Monday, December 14, 2020

The greatest hack in history: Thank you, Donald Trump!

Before the election, Congress was briefed on foreign efforts to hack our election systems. The Trump administration prevented public discussion of these briefings. 
Now -- in what very well may be a related story -- we are getting a glimpse of Russian attempts to commandeer the systems at Treasury and Commerce.
"Treasury and Commerce?" I hear you asking. "How bad can that be?" 
It's worse than you think. It's worse than they're telling you.
The above-linked NYT article offers not-so-subtle hints that these initial reports give us just the tip of the proverbial iceberg. When Biden is president -- never thought I'd say "when," not "if"! -- we will, I hope, learn the full scope of this catastrophe.

Officials said a hunt was on to determine if other parts of the government had been affected by what looked to be one of the most sophisticated, and perhaps among the largest, attacks on federal systems in the past five years. Several said national security-related agencies were also targeted, though it was not clear whether the systems contained highly classified material.

The Trump administration said little in public about the hack, which suggested that while the government was worried about Russian intervention in the 2020 election, key agencies working for the administration — and unrelated to the election — were actually the subject of a sophisticated attack that they were unaware of until recent weeks.

I'll say it again: This goes way beyond Treasury and Commerce
Hackers believed to be operating on behalf of a foreign government have breached software provider SolarWinds and then deployed a malware-laced update for its Orion software to infect the networks of multiple US companies and government networks, US security firm FireEye said today.

The Washington Post cited sources claiming that multiple other government agencies were also impacted.

Reuters reported that the incident was considered so serious that it led to a rare meeting of the US National Security Council at the White House, a day earlier, on Saturday.

Sources speaking with the Washington Post linked the intrusion to APT29, a codename used by the cyber-security industry to describe hackers associated with the Russian Foreign Intelligence Service (SVR).

SolarWinds published a press release late on Sunday admitting to the breach of Orion, a software platform for centralized monitoring and management, usually employed in large networks to keep track of all IT resources, such as servers, workstations, mobiles, and IoT devices.

The software firm said that Orion update versions 2019.4 through 2020.2.1, released between March 2020 and June 2020, have been tainted with malware.

FireEye named this malware SUNBURST and published a technical report earlier today, along with detection rules on GitHub.

Microsoft named the malware Solorigate and added detection rules to its Defender antivirus.

Well, I'll run a scan. Not that my dinky little system matters.
Remember when Trump said he wanted to work with Russia on cyber security? 
The cyber spies are believed to have gotten in by surreptitiously tampering with updates released by IT company SolarWinds, which serves government customers across the executive branch, the military, and the intelligence services, according to two people familiar with the matter. The trick - often referred to as a “supply chain attack” - works by hiding malicious code in the body of legitimate software updates provided to targets by third parties.
I hate updates.
The major point is this: SolarWinds services Spooksville. So don't tell yourself that the problem is contained purely within the Treasury and Commerce Departments. 

Moreover, the Commerce hack is far more significant than you may at first realize.
Hackers broke into the NTIA’s office software, Microsoft’s Office 365. Staff emails at the agency were monitored by the hackers for months, sources said.
NTIA = National Telecommunications and Information Administration, part of the Commerce Department. One cannot easily overstate the importance of this agency to the running of the internet -- and I mean the entire damned internet -- as well supervising the radio frequency spectrum and the great transition to 5G. Skim this page and you'll soon see what I mean. 
As I said: This is big. This is massive.

From the afore-linked FireEye site: 

Based on our analysis, the attacks that we believe have been conducted as part of this campaign share certain common elements:

  • Use of malicious SolarWinds update: Inserting malicious code into legitimate software updates for the Orion software that allow an attacker remote access into the victim’s environment
  • Light malware footprint: Using limited malware to accomplish the mission while avoiding detection
  • Prioritization of stealth: Going to significant lengths to observe and blend into normal network activity
  • High OPSEC: Patiently conducting reconnaissance, consistently covering their tracks, and using difficult-to-attribute tools
The obvious question: Did anyone associated with the Trump administration aid and abet this attack? My gut instinct holds that this unprecedented assault on our security required a blind eye from our Putin-loving president. We need a full investigation of this scandal -- by a Democrat. Mueller proved that no Republican is trustworthy.
Here's what Marcy Wheeler -- or Dr. Emptywheel as she now styles herself -- has to say about all this.
Under Trump's watch, we've just suffered what could be a very serious cyberattack from the country he has been coddling since he got elected.

Rather than doing anything about that, he's whining that he lost.
Admittedly, he has been doing this in slo mo throughout the entire COVID crisis.

But this is a moment where the country that Trump tried to excuse after the last big hack has just seriously compromised the US.

He's doing worse than golfing.
Trump JUST PARDONED the guy who undermined sanctions on Russia the last time they hacked up badly.

Now, he's AWOL. Literally couldn't give a shit.
I mean NO WONDER Russia just hacked us again. The last time they did, Trump dismantled FBI to protect Flynn. Literally fired EVERYONE involved.
And I mean, literally. Trump went into FBI and DOJ and made sure that everyone with specific expertise in fighting Russia was chased out of there.
Welp, Mr. President. They just pwned Treasury. And you not just own that, you invited that.
John Ratcliffe, a totally unqualified hack, is head of intelligence. He's there not bc he's qualified, but bc Trump wants help claiming Russia didn't help elect him.

Ratcliffe, hired to cover up for Russia, oversaw Russia pwning key US agencies.
Oh nothing to worry about.… Image
TFW one of my most dedicated Trump trolls admits the RU hack happened after Trump dismantled the RU-specific expertise against Russia. Image
Here's Mike Flynn suggesting to the FBI that the appropriate punishment for Russian for tampering in our elections was to PNG (kick out) one suspected Russian spy.… Image
Here's Trump pardoning the guy who suggested an appropriate response for Russian attacking the US was to throw out one spy.… Image

In the fact of Trump's abject capitulation to Russia on hacking, they doubled down!!!
A left-wing conspiracy theory has sprung up suggesting that Donald Trump could use this hack as an excuse to impose martial law. Although that's a Democratic fear-fantasy, something like this very idea was mooted by none other than Lin Wood... to a military coup. But yes on martial law. Interesting distinction, Lin. 
Of course, Linnikins wants us to believe that the real problem is China, not Russia. 
Sure it is, Lin. Surrrrrrrrrre.


Anonymous said...

Joe - As stated, Orion is used throughout the DoD as the go to network monitoring tool both in classified and unclassified environments. This certainly could go way way beyond the civil agencies.

fred said...

The Chinese are ramping up their war against Australia. They installed electronic spying in PNG, are spending $200m on a fish processing plant (where there's no fish) just 200kms from our mainland, and are now banning our coal exports to China. They are our enemy, a predator nation. Let's hope the US gets its Pacific defence alliances back in shape post-Trump.