Jump to content

Solar Winds Data Breach


rmgill

Recommended Posts

  • Replies 167
  • Created
  • Last Reply

Top Posters In This Topic

I would guess that the coding team developed a program which would take raw source code inputs and apply some sort of randomized "coding style" to both obfuscate the original coders and to throw off investigators. Which I've been told is a common thing; Russians making things look like NK and vice versa.

 

Link to comment
Share on other sites

On 2/16/2021 at 6:23 PM, Ssnake said:

1,000 insiders...?

Yes, on US soils, like the command servers were.

On 2/16/2021 at 7:11 PM, Ivanhoe said:

I would guess that the coding team developed a program which would take raw source code inputs and apply some sort of randomized "coding style" to both obfuscate the original coders and to throw off investigators. Which I've been told is a common thing; Russians making things look like NK and vice versa.

 

Interesting, but this lead to a second question: is there genuine RU/NK/... style then?

Link to comment
Share on other sites

1 hour ago, Adam Peter said:

Interesting, but this lead to a second question: is there genuine RU/NK/... style then?

At this point, I would not trust any claims of authorship, when the suspects in question are at a high skill level and organized.

Every programmer has a style, detectable to some extent via variable names, source code indentation, etc. So you can write a program to look at those traits* in prior programs and develop signatures. In the past, I have read assertions that reverse engineers can guess what the programmer's native language is. Of course, the bad guys know this and can write a program to pre-process their source code to make it look like it was coded by the PRK rather than Russia, China, Iran, whatever.

So, wilderness of mirrors.

* Rather like how Google, Youtube, FB, et al can tell its you looking at their stuff, by timing how long it takes to get rid of ad popups etc. Fingerprinting.

Link to comment
Share on other sites

  • 2 weeks later...

https://www.cyberdefensemagazine.com/the-us-government/

Quote

 

Sullivan said the Biden administration is working to attribute the attack to a specific threat actor and properly respond to the offense.

...

Sullivan added that the response of the US government will be not limited to sanctions.

 

So we're going to be sending Jason Bourne to Moscow for some wet work. Awesome! 

 

 

Link to comment
Share on other sites

I'd be more inclined to put money on a small team who sourced bits of code from open source repos for what they wanted to do...hence the thousands of developers....

Link to comment
Share on other sites

  • 1 month later...
Quote

US expels Russian diplomats and issues sanctions over SolarWinds hacking attack

7h ago

The US has announced sanctions against Russian entities and expelled 10 Russian diplomats in response to a hacking attack and election interference.

The United States on Thursday announced the expulsion of 10 Russian diplomats and issued a broad array of sanctions targeting Russian individuals and entities for election interference, hacking efforts and other "malign" activities. 

The sanctions represent the first retaliatory action announced against the Kremlin for last year's hacking attack, which has been called the "SolarWinds" breach.

The measures include sanctions on six Russian companies that are alleged to have aided the country's cyber activities.

A further 32 individuals and entities are accused of attempting to interfere in last year's presidential election, including by spreading disinformation.

The White House said that the 10 diplomats being expelled include representatives of the Russian intelligence services.

What is Russia being accused of?

President Joe Biden's administration had previously said it would act to hold the Kremlin accountable for interference in last year's presidential election and the hacking of several federal agencies.

In the attack, Russian hackers are suspected of having infected software with malicious codes that gave them access to US government agency networks.

It is thought that they infiltrated at least nine agencies in an intelligence-gathering project to mine government secrets.

[...] 

In a show of solidarity with the US, Poland declared three Russian diplomats, employees of the Russian embassy in Warsaw, as personae non-gratae. In a tit-for-tat response, Russia said it would expel three Polish diplomats.

NATO voices support for measures

In a statement following the US announcement of sanctions, the NATO defense alliance issued a statement of support.

"NATO Allies support and stand in solidarity with the United States, following its 15 April announcement of actions to respond to Russia’s destabilizing activities," said the statement. "Allies are taking actions individually and collectively to enhance the alliance's collective security."

"Russia continues to demonstrate a sustained pattern of destabilizing behavior, including its violations of Ukraine’s and Georgia’s sovereignty and territorial integrity, and continued violation, non-implementation, and circumvention of numerous international obligations and commitments."

The European Union also expressed solidarity, saying the hacking had also compromised EU interests.

"The compromise affected governments and businesses worldwide, including in EU members," said EU foreign affairs chief Josep Borrell.

https://m.dw.com/en/us-expels-russian-diplomats-and-issues-sanctions-over-solarwinds-hacking-attack/a-57215141

Edited by BansheeOne
Link to comment
Share on other sites

Quote

Date 16.04.2021

Russia expels US and Polish diplomats over sanctions

Moscow is ousting 10 US and three Polish diplomats in direct response to the expulsion of Russian diplomats from both countries. Other moves included sanctions on US officials and a crackdown on US NGOs.

Russian Foreign Minister Sergey Lavrov on Friday announced that Russia would expel 10 US and 3 Polish diplomats in retaliation for them having respectively expelled 10 and 3 Russian diplomats on Thursday.

Lavrov additionally noted that eight US officials had been added to Russia's sanctions lists and that Moscow would take moves to limit and even stop the activity of US non-governmental organizations (NGOs) that it says are interfering in Russian politics.

Moscow also recommended the US recall Ambassador John Sullivan — Russia recalled its US ambassador in March, in response to US President Joe Biden calling Russian President Vladimir Putin "a killer" in a televised interview. 

The Russian Foreign Ministry has steadfastly warned of "inevitable" retaliation, noting that, "Washington should realize that it will have to pay a price for the degradation of bilateral ties.'' Though Lavrov emphasized Moscow could undertake more "painful measures" in the future, he said it would refrain from doing so at this juncture.

The Russian response came after the US announced a new raft of sanctions for what Washington says were Russian cyberattacks on US government websites in the massive 2020 SolarWinds hack as well as political interference in the recent 2020 US presidential election. Moscow denies any involvement in either incident.

How far will Russia go?

Though Russia has shown that it can make life difficult for the US and its allies, analysts say that Moscow will likely stop short of further measures so as not to further escalate an already tense situation. This week's US sanctions come on top of a slew of other sanctions on the country for various malign activity including the attempted murder of political opponents of the Kremlin and aggressions against neighboring Ukraine.

The situation has grown more intense of late as Russia has continued to amass troops at the Ukraine border and in occupied Crimea.

When US President Joe Biden announced his country's sanctions on Thursday he said he was willing to work with Russia and offered to meet with its long-time leader President Vladimir Putin. Dmitry Peskov, Putin's spokesman, said the invitation was being analyzed.

Biden's carrot and stick approach to Moscow

The Biden administration's expulsion of Russian diplomats was announced parallel to sanctions against dozens of Russian companies and individuals, and bans on US financial institutions purchasing Russian government bonds directly from Russian state institutions. The latter hampers Russia's ability to borrow cash, though it crucially stops short of putting constraints on secondary markets, thus non-US citizens can still purchase Russian debt and then in turn sell it to US investors. 

The sanctions came just two days after Biden and Putin spoke by telephone, when President Biden says he informed Putin that he had the option of imposing tougher measures but had chosen not to. Biden's proposal that the two meet in a third country this summer was also made during the call.

[...]

https://www.dw.com/en/russia-expels-us-and-polish-diplomats-over-sanctions/a-57232644

Link to comment
Share on other sites

  • 2 weeks later...

Quote

US Embassy in Moscow cuts staff and visa services

6h ago

The move comes after President Vladimir Putin signed a decree to limit the number of Russians employed at embassies of countries deemed to be "unfriendly."

The US Embassy in Moscow announced Friday that it would cut consular services and staff in line with new restrictions imposed by Russia.

"We regret that the actions of the Russian government have forced us to reduce our consular work force by 75% and will endeavor to offer to US citizens as many services as possible," a statement published on the Embassy's website said.

A law signed by Russian President Vladimir Putin last week allows the country to cap the number of local staff working at foreign diplomatic missions, or ban them entirely. The law also requires the government to draw up a list of "unfriendly" states that would be subject to the changes.

What else did the US Embassy say?

The Embassy's statement said it would limit consular services to cover only emergency cases from May 12 due to the government's "intention to prohibit US Mission Russia from employing foreign nationals in any capacity."

It also said nondiplomatic visas will only be processed in cases of emergency.

The Embassy "strongly" urged US citizens in Russia with an expired visa to leave the country before the June 15 deadline set by the Russian government.

The state of US-Russia relations

The changes at the US Embassy come amid a wave of expulsions of Russian diplomats from the US and several European countries. Moscow has responded with expulsions of its own.

Earlier this month, Washington kicked out 10 Russian diplomats in connection with cyberattacks against government agencies and meddling in the 2020 US presidential elections. The US has also imposed numerous sanctions on Russian entities. 

Tensions between Russia and the West have also been increasing over a recent military buildup on the border to eastern Ukraine, and the jailing of opposition activist Alexei Navalny. 

https://m.dw.com/en/us-embassy-in-moscow-cuts-staff-and-visa-services/a-57385581

Link to comment
Share on other sites

  • 1 month later...

Not sure which American hackers Vlad has in mind, but I take this as a trolling attempt anyway. 

Quote

Putin: Russia open to hacker exchange with US

57m ago

Recent cyberattacks on critical US infrastructure and companies have been blamed on Russian hackers. US President Joe Biden vowed to raise the issue during his meeting with President Vladimir Putin next week.

Moscow could hand over wanted hackers to Washington if the United States extradites its own cybercriminals to Moscow, Russian President Vladimir Putin said on Sunday.

He made the comments ahead of an expected extradition request by US President Joe Biden when the pair meet in Geneva on Wednesday.

Biden resolved to take action after several cybersecurity breaches, including ransomware attacks, on US companies and infrastructure in recent months, which are believed to have originated in Russia.

The most recent ransomware incidents targeted the US's largest vehicle fuel pipeline operator Colonial Pipeline and top meat processor JBS earlier this month.

Ransom software works by encrypting victims' data. Typically hackers will offer the victim a key in return for cryptocurrency payments that can run into hundreds of thousands or even millions of dollars. 

What did Putin suggest?

In an interview on state TV, Putin stressed that cybersecurity was one of the most important issues at present, because "turning all kinds of systems off can lead to really difficult consequences." 

″If we agree to extradite criminals, then, of course, Russia will go for it. But only if the other side, in this case, the United States, agrees to the same thing,″ Putin said.

The Russian leader said he expected next week's meeting with Biden in Geneva to help establish bilateral dialogue and revive personal contacts.

He added that important issues for the two men included strategic stability, Libya and Syria, and the environment.

[...] 

https://m.dw.com/en/putin-russia-open-to-hacker-exchange-with-us/a-57871507

Link to comment
Share on other sites

Yeah, does sound like trolling. Nothing to be learned from America's black-hat hackers that Russian black-hat hackers don't already know.

As for state-sponsored, obviously nothing to be gained by either nation by handing over anyone who hacked the other nation.

Though Biden is definitely dumb enough to sign an agreement or treaty with Putin agreeing to extradite Americans to Russia for any reason. Putin could decimate the USG. 

Link to comment
Share on other sites

22 hours ago, Ivanhoe said:

Though Biden is definitely dumb enough to sign an agreement or treaty with Putin agreeing to extradite Americans to Russia for any reason. Putin could decimate the USG. 

Biden would never sign such an agreement.

Link to comment
Share on other sites

  • 3 weeks later...
Quote

Date 05.07.2021

Kaseya cyberattack: Hackers want $70 million for decryption

The Russian-linked REvil ransomware group is alleged to have carried out an attack that affected hundreds of companies worldwide. Joe Biden says the US will respond if the Kremlin is involved.

The hackers behind a huge ransomware attack said late Sunday on their blog that they want $70 million (€59 million) in Bitcoin to publicly release what they are calling a "universal decryptor."

The firm Kaseya, which helps firms remotely manage their IT infrastructure, was hit Friday in an attack believed to have been carried out by Russian-linked cybercrime gang REvil. The attack infected hundreds of companies in at least 17 countries.

The group is best known for the recent attack on JBS meat processing. In that instance, REvil was able to extort $11 million from the firm in a ransomware payment.

On Saturday, US President Joe Biden said there would be a response if investigations determined the Kremlin was linked in any way.

Which companies were hit in this latest ransomware attack?

The Miami-based firm Kaseya said a broad array of small businesses — including in financial services, travel and leisure, and public agencies on all continents — were hit in this latest ransomware attack.

[...]

CEO Fred Voccola of Kaseya said he believes the number of victims is in the low thousands, noting that it was mostly small businesses like "dental practices, architecture firms, plastic surgery centers, libraries, things like that.''

Voccola added that only between 50 to 60 of the company's 37,000 customers were compromised by REvil. Kaseya has hired cybersecurity firm Mandiant to investigate the breach.

While the CEO would not confirm details of the hack, Voccola did say the attack was not based on phishing and that the level of sophistication "was extraordinary."

Of the systems that were attacked, 70% were managed service providers who used Kaseya's VSA software to manage multiple customers. That software automates the installation of security updates, and manages backups and other essential functions.

At present, Kaseya believes REvil did not just breach its code, but likely exploited vulnerabilities in third-party software.

What are the reactions to this latest ransomware attack?

The FBI said in a statement that it is investigating, but the scale of the cyberattack "may make it so that we are unable to respond to each victim individually.''

US Deputy National Security Advisor Anne Neuberger said Biden had "directed the full resources of the government to investigate this incident'' and urged anyone who believes their systems were compromised to contact the FBI.

Cybersecurity expert Dmitri Alperovitch of the Silverado Policy Accelerator think tank said he does not believe there is likely to be Kremlin involvement; but rather, the attack indicates Russian authorities "have not yet moved" on shutting down ransomware gangs operating on Russian soil.

The most serious of ransomware gangs operate from within Russia or aligned states. They are tolerated by the Russian authorities and sometimes work with the security services.

https://www.dw.com/en/kaseya-cyberattack-hackers-want-70-million-for-decryption/a-58158481

Link to comment
Share on other sites

I see a lot of huffing and puffing from the US president. I don't expect to see much of a reaction that might actually deter the Kremlin mobsters.

 

Si tacuisses...

Link to comment
Share on other sites

He is  already setting up the result he wanted. 'We dont think it is the Russian Government', when, almost certainly, its exactly that.

What do you do?  When its becomes a threat to life, then put a smart bomb through the window of the people doing it. I do not believe anything less than that will achieve an effect.

Biden and relatively few Presidents are willing to go that far, and thats why it will keep happening.

 

Link to comment
Share on other sites

If Russia launchers a cyber attack that interferes with a states ability  to function, to cause the breakdown of vital services, that even causes deaths, then that is an act of war. You can duck behind the Sofa as often as you like Glenn, but you dont avoid WW3 when the other side is already fighting WW3. Why is a Cyber attack any different from strategic bombing, if its effect can also kill people?

Has it got that bad yet? Not yet. But we had the British NHS hacked very similarly with randsomware attacks some years ago. We do not know if that caused deaths, but it seems possible. Let us  suppose someone attacks the US pharma firms, or even freight distribution companies, delaying vaccine deployment and as a result Coronavirus gets out of control again. Would that not an act of war?  What would you call another 500000 dead? 

We are all vulnerable to this kind of attack. Russia simply must be made to understand the potential consequences of its actions, or like a spoilt 4 year old, its going to keep on doing what it enjoys, regardless of consequence.  And one day there will inevitably be consequences whether you want them or not.

Link to comment
Share on other sites

1 hour ago, Stuart Galbraith said:

If Russia launchers a cyber attack that interferes with a states ability  to function, to cause the breakdown of vital services, that even causes deaths, then that is an act of war. You can duck behind the Sofa as often as you like Glenn, but you dont avoid WW3 when the other side is already fighting WW3. Why is a Cyber attack any different from strategic bombing, if its effect can also kill people?

Has it got that bad yet? Not yet. But we had the British NHS hacked very similarly with randsomware attacks some years ago. We do not know if that caused deaths, but it seems possible. Let us  suppose someone attacks the US pharma firms, or even freight distribution companies, delaying vaccine deployment and as a result Coronavirus gets out of control again. Would that not an act of war?  What would you call another 500000 dead? 

We are all vulnerable to this kind of attack. Russia simply must be made to understand the potential consequences of its actions, or like a spoilt 4 year old, its going to keep on doing what it enjoys, regardless of consequence.  And one day there will inevitably be consequences whether you want them or not.

Glenn has a point that there's an scale here, all of those cases should fall under terrorism, and if a business is so vulnerable as to cause an additional 500.000 dead, well, maybe the business had some responsibility on its own security.

Link to comment
Share on other sites

2 hours ago, Stuart Galbraith said:

If Russia launchers a cyber attack that interferes with a states ability  to function, to cause the breakdown of vital services, that even causes deaths, then that is an act of war. You can duck behind the Sofa as often as you like Glenn, but you dont avoid WW3 when the other side is already fighting WW3. Why is a Cyber attack any different from strategic bombing, if its effect can also kill people?

You said to kill Russian hackers with an airstrike in Russia.   Wouldn't really matter what the conditions were that prompted the airstrike, any airstrike on Russian national soil will result in missile attacks on American soil.   And from there, well, you get the picture.  

To answer your question.   The key to dominating in confrontations these days is understanding and manipulating the escalation cycle.  You see it happening all the time.  The trick is to have options that allow you to escalate in a rational fashion, but also, are sufficiently refined in character that the enemy is not justified in escalating further themselves.  You grock?  Because I don't think you grock.  Bombing Russia because some teenagers did a hack would be like taking a dump on a restaurant's reception counter because they got your order wrong.  

Quote

We are all vulnerable to this kind of attack. Russia simply must be made to understand the potential consequences of its actions, or like a spoilt 4 year old, its going to keep on doing what it enjoys, regardless of consequence.  And one day there will inevitably be consequences whether you want them or not.

One minute your all hot to trot for global crusades and wars with everyone, the next you're whining about cyber attacks and push back....pick a lane?

The reason why the Americans are reluctant to respond too forcefully is because the dynamics of the escalation cycle are poor.   The problem with Russia is that the way escalation will play out is poor for us.  That's why I would like to see an agreement cut where Putin gets his sphere of influence and he can putter in it.  Because that's the best we can hope for.

Edited by glenn239
Link to comment
Share on other sites

4 minutes ago, RETAC21 said:

Glenn has a point that there's an scale here, all of those cases should fall under terrorism, and if a business is so vulnerable as to cause an additional 500.000 dead, well, maybe the business had some responsibility on its own security.

Had Stuart said to kidnap the hackers and bring them west for trial, I'd be on board for that.  Even an assassination on a street corner type thing.  The escalation dynamics to that are not so bad.  But bombing Russia?  That's World War 3 because the counterattack will be right into Washington and the continental US, and then it's on.

Link to comment
Share on other sites

14 hours ago, RETAC21 said:

Glenn has a point that there's an scale here, all of those cases should fall under terrorism, and if a business is so vulnerable as to cause an additional 500.000 dead, well, maybe the business had some responsibility on its own security.

Yes, but nobody ever used the argument that if a house fell from being bombed, it should have been better built. :D The prime responsiblity is upon the attacker, not the victim.

Yes of course companies have a responsiblity for infrastructure. I just have an unhappy feeling there is no such thing as a perfectly secure system. Even if there was, it doesnt remove the responsiblity of any nation state understaking attempts against it. A terrorist attack may fail, but its still a terrorist attack.

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...