HACKED! Multiple Federal Agencies Including Treasury.

[Paratus]

https://apnews.com/article/technolo...rity-hacking-e8a2e819f7cc6982f6a72f8c85209b72


Hackers broke into the networks of federal agencies including the Treasury and Commerce departments in attacks revealed just days after U.S. officials warned that cyber actors linked to the Russian government were exploiting vulnerabilities to target sensitive data.

The FBI and the Department of Homeland Security’s cybersecurity arm are investigating what experts and former officials said appeared to be a large-scale penetration of U.S. government agencies.

Didn’t the administration fire a bunch of cyber security folks recently?

At any rate comments I’ve seen online seem to think this is serious.

 

[dank69]

Fuckers hacked your thread title, too.

 

[BoomerD]

Saw one story that said the hackers were affiliated with the Rooskie government. I guess with their golden goose losing his job, they gotta find a source of money somewhere.

 

[Paratus]

Fuckers hacked your thread title, too.

It’s fixed. Piece of shit forum software regularly jumps the cursor around in IOS.

 

[IronWing]

IOS has cursor? How modern.

 

[Paratus]

IOS has cursor? How modern.

Yup.

If you misspell a word and backspace an entire word AT forums helpfully auto erases the space before it too. If you don’t realize it then you end up with two words stuck together which have to be fixed. If you have to add the space back again IOS thinks it’s the second space so it capitalizes the word and if you delete that it starts the whole process over.

finally if you jump around a paragraph to fix something it will helpfully randomly select something you recently typed and replace it with what you are typing now.

This is the only forum that does this to me in IOS/Safari.

 

[hal2kilo]

According to report on MSNBC, HHS was also hacked. Also Solar Wind's app is what got hacked. Public announcement says ONLY 18,000 of it's 33,000 customers got hacked. ONLY.

 

[Meghan54]

So this is what Parler was actually created for........

 

[nakedfrog]

According to report on MSNBC, HHS was also hacked. Also Solar Wind's app is what got hacked. Public announcement says ONLY 18,000 of it's 33,000 customers got hacked. ONLY.

Heck, that's barely over half, why are people so upset?

 

[ElFenix]

impenetrable!

https://twitter.com/x/status/1338336837903912961

 

[ch33zw1z]

Cybering is tough 😉.

Seriously, we should just defund the departments though, small gubbermint ftw

 

[Exterous]

At any rate comments I’ve seen online seem to think this is serious.

It is very serious. From the reports so far Solarwind's Orion product was affected at such a deep level that the majority of IT people would never notice. Somehow the hackers were able to get access to Orion's code repository and compromise it with a single DLL. This was then packaged by Solarwinds and signed as officially verified and vetted software for your Orion product. As it was in an official vendor release hash verification would not have caught this. Once inside it would lay dormant for long periods of time before occasionally checking in with the command and control servers - usually immersed within legitimate Solarwinds traffic making detection difficult. Even worse Orion is so immersed in the network by design once it's compromised it's game over due to the privileged access it needs to do it's work. From there attackers would be able to forge single sign on tokens and could add access for themselves to programs, APIs, servers etc

Solarwinds has a huge customer basis. I don't know how many use Orion but 425 of the Fortune 500 companies use Solarwinds including the top 5 accounting firms and top 10 telecommunications firms. And if they could compromise Orion at such a level there is a chance they compromised their other products. Not a good time to have any Solarwind products in your environment

 

[s0me0nesmind1]

https://apnews.com/article/technolo...rity-hacking-e8a2e819f7cc6982f6a72f8c85209b72


Hackers broke into the networks of federal agencies including the Treasury and Commerce departments in attacks revealed just days after U.S. officials warned that cyber actors linked to the Russian government were exploiting vulnerabilities to target sensitive data.

The FBI and the Department of Homeland Security’s cybersecurity arm are investigating what experts and former officials said appeared to be a large-scale penetration of U.S. government agencies.

Didn’t the administration fire a bunch of cyber security folks recently?

At any rate comments I’ve seen online seem to think this is serious.

Well this is just lovely. I see that NASA has gone into moderate guarded operation where they essentially cut-off any remote connections and thus only allow internal. Good ol' government only knows how to be reactive instead of proactive.

So... yeah, thats going to be swell while the pandemic is still ongoing and the majority are WFH.

 

[ch33zw1z]

Well this is just lovely. I see that NASA has gone into moderate guarded operation where they essentially cut-off any remote connections and thus only allow internal. Good ol' government only knows how to be reactive instead of proactive.

So... yeah, thats going to be swell while the pandemic is still ongoing and the majority are WFH.

Mmhmm, cuz non government entities are totally proactive, always.

 

[Exterous]

Well this is just lovely. I see that NASA has gone into moderate guarded operation where they essentially cut-off any remote connections and thus only allow internal. Good ol' government only knows how to be reactive instead of proactive.

So... yeah, thats going to be swell while the pandemic is still ongoing and the majority are WFH.

What proactive measures would you have wanted them to take? Usually the proactive measures to avoid security issues is to apply vendor patches and updates. Sure you might run them in a dev environment or give them several weeks of public release for others to do the testing for you but these infected vendor updates were released months ago so the proactive 'path your stuff to make sure it's up to date and secure' actually caused the issue

 

[K1052]

What proactive measures would you have wanted them to take?

Obviously use Project Thor to obliterate the Russian capitol before the hackers can strike. Sheesh.

 

[Lanyap]

https://apnews.com/article/technolo...rity-hacking-e8a2e819f7cc6982f6a72f8c85209b72


Hackers broke into the networks of federal agencies including the Treasury and Commerce departments in attacks revealed just days after U.S. officials warned that cyber actors linked to the Russian government were exploiting vulnerabilities to target sensitive data.

The FBI and the Department of Homeland Security’s cybersecurity arm are investigating what experts and former officials said appeared to be a large-scale penetration of U.S. government agencies.

Didn’t the administration fire a bunch of cyber security folks recently?

At any rate comments I’ve seen online seem to think this is serious.

Donald fired Chris Krebs back in November for contradicting him on the prevalence of election fraud in the 2020 presidential election. Krebs was Director of the Cybersecurity and Infrastructure Security Agency. Donald opened things up for Putin and his gang. Putin knew he wouldn't be able to get in after Biden took over.

 

[Dave_5k]

It is very serious. From the reports so far Solarwind's Orion product was affected at such a deep level that the majority of IT people would never notice. Somehow the hackers were able to get access to Orion's code repository and compromise it with a single DLL. This was then packaged by Solarwinds and signed as officially verified and vetted software for your Orion product. As it was in an official vendor release hash verification would not have caught this. Once inside it would lay dormant for long periods of time before occasionally checking in with the command and control servers - usually immersed within legitimate Solarwinds traffic making detection difficult. Even worse Orion is so immersed in the network by design once it's compromised it's game over due to the privileged access it needs to do it's work. From there attackers would be able to forge single sign on tokens and could add access for themselves to programs, APIs, servers etc

Solarwinds has a huge customer basis. I don't know how many use Orion but 425 of the Fortune 500 companies use Solarwinds including the top 5 accounting firms and top 10 telecommunications firms. And if they could compromise Orion at such a level there is a chance they compromised their other products. Not a good time to have any Solarwind products in your environment

Even figuring out how badly compromised the systems of most of the US government and majority of Fortune 500 are is likely to take weeks, if they even can.

This hack got not only full admin level access to the networks, it also has been confirmed to have achieved server-admin credentials on the Outlook web access e-mail systems, including a full bypass of multi-factor authentication on Outlook to further hack e-mail accounts. And it was undetected for 6 months while intruders were able to continue to propagate access to additional servers, systems, and accounts. Given 6 months of access when already starting from effectively root level access to all network traffic and e-mail traffic, digging out how deep the hackers ultimately got into linked systems is going to be a nightmare.

 

[hal2kilo]

Even figuring out how badly compromised the systems of most of the US government and majority of Fortune 500 are is likely to take weeks, if they even can.

This hack got not only full admin level access to the networks, it also has been confirmed to have achieved server-admin credentials on the Outlook web access e-mail systems, including a full bypass of multi-factor authentication on Outlook to further hack e-mail accounts. And it was undetected for 6 months while intruders were able to continue to propagate access to additional servers, systems, and accounts. Given 6 months of access when already starting from effectively root level access to all network traffic and e-mail traffic, digging out how deep the hackers ultimately got into linked systems is going to be a nightmare.

So they got all of Trump tax return. They at least know the true Trump.

 

[[DHT]Osiris]

Even figuring out how badly compromised the systems of most of the US government and majority of Fortune 500 are is likely to take weeks, if they even can.

This hack got not only full admin level access to the networks, it also has been confirmed to have achieved server-admin credentials on the Outlook web access e-mail systems, including a full bypass of multi-factor authentication on Outlook to further hack e-mail accounts. And it was undetected for 6 months while intruders were able to continue to propagate access to additional servers, systems, and accounts. Given 6 months of access when already starting from effectively root level access to all network traffic and e-mail traffic, digging out how deep the hackers ultimately got into linked systems is going to be a nightmare.

This is the part that cannot be emphasized enough. A persistent threat inside a system can spend enough time gathering data or introducing data into a system that even rebuilding may not be enough, if for instance some source code has been tampered with that's carried over to a newly rebuilt system. You almost have to roll back to when the corrupted version was released and start over.

I worked with a military unit that used Orion Solarwinds, a zero trust stance to those systems would be absolutely nightmarish. Like aircraft stuck on the pad (mission planning dead), phone calls not being made (VOIP), email shut down, etc. Glad I'm not working there today.

 

[manly]

Note that FireEye was pwned by this same attack, so government IT systems are relatively easy pickings...

For a great read about Russian state-sponsored hacking over the past decade, check out Sandworm by Wired' Andy Greenberg:

Sandworm: A New Era of Cyberwar and the Hunt for the Kr…

A chilling, globe-spanning detective story, tracking an…

www.goodreads.com

Maybe I'd been living under a rock, because I wasn't even aware of many of these prior incidents until reading this book last week.

 

[hal2kilo]

In the old days, we used to get "quicklooks" of unclassified versions of the our system performance during SSBN patrols after analysis from the John Hopkins Applied Physics Lab (APL) delivered in the mail on paper. Then they went online, and we had to get on their list and prove our credentials even to get the unclassified version of the report. And by the time I retired, it was impossible to get those reports. It didn't really matter because their funding went to crap and the "quicklook" moniker became a joke.

 

[kage69]

Between the OPM hack and this... shit.

I hope we've replaced a lot of hardware.

 

[Raizinman]

If hackers could break into the commerce department, don't you think they could break into the election computers? Is it just a coincidence that that this happened right after the election fraud issue?

 

[IronWing]

If hackers could break into the commerce department, don't you think they could break into the election computers? Is it just a coincidence that that this happened right after the election fraud issue?

What election fraud issue?