SolarWinds Hides List of High-Profile Customers After Devastating Hack

SolarWinds has removed a list of high-profile clients from its website in the wake of a massive breach, "suggesting the company may be trying to obscure its clients in an effort to protect them from bad publicity," reports The Verge. From the report: The list of vulnerable companies is much smaller than SolarWinds' overall client list, so simply appearing on the list doesn't mean a company has been affected. SolarWinds claims that only 33,000 companies use the Orion product, compared to its total client base of 330,000. Out of that 33,000, the company estimates that fewer than 18,000 were directly impacted by a malicious update, and the list of directly targeted companies is likely even smaller. Still, there is much about the attack that remains unknown, and it is possible that additional compromises have yet to be discovered.

SolarWinds' overall client list includes a broad range of sensitive organizations. Before its removal, the page boasted a broad range of clients, including more than 425 of the companies listed on the Fortune 500 as well as the top 10 telecom operators in the United States. In an article on Monday, The New York Times cited a number of organizations as vulnerable that are not cited on the public client page, including Boeing and Los Alamos National Laboratory. Other organizations have been cagey about their own exposure, even within the federal government. Several news outlets have reported that the breach affected the Department of Homeland Security, but the department has not made any official statement regarding its exposure.

Wayback Engine

[Canberra1]

All your pages are cached. You are not fooling anyone competent. OK, maybe your clients are morons. Where is the 'Change all your passwords' alert, and the expense of hot-site recovery, where those systems have to be rebuilt again. It remains to be seen if by taking over the C&C address, if there are not delayed alternative locations. Compromised clients should also expect the bad guys have the LOG's and the IP addresses- over several months, - a goldmine pointing to firewall exceptions, and mutual trust relationships. The weakest link is what it is.

Dominion Voting deleted SolarWinds reference

[Anonymous Coward]

The reality is no one gives a shit about *anything* enough to look up something in the Wayback machine, much less this ... thing which I don't even understand why its a story.

It's a story alright, but left-leaning Slashdot is not likely to explain it, which is why you're left scratching your head...

Dominion Voting Systems has removed the link and reference to SolarWinds from their platform [zerohedge.com].

Imagine that? If Dominion used SolarWinds, and SolarWinds got hacked, does that not imply that Dominion was hacked? And if Dominion was hacked, doesn't that suggest Trump's claims of the election being rigged is plausible? Maybe the courts should actually allow the voting fraud lawsuits to be

Re:

[drinkypoo]

There's a lot evidence of fraud already.

Really? Because election officials have looked, and looked, and looked, and the CISA and DHS concluded that the election was the most secure in American history. You know, the opposite of what you're saying here.

Re:

[warpmoon]

Christopher Krebs, first director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), was fired for failing to look. You couldn't have picked a better example of gov't not looking.

Not at all. He was dismissed because they looked, looked and looked but found no evidence of widespread fraud. He then reported as much. That report was inconsistent with what the POTUS wanted to hear.

Re:

[sjames]

It's time to give that one up. They looked at the video, including hours of video prior to the out of context clip, and found that it was just normal ballot counting.

You're looking at a 20 second clip of someone taking a lunch out of the shared fridge and declaring him the lunch thief. But on review, it turns out that there is also video of him putting that same lunch IN the fridge that morning hours earlier. Conclusion: it was his lunch.

Re:

[sjames]

Because signature matching is a placebo in the first place and it's expensive. As a taxpayer, I am pissed that someone claiming to be for fiscal responsibility is demanding that fists full of cash be flushed down the crapper.

Do you even know how the process works? Note that expert signature analysis requires multiple exemplars and costs about $10,000 per signature do you really expect that to be done? Who's going to pay for it? Also, you do realize that the signatures NECESSARILY cannot be traced back to a

Re:Dominion Voting deleted SolarWinds reference

[drinkypoo]

Imagine that? If Dominion used SolarWinds, and SolarWinds got hacked, does that not imply that Dominion was hacked? And if Dominion was hacked, doesn't that suggest Trump's claims of the election being rigged is plausible?

Sure, but it's at least as likely that it was rigged in Trump's favor, and he lost anyway. He keeps talking about how it was rigged like he knows — maybe he knows because he rigged it.

Guess you're not the only one who can speculate wildly, huh?

Re:Dominion Voting deleted SolarWinds reference

[notsouseful]

Sure, but it's at least as likely that it was rigged in Trump's favor, and he lost anyway. He keeps talking about how it was rigged like he knows — maybe he knows because he rigged it.

If all of the voter suppression tactics of the 2020 election aren't "rigging", then I don't know what is. They knew that people voting against Trump would be much more likely to vote absentee because of the pandemic and concern for their fellow citizens, and did everything they could to prevent those votes from from being tallied during the election so that they could attack them. The USPS had a new administrator inserted who toyed with the mail delivery to ensure that some absentee ballots wouldn't make it in time and could be attacked. Trump and many in the GOP leadership absolutely rigged it, and that's why he's so pissed.

Note how every time something even remotely sinister comes up, the Trumpers are all like "THIS IS IT!!!" It's because they started with nothing and they've been fishing ever since. Their faith is strong, and there must absolutely be something out there to absolve them of their position, because they simply can't be Wrong.

Re:

[TheGratefulNet]

dejoy is a piece of work, that's for sure.

"dejoy to the world
your mail hasn't come
you wont receive a thing!"

happy xmas everyone ;)

Re:

[stabiesoft]

Yes, if anything the results tilted redder than polls suggested. Heck some might even argue the 2016 election was compromised. Remember how trump said he *knew* he was going to win. FL could have been hacked in 2016 and 2020. But I think the key takeaway should really be consolidation is not a good thing for security. It puts a bigger and bigger target on you. You only need to find one hack to take down a country at some point. Heck not even a fan of the OTA car updates. You could brick an entire fleet of c

Re:

[drinkypoo]

Many analysts comment one of the powers of the electoral college method is that each state does things a little different, which means you cannot one click a change across all states.

Could be, but we can have the same effect by just having every state handle its own voting (like it does now) even if we have more federal requirements, like forcing them to permit voting by mail. In the interests of equal opportunity to vote, all states should have to permit it. The states should administer the programs, but the programs should be held to minimum standards.

The electoral college definitively causes more problems than it solves, today.

Re:Dominion Voting deleted SolarWinds reference

[clovis]

It is not plausible that Dominion voting machines got hacked and rigged the election.
The reason I say this is that in the case of the state of Georgia, a hand recount of every ballot (over 4 million) was done and the result matched nearly perfectly. across the entire state and in every local precinct.
Other places did hand recounts of some locations and results matched there as well.
So audits show no vote flipping, and there is zero evidence it happened anywhere.
So, no, it is not plausible that something was done to the Dominion machines that affected the outcome.

However, I don't discount that is possible that Dominion the corporation got hacked, but I also claim nothing was done that affected the election.

Re:

[whoever57]

Much more likely is that the DRE-type machines (which are only in states that voted for Trump) were hacked.

Detecting a hack in a DRE machine is much more difficult, and depending on the level of sophistication, it might not be possible to detect a hack after the election.

In the context that Trump got far more votes than predicted by the polls, Occam's Razor suggests that if any hacks were done, they increased Trump's vote.

Re:

[sweepkick]

Precisely. Trump cheated at the level he did in 2016, it's just that he miscalculated the amount of people who absolutely despise him after the last 4 years and who did everything they could to vote against him.

Re:

[sjames]

Not necessarily. If they wisely used SolarWinds only for monitoring and configured their network devices' SNMP read only, they might not be vulnerable.

I have also seen cases where ISPs and similar will have particular brands in name only just to provide re-assurance to people who place too much reliance on brand. For example, there was a time when there was an attitude in routing that "if you're not using Cisco, the problem is your fault". That resulted in a number of Juniper networks with an old Cisco in f

Re: Dominion Voting deleted SolarWinds reference

[t4eXanadu]

You're slipping off that slope of fallacious reasoning.

Re:

[drinkypoo]

The reality is no one gives a shit about *anything* enough to look up something in the Wayback machine, much less this ... thing which I don't even understand why its a story.

False. For example, I care enough. The story has dropped out of google's cache, so if you want to see the list, You're going to have to get it from the internet archive [archive.org]. Or, you know, read this comment...

SolarWindsâ(TM) Customers

SolarWindsâ(TM) comprehensive products and services are used by more than 300,000 customers worldwide, including military, Fortune 500 companies, government agencies, and education institutions. Our customer list includes:

More than 425 of the US Fortune 500
All ten of the top ten US telecommunications companies
All five branches of the US Military
The US Pentagon, State Department, NASA, NSA, Postal Service, NOAA, Department of Justice, and the Office of the President of the United States
All five of the top five US accounting firms
Hundreds of universities and colleges worldwide

Partial customer listing:
Acxiom, Ameritrade, AT, Bellsouth Telecommunications, Best Western Intl., Blue Cross Blue Shield, Booz Allen Hamilton, Boston Consulting, Cable & Wireless, Cablecom Media AG, Cablevision, CBS, Charter Communications, Cisco, CitiFinancial, City of Nashville, City of Tampa, Clemson University, Comcast Cable, Credit Suisse, Dow Chemical, EMC Corporation, Ericsson, Ernst and Young, Faurecia, Federal Express, Federal Reserve Bank, Fibercloud, Fiserv, Ford Motor Company, Foundstone, Gartner, Gates Foundation, , General Dynamics, Gillette Deutschland GmbH, GTE, H Block, Harvard University, Hertz Corporation, ING Direct, IntelSat, J.D. Byrider, Johns Hopkins University, Kennedy Space Center, Kodak, Korea Telecom, Leggett and Platt, Level 3 Communications, Liz Claiborne, Lockheed Martin, Lucent, MasterCard, McDonaldÃZéÃZÃs Restaurants, Microsoft, National Park Service, NCR, NEC, Nestle, New York Power Authority, New York Times, Nielsen Media Research, Nortel, Perot Systems Japan, Phillips Petroleum, Pricewaterhouse Coopers, Procter & Gamble, , Sabre, Saks, San Francisco Intl. Airport, Siemens, Smart City Networks, Smith Barney, Smithsonian Institute, Sparkasse Hagen, Sprint, St. JohnÃZéÃZÃs University, Staples, Subaru, Supervalu, Swisscom AG, Symantec, Telecom Italia, Telenor, Texaco, The CDC, The Economist, Time Warner Cable, U.S. Air Force, University of Alaska, University of Kansas, University of Oklahoma, US Dept. Of Defense, US Postal Service, US Secret Service, Visa USA, Volvo, Williams Communications, Yahoo

No punishment

[AndyKron]

Nobody's getting in trouble for this, right?

Re:

[BeerFartMoron]

They might talk big about investigating Hunter and the Biden Crime Family, but no, no one is getting in actual trouble.

Realistically, at my company, I can see the poor tech who actually installed the malicious SolarWinds update being fired; but they guys that recommended SolarWinds, performed the due diligence, and signed the contract, they'll be fine.

Nation State Actor BS

[ph1ll]

The BBC are reporting: [bbc.co.uk]

"We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed attack..." SolarWinds said in a statement on its website.

But The Register reports [theregister.com]:

"their update server was accessible with the password 'solarwinds123' which is leaking in the public Github repo."

CEOs claiming their company was compromised by a sophisticated, nation state actor really mean "we hire cheap, rankly incompetent people and let the marketing department create an illusion of invulnerability."

Re:

[BeerFartMoron]

It might have been a nation state actor, but they likely used credentials posted to a public Gethub repository [krebsonsecurity.com].

Re:

[BeerFartMoron]

Which is exactly what you said in your post. Sorry for reading halfway through!

What About The Other Customers?

[zenlessyank]

Only the high profile folks get hidden?

So, again, money talks and bullshit walks.

Um ... Their page doesn't list all 300,000 custome

[raymorris]

Their marketing never did list all 300,000 of their customers.
That would be one hell of a web page!

Their page listed "impressive" clients, because potential buyers would think "if it's good enough for DoD and Coca-Cola, it's good enough for my company!

Kinda like when I interviewed my current job and the boss asked me for examples of networks I've worked on, I mentioned Rackspace and AT&T, not DawnHuntsMysteryShopping.com.

Re:

[zenlessyank]

Well, to be fair, I was really making a cynical comment about the title of the story.

SolarWinds is run by finance people

[Anonymous Coward]

Kevin B. Thompson is our President and Chief Executive Officer. He has served as our President since January 2009 and our Chief Executive Officer since March 2010. He previously served as our Chief Financial Officer and Treasurer from July 2006 to March 2010 and our Chief Operating Officer from July 2007 to March 2010. Prior to joining the Company, Mr. Thompson was Chief Financial Officer of Surgient, Inc., a privately held software company, from November 2005 until March 2006 and was Senior Vice President and Chief Financial Officer at SAS Institute, a privately held business intelligence software company, from August 2004 until November 2005. From October 2000 until August 2004, Mr. Thompson served as Executive Vice President and Chief Financial Officer of Red Hat, Inc. (NYSE: RHT), an enterprise software company. Mr. Thompson holds a B.B.A. from the University of Oklahoma. Mr. Thompson has served on the board of directors of BlackLine, Inc. (Nasdaq: BL) since September 2017. He previously served on the board of directors of Instructure, Inc. (NYSE: INST) prior to its take private transaction, the board of directors of NetSuite, Inc. (NYSE: N) prior to its acquisition by Oracle Corporation and the board of directors of Barracuda Networks, Inc. (NYSE: CUDA). https://investors.solarwinds.c... [solarwinds.com]

Re:

[luvirini]

Ah, another MBA company.. that explains a lot.

Re: SolarWinds is run by finance people

[bradley13]

Of course they are. Remember the recent comment by Musk: MBA-types have no clue about the actual workings of a business. It's all numbers in a spreadsheet.

Re:

[Krishnoid]

If it's all in a spreadsheet, why can't ... pretty much anyone other than an MBA run the company? I mean, it's a *spreadsheet*, not even 'hello, world' or 'fizzbuzz' [codinghorror.com].

I've tried Solar Winds

[Ecuador]

I've tried Solar Winds back in the day, probably more than 25 years ago. It was OK I guess, nothing exciting though, maybe a bit slow. Back then it was just a registration fee you paid to get more than the shareware episode, did not realise they later did corporate licenses...

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[coofercat]

One of my clients uses it, and so I had to as well. It wasn't a career highlight.

My appraisal of it is that it's just like Adobe, SAP and Salesforce - it's got an impressive feature list, but it's a hellish product to use. I think the networks folks liked it because it's good at discovery - it can ferret out your Cisco network devices and breaks them down per-port and whatnot. You get nice pictures and graphs, so it looks good when the boss is looking over your shoulder. In my experience, most network folks

Re:

[hey!]

I agree, but it's hopeless to call people to task for violation of moderation guidelines. You're fighting that cheap little thrill of self-righteous power people get when they mod down a viewpoint they detest. The best thing you can do is to moderate unfairly troll-moderated posts back up.

Re:

[mjtaylor24601]

Not having performed any kind of analysis it's hard to say anything definitively, but if the posts you're thinking of are anything like this one, in so far as they

• Are completely off topic (what pray tell does this have to do with the Solar Winds hack)
• Make sweeping, provocative statements without providing a shred of evidence (eg the Troll mod is being systemically abused)
• Are laced with pejorative terms (eg SJW) and incendiary rhetoric (eg "Your side are flaming hypocrites")

then it sounds to me like the

Putting all your eggs in one basket

[RitchCraft]

Let this be a lesson. If so many high profile companies and government entities depend so highly on another single company then regular security audits need to be performed. This creates a single point of failure that is just begging for bad actors to attack.

Stock sales

[raind]

NPR just mentioned there were some selling going on prior to the announcement. Imagine that!

Re:

[account_deleted]

Comment removed based on user account deletion

Not if you have an easily cracked password

[RitchCraft]

This, according to CNN, lol: A third reason for concern is the unusual and creative way the attackers carried out their operation: By disguising the initial attack within legitimate software updates issued by SolarWinds. "SolarWinds is one of the most widely used and effective tools for network monitoring, including across federal networks and major corporations," said Jamie Barnett, a retired Navy rear admiral and senior vice president at the cybersecurity firm RigNet. "It takes a state-level cyberattack to get into the SolarWinds updates and patches."

Re:

[account_deleted]

Comment removed based on user account deletion

Any evidence that this is from Russia?

[walterbyrd]

Or are we just hearing the usual Russia! Russia! Russia! leftist hysteria?

Re:

[Pojoaque]

It is always possible that a misdirection strategy has been applied!

byebye solarwind monitoring , hello opensource

[BouffeMoiLaChatte]

byebye solarwind monitoring , hello opensource monitoring