Ssnake Posted February 16, 2021 Share Posted February 16, 2021 6 minutes ago, Adam Peter said: Microsoft says it found 1,000-plus developers' fingerprints on the SolarWinds attack Was it an insider job? 1,000 insiders...? Link to comment Share on other sites More sharing options...
Ivanhoe Posted February 16, 2021 Share Posted February 16, 2021 I would guess that the coding team developed a program which would take raw source code inputs and apply some sort of randomized "coding style" to both obfuscate the original coders and to throw off investigators. Which I've been told is a common thing; Russians making things look like NK and vice versa. Link to comment Share on other sites More sharing options...
Adam Peter Posted February 18, 2021 Share Posted February 18, 2021 On 2/16/2021 at 6:23 PM, Ssnake said: 1,000 insiders...? Yes, on US soils, like the command servers were. On 2/16/2021 at 7:11 PM, Ivanhoe said: I would guess that the coding team developed a program which would take raw source code inputs and apply some sort of randomized "coding style" to both obfuscate the original coders and to throw off investigators. Which I've been told is a common thing; Russians making things look like NK and vice versa. Interesting, but this lead to a second question: is there genuine RU/NK/... style then? Link to comment Share on other sites More sharing options...
Ivanhoe Posted February 18, 2021 Share Posted February 18, 2021 1 hour ago, Adam Peter said: Interesting, but this lead to a second question: is there genuine RU/NK/... style then? At this point, I would not trust any claims of authorship, when the suspects in question are at a high skill level and organized. Every programmer has a style, detectable to some extent via variable names, source code indentation, etc. So you can write a program to look at those traits* in prior programs and develop signatures. In the past, I have read assertions that reverse engineers can guess what the programmer's native language is. Of course, the bad guys know this and can write a program to pre-process their source code to make it look like it was coded by the PRK rather than Russia, China, Iran, whatever. So, wilderness of mirrors. * Rather like how Google, Youtube, FB, et al can tell its you looking at their stuff, by timing how long it takes to get rid of ad popups etc. Fingerprinting. Link to comment Share on other sites More sharing options...
Ivanhoe Posted February 26, 2021 Share Posted February 26, 2021 https://www.cyberdefensemagazine.com/the-us-government/ Quote Sullivan said the Biden administration is working to attribute the attack to a specific threat actor and properly respond to the offense. ... Sullivan added that the response of the US government will be not limited to sanctions. So we're going to be sending Jason Bourne to Moscow for some wet work. Awesome! Link to comment Share on other sites More sharing options...
rmgill Posted March 4, 2021 Author Share Posted March 4, 2021 I'd be more inclined to put money on a small team who sourced bits of code from open source repos for what they wanted to do...hence the thousands of developers.... Link to comment Share on other sites More sharing options...
BansheeOne Posted April 15, 2021 Share Posted April 15, 2021 (edited) Quote US expels Russian diplomats and issues sanctions over SolarWinds hacking attack 7h ago The US has announced sanctions against Russian entities and expelled 10 Russian diplomats in response to a hacking attack and election interference. The United States on Thursday announced the expulsion of 10 Russian diplomats and issued a broad array of sanctions targeting Russian individuals and entities for election interference, hacking efforts and other "malign" activities. The sanctions represent the first retaliatory action announced against the Kremlin for last year's hacking attack, which has been called the "SolarWinds" breach. The measures include sanctions on six Russian companies that are alleged to have aided the country's cyber activities. A further 32 individuals and entities are accused of attempting to interfere in last year's presidential election, including by spreading disinformation. The White House said that the 10 diplomats being expelled include representatives of the Russian intelligence services. What is Russia being accused of? President Joe Biden's administration had previously said it would act to hold the Kremlin accountable for interference in last year's presidential election and the hacking of several federal agencies. In the attack, Russian hackers are suspected of having infected software with malicious codes that gave them access to US government agency networks. It is thought that they infiltrated at least nine agencies in an intelligence-gathering project to mine government secrets. [...] In a show of solidarity with the US, Poland declared three Russian diplomats, employees of the Russian embassy in Warsaw, as personae non-gratae. In a tit-for-tat response, Russia said it would expel three Polish diplomats. NATO voices support for measures In a statement following the US announcement of sanctions, the NATO defense alliance issued a statement of support. "NATO Allies support and stand in solidarity with the United States, following its 15 April announcement of actions to respond to Russia’s destabilizing activities," said the statement. "Allies are taking actions individually and collectively to enhance the alliance's collective security." "Russia continues to demonstrate a sustained pattern of destabilizing behavior, including its violations of Ukraine’s and Georgia’s sovereignty and territorial integrity, and continued violation, non-implementation, and circumvention of numerous international obligations and commitments." The European Union also expressed solidarity, saying the hacking had also compromised EU interests. "The compromise affected governments and businesses worldwide, including in EU members," said EU foreign affairs chief Josep Borrell. https://m.dw.com/en/us-expels-russian-diplomats-and-issues-sanctions-over-solarwinds-hacking-attack/a-57215141 Edited April 15, 2021 by BansheeOne Link to comment Share on other sites More sharing options...
BansheeOne Posted April 17, 2021 Share Posted April 17, 2021 Quote Date 16.04.2021 Russia expels US and Polish diplomats over sanctions Moscow is ousting 10 US and three Polish diplomats in direct response to the expulsion of Russian diplomats from both countries. Other moves included sanctions on US officials and a crackdown on US NGOs. Russian Foreign Minister Sergey Lavrov on Friday announced that Russia would expel 10 US and 3 Polish diplomats in retaliation for them having respectively expelled 10 and 3 Russian diplomats on Thursday. Lavrov additionally noted that eight US officials had been added to Russia's sanctions lists and that Moscow would take moves to limit and even stop the activity of US non-governmental organizations (NGOs) that it says are interfering in Russian politics. Moscow also recommended the US recall Ambassador John Sullivan — Russia recalled its US ambassador in March, in response to US President Joe Biden calling Russian President Vladimir Putin "a killer" in a televised interview. The Russian Foreign Ministry has steadfastly warned of "inevitable" retaliation, noting that, "Washington should realize that it will have to pay a price for the degradation of bilateral ties.'' Though Lavrov emphasized Moscow could undertake more "painful measures" in the future, he said it would refrain from doing so at this juncture. The Russian response came after the US announced a new raft of sanctions for what Washington says were Russian cyberattacks on US government websites in the massive 2020 SolarWinds hack as well as political interference in the recent 2020 US presidential election. Moscow denies any involvement in either incident. How far will Russia go? Though Russia has shown that it can make life difficult for the US and its allies, analysts say that Moscow will likely stop short of further measures so as not to further escalate an already tense situation. This week's US sanctions come on top of a slew of other sanctions on the country for various malign activity including the attempted murder of political opponents of the Kremlin and aggressions against neighboring Ukraine. The situation has grown more intense of late as Russia has continued to amass troops at the Ukraine border and in occupied Crimea. When US President Joe Biden announced his country's sanctions on Thursday he said he was willing to work with Russia and offered to meet with its long-time leader President Vladimir Putin. Dmitry Peskov, Putin's spokesman, said the invitation was being analyzed. Biden's carrot and stick approach to Moscow The Biden administration's expulsion of Russian diplomats was announced parallel to sanctions against dozens of Russian companies and individuals, and bans on US financial institutions purchasing Russian government bonds directly from Russian state institutions. The latter hampers Russia's ability to borrow cash, though it crucially stops short of putting constraints on secondary markets, thus non-US citizens can still purchase Russian debt and then in turn sell it to US investors. The sanctions came just two days after Biden and Putin spoke by telephone, when President Biden says he informed Putin that he had the option of imposing tougher measures but had chosen not to. Biden's proposal that the two meet in a third country this summer was also made during the call. [...] https://www.dw.com/en/russia-expels-us-and-polish-diplomats-over-sanctions/a-57232644 Link to comment Share on other sites More sharing options...
BansheeOne Posted April 30, 2021 Share Posted April 30, 2021 Quote US Embassy in Moscow cuts staff and visa services 6h ago The move comes after President Vladimir Putin signed a decree to limit the number of Russians employed at embassies of countries deemed to be "unfriendly." The US Embassy in Moscow announced Friday that it would cut consular services and staff in line with new restrictions imposed by Russia. "We regret that the actions of the Russian government have forced us to reduce our consular work force by 75% and will endeavor to offer to US citizens as many services as possible," a statement published on the Embassy's website said. A law signed by Russian President Vladimir Putin last week allows the country to cap the number of local staff working at foreign diplomatic missions, or ban them entirely. The law also requires the government to draw up a list of "unfriendly" states that would be subject to the changes. What else did the US Embassy say? The Embassy's statement said it would limit consular services to cover only emergency cases from May 12 due to the government's "intention to prohibit US Mission Russia from employing foreign nationals in any capacity." It also said nondiplomatic visas will only be processed in cases of emergency. The Embassy "strongly" urged US citizens in Russia with an expired visa to leave the country before the June 15 deadline set by the Russian government. The state of US-Russia relations The changes at the US Embassy come amid a wave of expulsions of Russian diplomats from the US and several European countries. Moscow has responded with expulsions of its own. Earlier this month, Washington kicked out 10 Russian diplomats in connection with cyberattacks against government agencies and meddling in the 2020 US presidential elections. The US has also imposed numerous sanctions on Russian entities. Tensions between Russia and the West have also been increasing over a recent military buildup on the border to eastern Ukraine, and the jailing of opposition activist Alexei Navalny. https://m.dw.com/en/us-embassy-in-moscow-cuts-staff-and-visa-services/a-57385581 Link to comment Share on other sites More sharing options...
Adam Peter Posted May 2, 2021 Share Posted May 2, 2021 On 4/30/2021 at 5:05 PM, BansheeOne said: US Embassy in Moscow cuts staff and visa services The Saigon moment of the just declared terrorist-friendly Navalny movement? Link to comment Share on other sites More sharing options...
BansheeOne Posted May 10, 2021 Share Posted May 10, 2021 (edited) Wrong thread. Edited May 10, 2021 by BansheeOne Link to comment Share on other sites More sharing options...
BansheeOne Posted June 13, 2021 Share Posted June 13, 2021 Not sure which American hackers Vlad has in mind, but I take this as a trolling attempt anyway. Quote Putin: Russia open to hacker exchange with US 57m ago Recent cyberattacks on critical US infrastructure and companies have been blamed on Russian hackers. US President Joe Biden vowed to raise the issue during his meeting with President Vladimir Putin next week. Moscow could hand over wanted hackers to Washington if the United States extradites its own cybercriminals to Moscow, Russian President Vladimir Putin said on Sunday. He made the comments ahead of an expected extradition request by US President Joe Biden when the pair meet in Geneva on Wednesday. Biden resolved to take action after several cybersecurity breaches, including ransomware attacks, on US companies and infrastructure in recent months, which are believed to have originated in Russia. The most recent ransomware incidents targeted the US's largest vehicle fuel pipeline operator Colonial Pipeline and top meat processor JBS earlier this month. Ransom software works by encrypting victims' data. Typically hackers will offer the victim a key in return for cryptocurrency payments that can run into hundreds of thousands or even millions of dollars. What did Putin suggest? In an interview on state TV, Putin stressed that cybersecurity was one of the most important issues at present, because "turning all kinds of systems off can lead to really difficult consequences." ″If we agree to extradite criminals, then, of course, Russia will go for it. But only if the other side, in this case, the United States, agrees to the same thing,″ Putin said. The Russian leader said he expected next week's meeting with Biden in Geneva to help establish bilateral dialogue and revive personal contacts. He added that important issues for the two men included strategic stability, Libya and Syria, and the environment. [...] https://m.dw.com/en/putin-russia-open-to-hacker-exchange-with-us/a-57871507 Link to comment Share on other sites More sharing options...
Ivanhoe Posted June 13, 2021 Share Posted June 13, 2021 Yeah, does sound like trolling. Nothing to be learned from America's black-hat hackers that Russian black-hat hackers don't already know. As for state-sponsored, obviously nothing to be gained by either nation by handing over anyone who hacked the other nation. Though Biden is definitely dumb enough to sign an agreement or treaty with Putin agreeing to extradite Americans to Russia for any reason. Putin could decimate the USG. Link to comment Share on other sites More sharing options...
JWB Posted June 13, 2021 Share Posted June 13, 2021 It is trolling. Russian Constitution forbids extradition. Link to comment Share on other sites More sharing options...
glenn239 Posted June 14, 2021 Share Posted June 14, 2021 22 hours ago, Ivanhoe said: Though Biden is definitely dumb enough to sign an agreement or treaty with Putin agreeing to extradite Americans to Russia for any reason. Putin could decimate the USG. Biden would never sign such an agreement. Link to comment Share on other sites More sharing options...
Tim Sielbeck Posted June 15, 2021 Share Posted June 15, 2021 Biden can sign all the agreements he wants. They won't have any force until the Senate ratifies them. Link to comment Share on other sites More sharing options...
BansheeOne Posted July 5, 2021 Share Posted July 5, 2021 Quote Date 05.07.2021 Kaseya cyberattack: Hackers want $70 million for decryption The Russian-linked REvil ransomware group is alleged to have carried out an attack that affected hundreds of companies worldwide. Joe Biden says the US will respond if the Kremlin is involved. The hackers behind a huge ransomware attack said late Sunday on their blog that they want $70 million (€59 million) in Bitcoin to publicly release what they are calling a "universal decryptor." The firm Kaseya, which helps firms remotely manage their IT infrastructure, was hit Friday in an attack believed to have been carried out by Russian-linked cybercrime gang REvil. The attack infected hundreds of companies in at least 17 countries. The group is best known for the recent attack on JBS meat processing. In that instance, REvil was able to extort $11 million from the firm in a ransomware payment. On Saturday, US President Joe Biden said there would be a response if investigations determined the Kremlin was linked in any way. Which companies were hit in this latest ransomware attack? The Miami-based firm Kaseya said a broad array of small businesses — including in financial services, travel and leisure, and public agencies on all continents — were hit in this latest ransomware attack. [...] CEO Fred Voccola of Kaseya said he believes the number of victims is in the low thousands, noting that it was mostly small businesses like "dental practices, architecture firms, plastic surgery centers, libraries, things like that.'' Voccola added that only between 50 to 60 of the company's 37,000 customers were compromised by REvil. Kaseya has hired cybersecurity firm Mandiant to investigate the breach. While the CEO would not confirm details of the hack, Voccola did say the attack was not based on phishing and that the level of sophistication "was extraordinary." Of the systems that were attacked, 70% were managed service providers who used Kaseya's VSA software to manage multiple customers. That software automates the installation of security updates, and manages backups and other essential functions. At present, Kaseya believes REvil did not just breach its code, but likely exploited vulnerabilities in third-party software. What are the reactions to this latest ransomware attack? The FBI said in a statement that it is investigating, but the scale of the cyberattack "may make it so that we are unable to respond to each victim individually.'' US Deputy National Security Advisor Anne Neuberger said Biden had "directed the full resources of the government to investigate this incident'' and urged anyone who believes their systems were compromised to contact the FBI. Cybersecurity expert Dmitri Alperovitch of the Silverado Policy Accelerator think tank said he does not believe there is likely to be Kremlin involvement; but rather, the attack indicates Russian authorities "have not yet moved" on shutting down ransomware gangs operating on Russian soil. The most serious of ransomware gangs operate from within Russia or aligned states. They are tolerated by the Russian authorities and sometimes work with the security services. https://www.dw.com/en/kaseya-cyberattack-hackers-want-70-million-for-decryption/a-58158481 Link to comment Share on other sites More sharing options...
Ssnake Posted July 5, 2021 Share Posted July 5, 2021 I see a lot of huffing and puffing from the US president. I don't expect to see much of a reaction that might actually deter the Kremlin mobsters. Si tacuisses... Link to comment Share on other sites More sharing options...
Stuart Galbraith Posted July 5, 2021 Share Posted July 5, 2021 He is already setting up the result he wanted. 'We dont think it is the Russian Government', when, almost certainly, its exactly that. What do you do? When its becomes a threat to life, then put a smart bomb through the window of the people doing it. I do not believe anything less than that will achieve an effect. Biden and relatively few Presidents are willing to go that far, and thats why it will keep happening. Link to comment Share on other sites More sharing options...
glenn239 Posted July 5, 2021 Share Posted July 5, 2021 Not sure starting WW3 to prevent a $70 million hack is a rational strategy. Link to comment Share on other sites More sharing options...
Stuart Galbraith Posted July 5, 2021 Share Posted July 5, 2021 If Russia launchers a cyber attack that interferes with a states ability to function, to cause the breakdown of vital services, that even causes deaths, then that is an act of war. You can duck behind the Sofa as often as you like Glenn, but you dont avoid WW3 when the other side is already fighting WW3. Why is a Cyber attack any different from strategic bombing, if its effect can also kill people? Has it got that bad yet? Not yet. But we had the British NHS hacked very similarly with randsomware attacks some years ago. We do not know if that caused deaths, but it seems possible. Let us suppose someone attacks the US pharma firms, or even freight distribution companies, delaying vaccine deployment and as a result Coronavirus gets out of control again. Would that not an act of war? What would you call another 500000 dead? We are all vulnerable to this kind of attack. Russia simply must be made to understand the potential consequences of its actions, or like a spoilt 4 year old, its going to keep on doing what it enjoys, regardless of consequence. And one day there will inevitably be consequences whether you want them or not. Link to comment Share on other sites More sharing options...
RETAC21 Posted July 5, 2021 Share Posted July 5, 2021 1 hour ago, Stuart Galbraith said: If Russia launchers a cyber attack that interferes with a states ability to function, to cause the breakdown of vital services, that even causes deaths, then that is an act of war. You can duck behind the Sofa as often as you like Glenn, but you dont avoid WW3 when the other side is already fighting WW3. Why is a Cyber attack any different from strategic bombing, if its effect can also kill people? Has it got that bad yet? Not yet. But we had the British NHS hacked very similarly with randsomware attacks some years ago. We do not know if that caused deaths, but it seems possible. Let us suppose someone attacks the US pharma firms, or even freight distribution companies, delaying vaccine deployment and as a result Coronavirus gets out of control again. Would that not an act of war? What would you call another 500000 dead? We are all vulnerable to this kind of attack. Russia simply must be made to understand the potential consequences of its actions, or like a spoilt 4 year old, its going to keep on doing what it enjoys, regardless of consequence. And one day there will inevitably be consequences whether you want them or not. Glenn has a point that there's an scale here, all of those cases should fall under terrorism, and if a business is so vulnerable as to cause an additional 500.000 dead, well, maybe the business had some responsibility on its own security. Link to comment Share on other sites More sharing options...
glenn239 Posted July 5, 2021 Share Posted July 5, 2021 (edited) 2 hours ago, Stuart Galbraith said: If Russia launchers a cyber attack that interferes with a states ability to function, to cause the breakdown of vital services, that even causes deaths, then that is an act of war. You can duck behind the Sofa as often as you like Glenn, but you dont avoid WW3 when the other side is already fighting WW3. Why is a Cyber attack any different from strategic bombing, if its effect can also kill people? You said to kill Russian hackers with an airstrike in Russia. Wouldn't really matter what the conditions were that prompted the airstrike, any airstrike on Russian national soil will result in missile attacks on American soil. And from there, well, you get the picture. To answer your question. The key to dominating in confrontations these days is understanding and manipulating the escalation cycle. You see it happening all the time. The trick is to have options that allow you to escalate in a rational fashion, but also, are sufficiently refined in character that the enemy is not justified in escalating further themselves. You grock? Because I don't think you grock. Bombing Russia because some teenagers did a hack would be like taking a dump on a restaurant's reception counter because they got your order wrong. Quote We are all vulnerable to this kind of attack. Russia simply must be made to understand the potential consequences of its actions, or like a spoilt 4 year old, its going to keep on doing what it enjoys, regardless of consequence. And one day there will inevitably be consequences whether you want them or not. One minute your all hot to trot for global crusades and wars with everyone, the next you're whining about cyber attacks and push back....pick a lane? The reason why the Americans are reluctant to respond too forcefully is because the dynamics of the escalation cycle are poor. The problem with Russia is that the way escalation will play out is poor for us. That's why I would like to see an agreement cut where Putin gets his sphere of influence and he can putter in it. Because that's the best we can hope for. Edited July 5, 2021 by glenn239 Link to comment Share on other sites More sharing options...
glenn239 Posted July 5, 2021 Share Posted July 5, 2021 4 minutes ago, RETAC21 said: Glenn has a point that there's an scale here, all of those cases should fall under terrorism, and if a business is so vulnerable as to cause an additional 500.000 dead, well, maybe the business had some responsibility on its own security. Had Stuart said to kidnap the hackers and bring them west for trial, I'd be on board for that. Even an assassination on a street corner type thing. The escalation dynamics to that are not so bad. But bombing Russia? That's World War 3 because the counterattack will be right into Washington and the continental US, and then it's on. Link to comment Share on other sites More sharing options...
Stuart Galbraith Posted July 6, 2021 Share Posted July 6, 2021 14 hours ago, RETAC21 said: Glenn has a point that there's an scale here, all of those cases should fall under terrorism, and if a business is so vulnerable as to cause an additional 500.000 dead, well, maybe the business had some responsibility on its own security. Yes, but nobody ever used the argument that if a house fell from being bombed, it should have been better built. The prime responsiblity is upon the attacker, not the victim. Yes of course companies have a responsiblity for infrastructure. I just have an unhappy feeling there is no such thing as a perfectly secure system. Even if there was, it doesnt remove the responsiblity of any nation state understaking attempts against it. A terrorist attack may fail, but its still a terrorist attack. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now