Adam Peter Posted May 13, 2021 Posted May 13, 2021 On 5/11/2021 at 10:40 PM, DKTanker said: Evidently nothing. WH says it was an attack on a private company, no biggie. Republican outcry due to the federal law on the table of Biden: - state agencies required to keep a cybersecurity standard - they can do business with private companies adhere to the same standard How good are the chances of Free Speech(TM) against minimum password complexity, remembering the last twenty password (or at least the hash) and refuse to reuse, and require to change after 30 days?
BansheeOne Posted May 13, 2021 Posted May 13, 2021 Quote Date 12.05.2021 US: Hacked Colonial Pipeline restarts amid local fuel shortages The Colonial Pipeline has started to deliver fuel across the eastern seaboard once again as gas stations begin to run dry. Pipeline operators warn it may take days for operations to resume at full capacity. The largest gas pipeline in the US restarted its operations on Wednesday after being knocked out for six days by a cyberattack. Fuel supply has come under strain in several states on the east coast after motorists began panic buying gas despite pleas from US authorities. The supply "crunch" led Florida and several other states to declare a state of emergency. "Following this restart, it will take several days for the product delivery supply chain to return to normal," the Colonial company said in a statement. Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions during the start-up period," the statement added. US Secretary of Energy Jennifer Granholm welcomed the news on Twitter. "We just got off the phone with Colonial Pipeline CEO. They are restarting pipeline operations today at around 5 p.m. (21:00 UTC)," she wrote. [...] Supply 'crunch' leads to panic buying The pipeline, which provides around 45% of the gas supply to the east coast, was hit by a cyberattack on Friday that locked company computers, demanding a ransom to release them. The company refused to pay the hackers, suspected by the FBI to be a group of professional cyber criminals known as DarkSide. The loss of supply from the Colonial pipeline left authorities scrambling to fill the gap with gas from the Gulf Coast. Officials tried to assure people that the pipeline shutdown had not affected supply, but concern among motorists led to panic buying which emptied out thousands of gas stations across several states. The success of the cyberattack in halting the vital pipeline's operations for almost a week has raised concerns about the vulnerability of critical US infrastructure. https://www.dw.com/en/us-hacked-colonial-pipeline-restarts-amid-local-fuel-shortages/a-57515083
DKTanker Posted May 13, 2021 Posted May 13, 2021 9 hours ago, Josh said: So what again was Trump's reaction to the Solar Winds hack? Did he lay down the law? Your obsession is palpable.
rmgill Posted May 13, 2021 Posted May 13, 2021 9 hours ago, Adam Peter said: Republican outcry due to the federal law on the table of Biden: - state agencies required to keep a cybersecurity standard - they can do business with private companies adhere to the same standard Hell, the Obama Admin outsourced the OPM Database administration to a Chinese National based IN CHINA. That's like a banking CTO, why not hire an off shore Nigerian Cyber Security firm noone's ever heard of before? Quote How good are the chances of Free Speech(TM) against minimum password complexity, remembering the last twenty password (or at least the hash) and refuse to reuse, and require to change after 30 days? Is this meant to be tongue in cheek or are you seriously asking about secure password wallets that have solid two factor authentication?
rmgill Posted May 13, 2021 Posted May 13, 2021 (edited) 11 hours ago, Josh said: So what again was Trump's reaction to the Solar Winds hack? Did he lay down the law? He could have done anything from Airstrikes to covert ops. You'd have been unhappy with any of it. So what's it matter? From where I sit in the IT world, there was apparently a lot of very quiet reactions in terms of remediation and hole patching. But it was all about not showing where vulnerabilities were. I suspect CSOs from a range of companies (Cyber Security Officers) asked the Trump admin/US Government to not talk about it because if you look around, you'll note that they aren't talking about it either. Engage your brain and think about why that might be. Edited May 13, 2021 by rmgill
EchoFiveMike Posted May 13, 2021 Posted May 13, 2021 Nothing is resolved without accountability, accountability means nothing without punishment. So what money grubbing fucks have been punished? And I don't mean "lose job and retire to Caribbean with millions." I mean getting their face smashed into the bars by D'tron for 40yrs. S/F...Ken M
Josh Posted May 13, 2021 Posted May 13, 2021 10 hours ago, DKTanker said: Your obsession is palpable. I’m simply calling a spade a spade, and apparently you have no counter argument.
Josh Posted May 13, 2021 Posted May 13, 2021 7 hours ago, rmgill said: He could have done anything from Airstrikes to covert ops. You'd have been unhappy with any of it. So what's it matter? From where I sit in the IT world, there was apparently a lot of very quiet reactions in terms of remediation and hole patching. But it was all about not showing where vulnerabilities were. I suspect CSOs from a range of companies (Cyber Security Officers) asked the Trump admin/US Government to not talk about it because if you look around, you'll note that they aren't talking about it either. Engage your brain and think about why that might be. Trump barely even condemned Russia. In fact I don’t recall any official statements, they I assume some part of his administration did so. Did he even so much as condemn Russia personally for the attack?
Angrybk Posted May 13, 2021 Posted May 13, 2021 [sigh] pipeline got hit by ransomware. Most of the sophisticated ransomware programs are run by Russians, as is most sophisticated malware in general. That's a whole 'nother topic, but this was a crime thing. Colonial pipeline paid it, which IMHO was a bad call. This was not some nation-state thing, it was a criminal gang that bit off a bit more than they expected to (and still made out great!) https://www.bostonglobe.com/2021/05/13/business/colonial-pipeline-paid-hackers-nearly-5-million-ransom/
DKTanker Posted May 13, 2021 Posted May 13, 2021 17 minutes ago, Josh said: I’m simply calling a spade a spade, and apparently you have no counter argument. You have an obsession, I'm certainly not going to enable what perhaps should be handled by a professional.
nitflegal Posted May 14, 2021 Posted May 14, 2021 1 hour ago, Angrybk said: [sigh] pipeline got hit by ransomware. Most of the sophisticated ransomware programs are run by Russians, as is most sophisticated malware in general. That's a whole 'nother topic, but this was a crime thing. Colonial pipeline paid it, which IMHO was a bad call. This was not some nation-state thing, it was a criminal gang that bit off a bit more than they expected to (and still made out great!) https://www.bostonglobe.com/2021/05/13/business/colonial-pipeline-paid-hackers-nearly-5-million-ransom/ And in my ideal world those responsible would wake up much like Osama did to a bunch of guys in NODs before a brief flash in a very deniable but public way. Nation state, criminal gang, or combination of the two should have the same result when they do something big enough to mess with that actual infrastructure thing Biden's gang keeps getting confused about.
rmgill Posted May 14, 2021 Posted May 14, 2021 (edited) 4 hours ago, Josh said: Trump barely even condemned Russia. In fact I don’t recall any official statements, they I assume some part of his administration did so. Did he even so much as condemn Russia personally for the attack? Was it ever even positively nailed down as Russian Government related? If not why not? Are you in the know? Again, WORKING in IT for one of the companies that was named as hit but the Solar Winds/Sunburst incident, OUR CSO was very MUM about the whole thing. I work with these guys and help them set up their threat detection hardware in my computer rooms and helped them get their various data taps around the company. I can go into several rooms and lay hands on the FireEye hardware that we have for this threat detection. THEY didn't talk with me about it much for various reasons. There's reasons for that sometimes you know. Comparatively, did you note how the Current White House Press Secretary noted that this was all private business stuff and not really a concern of the White House? So....to use your example. You can clearly point to how Biden is doing more than Trump did...right Josh? Come on, show us how Biden sent his son in to fix the problem for $200,000 a week! He's high powered oil company leadership material right ? How can he leave talent like that benched? Come on man! Edited May 14, 2021 by rmgill
Stuart Galbraith Posted May 14, 2021 Posted May 14, 2021 (edited) 3 hours ago, rmgill said: Was it ever even positively nailed down as Russian Government related? If not why not? Are you in the know? Again, WORKING in IT for one of the companies that was named as hit but the Solar Winds/Sunburst incident, OUR CSO was very MUM about the whole thing. I work with these guys and help them set up their threat detection hardware in my computer rooms and helped them get their various data taps around the company. I can go into several rooms and lay hands on the FireEye hardware that we have for this threat detection. THEY didn't talk with me about it much for various reasons. There's reasons for that sometimes you know. Comparatively, did you note how the Current White House Press Secretary noted that this was all private business stuff and not really a concern of the White House? So....to use your example. You can clearly point to how Biden is doing more than Trump did...right Josh? Come on, show us how Biden sent his son in to fix the problem for $200,000 a week! He's high powered oil company leadership material right ? How can he leave talent like that benched? Come on man! Ryan, if some 15 year old hacked the Pentagon from his mothers basement, what do you think they would do about it? Thats right, they would arrest him. If he hacked a major ally, oh I dont know, say Britain, what do you think they would do? They would arrest him. If they hacked somebody you are not allies with , and there was sufficient evidence, what do you think they would do? Thats right, they would arrest him. Turn it around the other way. What action has Russia ever taken, when citizens, civilian or intelligence, hacked into your computer systems? Nothing. Nada. Absolutely bugger all. Edward Snowden, did they ever return him? Nope, he is still there spilling the beans about the most intimate security systems for all the world to see. If there are hackers in Russia that are hacking your computer systems, and they are not being arrested, censured, otherwise dealt with, there is only one possible conclusion. They are either doing it with the tacit support of the Russian Government, or, and there is alot of evidence for this, in many cases, they ARE the Russian Government. Edited May 14, 2021 by Stuart Galbraith
BansheeOne Posted May 14, 2021 Posted May 14, 2021 Meanwhile in Ireland: Quote Date 14.05.2021 Ireland shuts down health IT system after ransomware attack Ireland's health regulator said the shutdown of health system computers is a precaution and the COVID vaccination program is unaffected. Ireland's health service said Friday it has shut down its IT systems after being targeted in a "significant ransomware attack." "We have taken the precaution of shutting down all our IT systems in order to protect them from this attack and to allow us [to] fully assess the situation with our own security partners," the Health Service Executive said on Twitter. The health regulator added that the move is a precaution, and appointments for coronavirus vaccination have not been affected. HSE Chief Executive Paul Reid told national broadcaster RTE that the attack was "very sophisticated" and was "impacting all of our national and local systems that would be involved in all of our core services." He said the incident was largely affecting information stored on central servers and not hospital equipment. Hospital labels attack a 'critical emergency' However, Dublin's Rotunda maternity hospital said it was canceling most routine appointments due to the IT issues, calling the situation a "critical emergency." [...] https://www.dw.com/en/ireland-shuts-down-health-it-system-after-ransomware-attack/a-57526736
JasonJ Posted May 14, 2021 Author Posted May 14, 2021 A Toshiba unit was hacked by them. Quote TOKYO/PARIS (Reuters) -- A Toshiba Corp unit said it was hacked by the DarkSide ransomware group, overshadowing an announcement of a strategic review for the Japanese conglomerate under pressure from activist shareholders to seek out suitors. Toshiba Tec Corp, which makes products such as bar code printers and is valued at $2.3 billion, was hacked by DarkSide - the group widely believed to be behind the recent Colonial Pipeline attack, its French subsidiary said. It added, however, that only a minimal amount of work data had been lost. "There are around 30 groups within DarkSide that are attempting to hack companies all the time, and they succeeded this time with Toshiba," said Takashi Yoshikawa, a senior malware analyst at Mitsui Bussan Secure Directions. Employees accessing company computer systems from home during pandemic lockdowns have made firms more vulnerable to cyber attacks, he added. Screenshots of DarkSide's post provided by the cybersecurity firm said more than 740 gigabytes of information was compromised and included passports and other personal information. Reuters could not access DarkSide's public-facing website on Friday. Security researchers said DarkSide's multiple websites had stopped being accessible. Ransomware attacks have increased in number and amount of demands, with hackers encrypting data and seeking payment in cryptocurrency to unlock it. They increasingly release stolen data as well, or threaten to unless they are paid more. Ireland's health service said on Friday it had shut down its IT systems after what it described as a "significant" ransomware attack. Investigators in the U.S's Colonial case say the attack software was distributed by DarkSide, which includes Russian speakers and avoids hacking targets in the former Soviet Union. DarkSide lets "affiliates" hack into targets elsewhere, then handles the ransom negotiation and data release. Amid calls from shareholders to explicitly seek offers from potential suitors after dismissing a $20 billion take-private bid from CVC Capital this year, Toshiba said it was setting up a strategic review committee and had appointed UBS as financial adviser. The review will be conducted by independent directors and is designed to help the board consider a new business plan to be put forward by management by October. The CVC offer faced strong opposition within the company. Its plan to retain management was perceived by some as aimed at shielding former CEO Nobuaki Kurumatani from activist shareholders. At a briefing by the company on Friday, 3D Investment Partners and Farallon Capital Management, its No. 2 and No. 3 shareholders respectively, both criticised Toshiba for appearing reluctant to consider offers to go private. Chief Executive Satoshi Tsunakawa responded that the company has "no reluctance to consider various proposals to increase corporate value, including going private." Sources have said other private equity investors such as KKR & Co Inc and Bain Capital are interested in Toshiba. However, the Asahi newspaper reported on Friday that Bain Capital is not considering buying Toshiba, citing an interview with Yuji Sugimoto, the head of Bain Capital's Japan operations. Battered by accounting scandals, massive writedowns for its U.S. nuclear business as well as the sale of its chip unit, Toshiba is a shadow of its former self. But it remains one of Japan's few manufacturers of nuclear power reactors and makes defence equipment, meaning any sale of would require government approval. Toshiba on Friday forecast a 63% rise in annual operating profit to 170 billion yen ($1.6 billion), rebounding from pandemic-induced pain in the last year and as restructuring measures bear fruit. That follows a 20% slide in profit last year. Toshiba also nominated four new board members after Kurumatani resigned last month. Kurumatani had been under fire due to allegations that investors were pressured before a shareholder meeting last year to support desired board nominations. Shareholders in March successfully voted for an independent investigation into those allegations, marking a watershed victory for corporate governance in Japan. The probe is due to conclude before this year's annual general meeting on June 25. The board nominations announced on Friday included George Olcott, a former UBS banker who is also an independent board member at Japanese beer maker Kirin Holdings. https://asia.nikkei.com/Business/Companies/Toshiba-unit-hacked-by-DarkSide-conglomerate-to-undergo-review
Josh Posted May 14, 2021 Posted May 14, 2021 12 hours ago, DKTanker said: You have an obsession, I'm certainly not going to enable what perhaps should be handled by a professional. I feel the same way about Trump supporters.
Josh Posted May 14, 2021 Posted May 14, 2021 8 hours ago, rmgill said: Was it ever even positively nailed down as Russian Government related? If not why not? Are you in the know? Again, WORKING in IT for one of the companies that was named as hit but the Solar Winds/Sunburst incident, OUR CSO was very MUM about the whole thing. I work with these guys and help them set up their threat detection hardware in my computer rooms and helped them get their various data taps around the company. I can go into several rooms and lay hands on the FireEye hardware that we have for this threat detection. THEY didn't talk with me about it much for various reasons. There's reasons for that sometimes you know. Comparatively, did you note how the Current White House Press Secretary noted that this was all private business stuff and not really a concern of the White House? So....to use your example. You can clearly point to how Biden is doing more than Trump did...right Josh? Come on, show us how Biden sent his son in to fix the problem for $200,000 a week! He's high powered oil company leadership material right ? How can he leave talent like that benched? Come on man! Ever part of the intelligence community laid the blame of Solar Winds on Russia. To the extent we can ever know anything about a hack, it was 'known' to be the Russians. Even if it wasn't the Russians, one would think after the biggest security compromise in US history that the US president would at least make some kind of noises to the effect of holding whoever was responsible accountable. I actually agree with you that the Biden response to the most recent attack has been limp wristed, and I hardly think Biden is a particularly capable president. I simply think he is a far more capable president than the alternative.
rmgill Posted May 14, 2021 Posted May 14, 2021 7 hours ago, Stuart Galbraith said: Ryan, if some 15 year old hacked the Pentagon from his mothers basement, what do you think they would do about it? Thats right, they would arrest him. If he hacked a major ally, oh I dont know, say Britain, what do you think they would do? They would arrest him. This all depends on if someone is able to track back to the source. Part of the problem with modern hacking is the use of zombie hosts that one has infiltrated as dead drops for the scripts to call back to. This isn't the old days of war dialing up numbers with your modem to call up that company's modem lines with a connection that leads back to your home phone. 7 hours ago, Stuart Galbraith said: Turn it around the other way. What action has Russia ever taken, when citizens, civilian or intelligence, hacked into your computer systems? Nothing. Nada. Absolutely bugger all. Edward Snowden, did they ever return him? Nope, he is still there spilling the beans about the most intimate security systems for all the world to see. He was also revealing that the US government was doing thing's it's not supposed to do to it's own citizens. Which is a bigger issue.
rmgill Posted May 14, 2021 Posted May 14, 2021 1 hour ago, Josh said: Ever part of the intelligence community laid the blame of Solar Winds on Russia. To the extent we can ever know anything about a hack, it was 'known' to be the Russians. Even if it wasn't the Russians, one would think after the biggest security compromise in US history that the US president would at least make some kind of noises to the effect of holding whoever was responsible accountable. Again, The OPM Hack was the largest in the US Gov't's history. How again was that accomplished. They GAVE access to Chinese agents. That compromised US intelligence staff by giving biometric and personal medical/family data to China and whomever they wanted to share it with. Who was responsible there again? 1 hour ago, Josh said: I actually agree with you that the Biden response to the most recent attack has been limp wristed, and I hardly think Biden is a particularly capable president. I simply think he is a far more capable president than the alternative. Far more capable how? At being a figure head?
glenn239 Posted May 14, 2021 Posted May 14, 2021 31 minutes ago, rmgill said: This all depends on if someone is able to track back to the source No, it doesn't. It all depends on how the experts map out the likely escalation cycle that flows from a series of increasingly strong retaliations. If Biden is taking it cautious, then I would assume that the adults, (real adults, not the political sociopath climber types that infest Washington) will have warned him that the escalation cycle of a war with Russia could very well lead into a dark forest where the collapse of the US economy is something that cannot be ruled out. One assumes that this pipeline is what can happen to practically anything. Tomorrow, today, one or all at a time. Quote Far more capable how? At being a figure head? Give Josh time on Biden. He was convinced that he'd be a better president than Trump, but so far I'm not seeing it. He's dropped the ball on the border, veering towards catastrophe with Russia, playing with fire with the US economy, and making the social divisions worse and not better. But, Trump sucked his first months in office too, so I would hope that Biden will start gaining traction here soon. If he has the energy to do so.
Ivanhoe Posted May 14, 2021 Posted May 14, 2021 35 minutes ago, glenn239 said: ... the escalation cycle of a war with Russia could very well lead into a dark forest where the collapse of the US economy is something that cannot be ruled out. One assumes that this pipeline is what can happen to practically anything. Tomorrow, today, one or all at a time. IMHO the biggest threat to the US economy is not Rooshians, it is Washington DC. To support that contention, look at the US's non-recovery from the Great Depression vs the other industrial nations like Britain. And for the extreme case, Venezuela.
Stuart Galbraith Posted May 14, 2021 Posted May 14, 2021 2 hours ago, rmgill said: This all depends on if someone is able to track back to the source. Part of the problem with modern hacking is the use of zombie hosts that one has infiltrated as dead drops for the scripts to call back to. This isn't the old days of war dialing up numbers with your modem to call up that company's modem lines with a connection that leads back to your home phone. He was also revealing that the US government was doing thing's it's not supposed to do to it's own citizens. Which is a bigger issue. From what I've been hearing, this organization has never launched an attack on Russia. It's worth considering the reasons why that is. Snowdon didn't just sell your Government out, he sold your allies out as well. I'm not buying the excuse, it's the same one Kim Philby and George Blake used.
Ivanhoe Posted May 14, 2021 Posted May 14, 2021 37 minutes ago, Stuart Galbraith said: Snowdon didn't just sell your Government out, he sold your allies out as well. I'm not buying the excuse, it's the same one Kim Philby and George Blake used. The interviews with Snowden that I've watched, its pretty clear that he will never accept that his methods were damaging, regardless of the idealistic intent, and never considered the consequences of his actions before taking them. In a way, that lack of responsibility makes me a bit glad he didn't have access to even more critical stuff. Imagine a scenario where the US Army is doing gain-of-function research on smallpox or Ebola or whatever, so Snowden takes a vial of Turbo Germ out of the facility and hands it to a random journalist, assuming the journalist will take all proper precautions etc. Next thing you know, Boko Haram or North Korea or whoever is using it on their enemies en masse.
Ivanhoe Posted May 14, 2021 Posted May 14, 2021 16 hours ago, nitflegal said: And in my ideal world those responsible would wake up much like Osama did to a bunch of guys in NODs before a brief flash in a very deniable but public way. Nation state, criminal gang, or combination of the two should have the same result when they do something big enough to mess with that actual infrastructure thing Biden's gang keeps getting confused about. During the peak of the SolarWinds debacle, several IT security gurus wrote that the US was spending billions on cyber offense, but little on defense. Possibly true in terms of relative $, but IMHO its less a matter of spending and more a matter of dysfunctional executive culture. For example, many US civilian and military organizations were using SolarWinds, without doing a proper audit of their security. The industry in general as well as the GS culture are all about compliance, rather than real security. And I wonder how much interaction the HUMINT side of the CIA works with the SIGINT arm of the CIA, along with the NSA. If we took HUMINT more seriously, then we might actually have names and faces to connect to APT29 etc. NIST puts out all sorts of good guidance that mostly gets ignored. NSA puts out some good stuff (not as much as I'd like). I haven't looked at much of CISA's work product. What I can tell you is that small & medium businesses just aren't going to have the manhours/year available to implement IT that can survive attack by APTs. One thing the gov't could be doing, but isn't, is publishing easy-to-use hardening templates for Win10/WinServer. Telling a 2-man IT shop to just start STIGging is malpractice.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now