, 2020 Share Posted December 20, 2020 And now there's this (Reuters is all over this): Second hacking team was targeting SolarWinds at time of big breach A second hacking group, different from the suspected Russian team now associated with the major SolarWinds data breach, also targeted the company’s products earlier this year, according to a security research blog by Microsoft. “The investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor,” the blog said. Security experts told Reuters this second effort is known as “SUPERNOVA.” It is a piece of malware that imitates SolarWinds’ Orion product but it is not “digitally signed” like the other attack, suggesting this second group of hackers did not share access to the network management company’s internal systems. https://www.reuters.com/article/us-usa-cyber-solarwinds/second-hacking-team-was-targeting-solarwinds-at-time-of-big-breach-idUSKBN28T0U1 Link to comment Share on other sites More sharing options...
Glenn Stanton Posted December 20, 2020 Share Posted December 20, 2020 SUPERNOVA is an NSA thing, probably taken from NSA when Snowden took over to Wikileaks... Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now