Hackers Tied To Russia Hit US Nuclear Agency, Three States (bloomberg.com) 100
The U.S. nuclear weapons agency and at least three states were hacked as part of a suspected Russian cyber attack that struck a number of federal government agencies. Microsoft Corp. was also breached, and its products were used to further attacks on others, Reuters reported. Bloomberg reports: The Energy Department and its National Nuclear Security Administration, which maintains America's nuclear stockpile, were targeted as part of the larger attack, according to a person familiar with the matter. An ongoing investigation has found the hack didn't affect "mission-essential national security functions," Shaylyn Hynes, a Department of Energy spokeswoman, said in a statement. "At this point, the investigation has found that the malware has been isolated to business networks only," Hynes said. The hack of the nuclear agency was reported earlier by Politico.
In addition, two people familiar with the broader government investigation into the attack said three states were breached, though they wouldn't identify the states. A third person familiar with the probe confirmed that states were hacked but didn't provide a number. In an advisory Thursday that signaled the widening alarm over the the breach, the Cybersecurity and Infrastructure Security Agency said the hackers posed a "grave risk" to federal, state and local governments, as well as critical infrastructure and the private sector. The agency said the attackers demonstrated "sophistication and complex tradecraft."
In addition, two people familiar with the broader government investigation into the attack said three states were breached, though they wouldn't identify the states. A third person familiar with the probe confirmed that states were hacked but didn't provide a number. In an advisory Thursday that signaled the widening alarm over the the breach, the Cybersecurity and Infrastructure Security Agency said the hackers posed a "grave risk" to federal, state and local governments, as well as critical infrastructure and the private sector. The agency said the attackers demonstrated "sophistication and complex tradecraft."
Micro$oft... (Score:2)
... Microsoft Corp. was also breached, and its products were used to further attacks on others...
Why are we still using this $hit???
Non-MS (Score:4, Insightful)
The world, except for a small contingent of hobbyists, operates on MS Windows.
The nodes on the HPC currently running my job beg to differ.
MS Windows might be strong in business settings, but definitely not in academia.
Re: (Score:3)
Because there really is no viable alternative for people that want to do serious work or share it with other people. The world, except for a small contingent of hobbyists, operates on MS Windows.
This is sarcasm, right?
Re: (Score:2)
Almost certainly not. There are a bunch of big old corporates, for example probably your local water company, where the IT guys from the 1990s are still working and doing fine. They have some nightmare excel spreadsheet that takes into account the variation in seasonal water flow from each of the different supply regions around their area and allows them to calculate exactly how much chlorine they should order depending on different weather patterns. There are still a few people in the company that know
Re: (Score:2)
The world, except for a small contingent of hobbyists, operates on MS Windows.
You really don't know much, do you?
Re:Micro$oft... (Score:5, Interesting)
Because there really is no viable alternative for people that want to do serious work or share it with other people. The world, except for a small contingent of hobbyists, operates on MS Windows.
Show me one Russian or Chinese weapon system which uses a Windows Backend. I dare you. Or they are hobbyists as well?
Going back to the actual hack. The hack is via Solarwinds and these are systems with a classification rating in mission critical setting. For a variety of reasons (on which we have commented earlier) Solariwinds is pervasive in NATO and USA Govt setting. These are not "the world" and systems on these networks should not be managed by a moronic monkey with a basic MS certification. In fact, most of the key systems do not need to be Windows and should not be Windows in the first place.
By the way, the fact that any hacks HAVE happened demonstrates that Solar Winds were breached much deeper than their update infrastructure. Breaching an update server for a Windows product gives you very little because all the updates are signed at build time already. You cannot easily insert malicious payload. The fact that malicious payload was inserted successfully means that SolarWinds itself was breached. This makes things much more interesting, because its components are also included in a lot of "Windows where it does not belong" NATO idiocies like "Windows for Warships" (the control OS on any NATO warship except France in the last 15 years) as well as control systems for many other weapons. Even if there was no malicious code inserted in any of that, cleaning the mess up will be a multi-year multi-billion exercise most of which was caused by "Windows where it does not belong".
Re: (Score:1)
Re: (Score:2)
Because there really is no viable alternative for people that want to do serious work or share it with other people. The world, except for a small contingent of hobbyists, operates on MS Windows.
- Top 500 supercomputers - no MS Windows, ... no, I haven't heard of them running Windows
- Smartphones - no MS Windows (to be fair, they tried)
- IOT,
- cloud, maybe Azure, but even they (from what I heard) use Linux, at least for part of it
- Space probes, satellites - no
- workstations - well, mostly yes
So, by world you mean people at their desks playing solitaire and shuffling word docs around?
Re: (Score:2)
Re: Micro$oft... (Score:5, Interesting)
Recenty, my job has drifted back to 3D CAD after a time away. I was shocked by the state of application security. SolidWorks is now cloud based and is a fusion of Social Networking, Project Management and 3D CAD. Coming off a nuclear project, it was a total shock.
3D CAD designs are often one of the more sensitive areas of a company. How do I work in secret?
Obviously, not with Solidworks anymore. I went and got AutoDesk Inventor. It won't run without an internet connection, and still doesn't support Linux.
At this point, I'm looking for options. Between Microsoft and these two CAD vendors, there is very little design security, and i can't see an easy way to add it.
Re: (Score:2)
Re: (Score:3)
Re: Micro$oft... (Score:5, Interesting)
I went and got AutoDesk Inventor. It won't run without an internet connection, and still doesn't support Linux.
Posting anonymously for obvious reasons.
The company for which I work has one up to date copy on Inventor, and a dozen years old 'lifetime' releases that do not require any kind of authentication apart from the license server which I hacked twenty years ago. We paid for all, we just do not want the cloud insanity that AutoDesk has been embracing in the last decade.
The new version is used to convert the newer formats to the old standard. Everyone from the two departments that use CAD is allowed to practice with the new version, in case there is a problem that cannot be handled in the confines of company policy. I get called to do some tricky converts maybe once every few weeks.
The money we have saved by not upgrading every year, and by not paying ongoing fees, just from the AutoDesk stuff is probably into the six digits. Add the money saved by using the old, lifetime versions of ProMechanica, ProEngineer, Magma, etc...
More than many times the discretionary budget of my (IT) department.
Re: (Score:2)
'ER' because lobbyists, M$ pays them to pay politicians to buy M$ product and protect it. OHH NOES M$ got hacked due to lax security, because security cost profits and what do we do, 'er' 'er', 'um', 'um', PUTIN did it. that's it, the Russian KGB 'er' FSB did it, professional hack (how can poor little m$ possibly protect itself from the Russian, hey, wait on a minute fuckers, is that no what people pay you for, you much touted security, which apparently is not), it is all the dastardly Russians fault, nobod
Correlation time... (Score:5, Insightful)
Old timers who knew how to do IT security are old... ignored... retired... dead...
And to replace them we get a generation brought up in the ways of Gatesâ(TM) Microsoft. Security? Whatâ(TM)s that? We just need it to look like it works.
Basically, system security has become a series of bandaids layered up more in hope than expectation that it will work. And all the while the luminaries prance around shouting that this is the most secure version ever... without understanding what the word security even means.
Re: (Score:2)
Re: (Score:3)
Re: (Score:3)
Just look at some of the old timer comments on Slashdot. "Fix your code" they say, no concept of attack surfaces or defence in depth. They hate containers and sandboxes, can't get any "real work" done in those.
Re: (Score:2)
Re:how many times will people fall for it? (Score:4, Insightful)
Seriously, the 'Russian Hacking' story that keeps getting peddled is getting so old. It's almost comical at this point, if it weren't for the fact that so many Americans swallow it every single time.
You have some evidence that it is a false flag operation? Or just regurgitating maga points.
Re: (Score:1)
LOL, trolls and shills, your mod points aren't evidence either. Just an abuse of the mod system because you got nothing else :)
Re: how many times will people fall for it? (Score:2)
I'm curious what precisely would you consider to be evidence? I'd be nice to hear a concrete set of criteria from you beforehand. Then we'll know how to evaluate evidence in future cases.
Re: (Score:3)
I'm curious what precisely would you consider to be evidence? I'd be nice to hear a concrete set of criteria from you beforehand. Then we'll know how to evaluate evidence in future cases.
First thing is widespread reportage. The concept that this is some sort of liberal media MSNBC and "enough with the Russians again!" meme is as old as the thing it's denying.
Anyhow, the Commerce Department, the Department of Homeland Security, the Pentagon, the Treasury Department, the U.S. Postal Service and the National Institutes of Health.have all been hacked. Many of these agencies are staffed at present by people who might have ridiculed the idea that Russia interfered with the US election. CISA i
Re: (Score:2)
First thing is widespread reportage.
All based on anonymous sources and zero evidence.
Re: (Score:2)
First thing is widespread reportage.
All based on anonymous sources and zero evidence.
You either believe outfits like CISA and the Pentagon, or you go down the rabbit hole of conspiracy, and in the end, you can't make up your mind because one of your braincells says the real conspiracy is that it actually happened because that's what they want you to believe, and the other says it didn't because the people who wanted you to believe want you to believe that it didn't because smart people know that what they tell you is the opposite of what they want but they know you know that, so the best wa
Re: (Score:2)
You either believe outfits like CISA and the Pentagon, or you go down the rabbit hole of conspiracy, and in the end, you can't make up your mind
I don't trust them because they lie.
If that means I don't know the final answer, that's ok. There's a lot of stuff I don't need to know. But there is no reason shown that a nationstate needed to do this.
Re: (Score:2)
You either believe outfits like CISA and the Pentagon, or you go down the rabbit hole of conspiracy, and in the end, you can't make up your mind
I don't trust them because they lie.
True, dat. But we need to find some truth in lies, because there is always some, be it malicious projection, where you claim your enemy is doing what you are actually doing, or just modifying the truth.
If that means I don't know the final answer, that's ok. There's a lot of stuff I don't need to know. But there is no reason shown that a nationstate needed to do this.
Russia and the US have spied on and messed with each other for a long long time. And given the nature of the spy business, the truth tends to come out only many years later. Could this be the US trying to ramp up hostilities, and making stuff up? Well, there's a non-zero chance of that. But announcing a hack
Re: (Score:2)
Russia and the US have spied on and messed with each other for a long long time.
That's true but there are plenty of other groups that could do this hack. Why jump to the conclusion about who it is?
Re: (Score:2)
Russia and the US have spied on and messed with each other for a long long time.
That's true but there are plenty of other groups that could do this hack. Why jump to the conclusion about who it is?
It assumes that the attacked agencies have no idea. I think they do. If one is to believe the agencies under attack, this has been an ongoing and extensive attack by those who use Solarwinds. We do know that for a fact.
We don't know how long the good folks at Solarwinds have known about their problem, but we do know that Investment firms Silver Lake and Thoma Bravo investment firms sold off a total of 280 Million in stock on December 7. Solarwinds CEO Levin Thompson got rid of 15 million in stock in Nove
Re: (Score:2)
My best guess is that people who demand ironclad impossible to deny caught in the act smoking gun proof will be able to deny it was Russian based hacking forever.
How about a single piece of evidence it was Russia? None has been presented. Even if you want to believe that only state actors could have pulled this attack off (although you are right, it's not a script kiddy act), then there are still more state actors than one. You can't just say, "this was hard, therefore Russia did it."
State attacks tend to be more targeted. The US didn't attack every computer in Germany, they tapped the phone of Angela Merkel.
Re: (Score:2)
My best guess is that people who demand ironclad impossible to deny caught in the act smoking gun proof will be able to deny it was Russian based hacking forever.
How about a single piece of evidence it was Russia? None has been presented
That's exactly my point. You deny. Which is the exact same thing as saying you believe that both the so called "Liberal Press", the Secretary of State, who is far right wing, the Pentagon, CISA, is lying. You've entered into conspiracy land. Which tells me you would claim any proof was faked - after all, proof would have to come from those people.
You can't just say, "this was hard, therefore Russia did it."
I didn't say that. That was just one part of the evidence that we are presented with. You demand some sort of absolute proof, that I am certain you would reject ou
Re: (Score:2)
The US didn't attack every computer in Germany, they tapped the phone of Angela Merkel.
Give me the evidence that they did.
Re: (Score:2)
Russia and the US have spied on and messed with each other for a long long time.
That's true but there are plenty of other groups that could do this hack. Why jump to the conclusion about who it is?
Turns out that you and Trump are in agreement. He blames China, o the rest of the USA is wrong, and we should have known he would come along and tell the real truth. Winning! I wonder why everyone else lied?
Re: (Score:2)
Which is the exact same thing as saying you believe that both the so called "Liberal Press", the Secretary of State, who is far right wing, the Pentagon, CISA, is lying.
I don't know who the "Liberal Press" is, so if you want me to address that, then you need to define it more clearly. However, the press in general reports what they hear. They wouldn't know the difference between an Internet Protocol and SCSI. The Secretary of State is the same, he is just reporting what he heard. That leaves the question of where the CISA and the Pentagon got their information, are they both reporting a single investigation?
The security "community" follows trends. For a while everyone was
Re: (Score:2)
It's somewhat concerning to me that you turned this into a political thing. I don't know why you would listen to Trump on this.
Re: (Score:2)
It's somewhat concerning to me that you turned this into a political thing. I don't know why you would listen to Trump on this.
Because the entire thing is political at base. As you wrote about the affected agencies:
"I don't trust them because they lie".
That's very political. Trump has long claimed that the intel community lies about Russia.
Here is a report that might support your assertion that this is a lie:
https://www.rawstory.com/2020/... [rawstory.com]
You can choose to believe Trump when he states that it was not at Russia, which is a direct accusal that everyone else is engaged in a bold lie, and believe him that that it is Chin
Re: (Score:2)
Which is the exact same thing as saying you believe that both the so called "Liberal Press", the Secretary of State, who is far right wing, the Pentagon, CISA, is lying.
I don't know who the "Liberal Press" is, so if you want me to address that, then you need to define it more clearly.
In 21st Century Trump's America, the liberal press is any media outlet that posts anything you disagree with.
They wouldn't know the difference between an Internet Protocol and SCSI. The Secretary of State is the same, he is just reporting what he heard. If he is just parroting, he shouldn't be Secretary of State. If his intel briefings just say "This is what you believe" with no evidence, I suppose you could say that. You do know they have clearances for this stuff.
That leaves the question of where the CISA and the Pentagon got their information, are they both reporting a single investigation?
There are two separate Hacks. One that
Re: (Score:2)
Common, Simon said that Putin is a friend, he is great and nice and he would have never heart USA. Simon asked him personally and he said no, you obviously must be lying about it, and by the tenet of Simon always saying the truth also it must be all the agencies lying as well. They all lie about this breach to make Simon look bad, because nobody likes him, the whole world is against him (except earlier mentioned Puting and maybe Kim Jong-un - his love letters were so full of passion), and we all know - it's
Re: (Score:2)
Common, Simon said that Putin is a friend, he is great and nice and he would have never heart USA. Simon asked him personally and he said no, you obviously must be lying about it, and by the tenet of Simon always saying the truth also it must be all the agencies lying as well. They all lie about this breach to make Simon look bad, because nobody likes him, the whole world is against him (except earlier mentioned Puting and maybe Kim Jong-un - his love letters were so full of passion), and we all know - it's a tenet - that Simon is always saying the truth, even when he says contradicting things the next day, it still must be true, I do not know how it works, but it must be that the math and logic is wrong.</sarc>
The wild thing is some are nodding their heads in approval!
Re: (Score:1)
I'm curious what precisely would you consider to be evidence
"Evidence" would be anything that isn't just hearsay from "trusted anonymous sources inside the gubbermint" or "experts in the security business" with serious interest in finding culprits to blame for their own problems, which is what we have at the moment. I mean, this is what we're being told:
Russian government hackers breached the Treasury and Commerce departments, along with other U.S. government agencies, as part of a global espionage campaign that stretches back months, according to people familiar with the matter.
This isn't serious. These claims are much more baseless than the election fraud claims that appear to be believed by half of the US population and have been tossed out by the US courts, and about as specific as the
Re: (Score:1)
Re: (Score:2)
That's smart thinking, but you're too stupid to follow through.
Re: (Score:2)
[I'm curious what precisely would you consider to be evidence]
"Evidence" would be anything that isn't just hearsay from "trusted anonymous sources inside the gubbermint" or "experts in the security business" with serious interest in finding culprits to blame for their own problems
You've told me what *isn't* evidence, but haven't told me what *could be*. I'd love if you could list say three concrete examples of evidence that would persuade you.
You say you don't want hearsay. Do you mean that in the legal sense that you don't trust one person reporting what another person said? Would you therefore accept the direct testimony of a computer professional employed by the government in this area? Or you thinking of witness to mean the actual lines of code, and you want to see some disassem
Re: (Score:2)
I'm not trying to attack you.
Yes, you are.
but haven't told me what *could be*.
You probably didn't read my post carefully enough. Go back and re-read it. Two or three times if necessary.
Or do you mean hearsay in the sense of "rumors" i.e. something unverified?
I provided you with several examples, direct quotes from "authoritative" mass media that allege the "hackings" and a link to an affidavit by the US police describing the case they think they have. Can you point me at one single shred of concrete evidence in those documents that corroborates the full story they tell? All I've seen so far is the kind of "work" that Alexandre Dumas did when d
Re: (Score:2)
Very representative post.You'll believe any claim about Russia until proven otherwise. But be careful, anyone who tries to prove otherwise is a Russian troll!
And get modded up for it.
I don't see anything different from medieval witch hunts. 'everyone knows they're witches' and everyone who doubts it is careful not to be accused of being linked to the witches.
Maybe the contemporary equivalent has turned it into a policy tool in a more thorough and structured way.
Mind you there is another difference. Witches
Re: (Score:2)
When it was just FireEye and Treasury I was skeptical it was even a state actor. After all if you FireEye getting hacked is a black eye UNLESS its by say Russian intelligence in that case you are important enough to be hacked by Russian intelligence. Certainly a lot of people have a powerful financial interest in being a fly on the wall in Treasury department.
However now we see other government agencies target that are not going to just bring down law enforcement upon you and perhaps terrorist charges but
Re: (Score:2)
Or, if you're Russian Intelligence and you have your foot inside a lot of servers then you don't want to compromise that enterprise by hacking into Fireeye and risking to expose the whole thing.
I would be in no hurry whatsoever to draw conclusions, and certainly not like some people already do 'let's go to war with Russia'.
Re: (Score:2)
Very representative post.You'll believe any claim about Russia until proven otherwise. But be careful, anyone who tries to prove otherwise is a Russian troll!
And get modded up for it..
You extrapolate much from my 2 sentence post, that doesn't even mention Russia. You do know what a false flag operation is do you not? THat's looking for evidence that a false claim of attack is made by the nation claiming they have been attacked.
The only thiing I do have to say about your response is that the over the top claims about what I sad based on that two sentence asking for evidence of false flagging is a little odd. Carry on.
Re: (Score:2)
My post assumes that you assume that the parent post claims a false flag.
My post also does more than extrapolating from yours. I explain things.
I explain why this event by definition cannot yet be considered a false flag since there are no hints towards a culprit. The real culprit did not try to deceive people into thinking someone else was behind it.
The media claiming the Russians are behind it does not make it a false flag, it is simply highly prejudiced speculation.
The parent is not claiming a false flag
Re: (Score:1, Troll)
Found the russian astroturfer.
Re: (Score:1)
Re: (Score:2)
I don't understand. Are you suggesting the Americans are lying about taking it in the back door?
Re: (Score:2)
Microsoft responds to report (Score:1)
Re: (Score:2)
Why is Microsoft using SolarWinds?
Re: (Score:2)
I'd argue they're monitoring devices which only report SNMP data, and Microsoft for years ignored SNMP in favor of their own WMI standard.
Had Microsoft at least made SNMP a peer to WMI in Windows if not the standard, Performance Monitor would support SNMP objects and there would be less bullshit like SolarWinds in the Windows IT world.
Darn Russians, Russians Russians (Score:2, Insightful)
Re: (Score:2)
Something tells you? This is amazing! Have you told the government this so they can correctly find the perps?
Re: (Score:2)
I agree with you, you're definitely right. Why would Russia try to hack USA - it makes no sense whatsoever, it's so ridicules that it must be a lie. Not only Russia would never hack US, but US relying on MS Windows is not hackable - everybody knows that. It's such a bogus story.
Substitue Russia for China... (Score:1)
Why is this hacking not considered an act of war? (Score:5, Insightful)
Re: (Score:3)
Re: (Score:2)
But they combine it with OCR now.
Comment removed (Score:4, Insightful)
Re: (Score:1)
You know how you can tell when an email is written by someone for whom your native language isn't their native language? Code signatures are like that, too.
Forensic analysts can tell common threads that exists between work from various sources. While those could hypothetically be faked, it's hard to do that when you don't know how to do it convincingly. As an example, an American English speaker could probably simulate a UK English speaker - up to a point where local idioms were used incorrectly or not a
Re: (Score:2)
By that standard most of the world is at war with the US and UK.
Re: (Score:2)
Blame it on Stupidity and Political Correctness (Score:4, Interesting)
The reason is because so much is being offshored and citizens elsewhere have different priorities and allies. India's closet ally is NOT from the west. It is Russia.
So, imagine if you are a coder working with Brits for 5-10 years, you know them, and you like them. But, Argentina comes along and offers you more $, to come work for them, even though it is 1/2 to 1/10 of what the Argentinian gets paid. Along comes your old British friends and they say, that they will pay you 10-30x MORE than what you are CURRENTLY making, if you will leave in a backdoor. They give you a worm that when you go in to admin their system in the middle of Argentina's night, you simply release it and it creates a nice backdoor in the OS. Easy Peasy. Of course, your British friends then come in to the back door, put in a new one, and remove the old. Why? So, it does not point back to you. Then they sit tight for 2-4 months before going back at it.
Re:Blame it on catering and false economics. (Score:3)
Re: Blame it on Stupidity and Political Correctnes (Score:2)
"Microsoft Codebase continues to improve. Yet, it is cracked more than ever before."
How do you know? Have you seen the code?
"So, why is it that MS is spending buco bucks on Security, but things are worse then ever? Because it is NOT MS's fault."
The amount of money spent is orthogonal to the level of security attained, which is determined not by cost, but by other factors like talent and process.
Re: (Score:2)
the rest of the world wouldnt join you in that, and all that would do is add a few hops to the routes
Re: (Score:2)
If US ISPs null route Russian ASNs, what the rest of the world does doesn't really matter.
Even if Russian traffic is only degraded, degrading traffic is often more useful than simply cutting it off as you end up with useful higher order effects of parent/dependent systems performing worse.
Big picture its probably not useful at all since the Russians probably do very little from direct Russian assigned IPs and instead use jump platforms within the US or other well-connected friendly nations anyway. That bei
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
What, Putin's Poodle?
Why in diety's name ... (Score:2)
The worse part of this... (Score:1)
As an American, it sucks that i cannot say âoebut when israel and us do it to others, is okâ.
We have done way worse to others.
On the other hand, the reliance on everything being on the cloud and not on prem is a serious vulnerability that will simply keep getting worse before it gets better (hope to be absolutely wrong on that one.)
Re: (Score:2)
As an American, it sucks that i cannot say âoebut
You can say âoebut as much as you want. Actually I'm curious about the pronounciation.
Glad POTUS is on top of it (Score:2, Funny)
Re: (Score:3)
Donald Trump is to be congratulated for not wasting time & using the power of his office to take firm, decisive action against the perps. Yes, siree. Right on top of it.
Don't worry about it. We're already replacing him with someone else that will do nothing too.
Well, did they want to be tied to Russia? (Score:2)
Or did you force them, Mr. Trump?
Is trump going to order ... (Score:1)
.... the build of a great firewall? If he did it would do the opposite and just like china's great firewall block free speech. Lets see what Biden is going to do.