Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Government Privacy United States

US: Hack of Federal Agencies 'Likely Russian In Origin' (apnews.com) 72

Top national security agencies in a rare joint statement Tuesday confirmed that Russia was likely responsible for a massive hack of U.S. government departments and corporations, rejecting President Donald Trump's claim that China might be to blame. The Associated Press reports: The statement represented the U.S. government's first formal attempt to assign responsibility for the breaches at multiple agencies and to assign a possible motive for the operation. It said the hacks appeared to be part of an "intelligence-gathering," suggesting the evidence so far pointed to a Russian spying effort rather than an attempt to damage or disrupt U.S. government operations. "This is a serious compromise that will require a sustained and dedicated effort to remediate," said the statement, distributed by a cyber working group comprised of the FBI and other investigative agencies. Russia has denied involvement in the hack.
This discussion has been archived. No new comments can be posted.

US: Hack of Federal Agencies 'Likely Russian In Origin'

Comments Filter:
  • by Anonymouse Cowtard ( 6211666 ) on Tuesday January 05, 2021 @09:18PM (#60901548) Homepage
    Federal Agencies hack YOU!
    • Wait, America is part of Soviet Russia now?

  • The announcement reads "This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for..." What is an 'actor' in this context? Software performs actions, it acts, it is an actor. The software is likely Russian in origin, and we don't know what party or parties carried it out? Or, is an actor a person or persons, and the intelligence agencies are saying that the Russians did it?
    • Actor might be a stretch... I imagine it's more like a voice actor, say, Paul Frees doing Boris Badenov.

    • Re: (Score:3, Informative)

      by Narcocide ( 102829 )

      Yes, "actor" in this context means an organization of unspecific headcount, anywhere from 1 to many. So they're not explicitly excluding the possibility of it being a lone rogue agent, but implying they think it's bigger than that.

    • Re:artful language (Score:5, Informative)

      by IdanceNmyCar ( 7335658 ) on Tuesday January 05, 2021 @09:52PM (#60901626)

      Actor is the term used to identify a hacker or group of hackers. The term I believe plays on the nature of theatre. As you said, the software attack can be considered the act or a series of acts. In one way the Actor, is simply the one performing these acts which we are ultimately attributing to human actions (as AI has not sophisticated to anything like Ghost in the Shell yet). However, more than this an actor plays a role, so a hacking group could attempt to come from another country and I believe there are few nation states that do this, originating their attacks primarily from foreign IPs. Likewise since it's often unclear if it's an individual or a group, actor encompasses the attacker as a "single entity", such that even if it's a group, they are acting in concert. In my mind, this only gets blurry when you consider groups like anon which perform more decentralized attacks and encompass many different actors (or hacking groups).

      To attribute an attack to a group, it requires knowing the tool suites they use (e.g. the hallmarks of the code), the networks they utilize (e.g. IP addresses), and I believe a few other information sources. This can be non-trivial as tool suites can be leaked and then hacking groups utilize the tools that have the hallmarks of other nations. In particular a few tool suites the US and Israel use have been leaked.

      All and all it's a really interesting "game" but one of a large amount of imperfect knowledge making most educated guesses a little better than a coin flip...

      • by Tom ( 822 )

        The term I believe plays on the nature of theatre.

        I don't recall any publication within the security company ever making a credible claim to that origin and backing it up.

        I think it's simply the noun for the verb "acting", the same way "action" is. An actor simply acts, conducting an action.

        Don't look for complicated answer if there's a trivial one right in your face.

        To attribute an attack to a group, it requires knowing the tool suites they use (e.g. the hallmarks of the code), the networks they utilize (e.g. IP addresses), and I believe a few other information sources.

        Most active groups have a modus operandi which can be identified. It's like bank robbers - there are certain steps that every bank robber must take, but not necessarily in the same order and t

        • I don't recall any publication within the security company ever making a credible claim to that origin and backing it up.

          Because they aren't wordsmiths... the community embraced a term that had connotation and the two primary connotations that exist are the ones that I mentioned which are relevant in both ways. Notice once hackers are charged with crimes, they are generally no longer referred to as actors. Both the acts have been previously committed and are of record, and their identities have been fully revealed (unmasking).

          I have never seen a computer science publication mentioning that FUBAR comes from military language..

          • by Tom ( 822 )

            Because they aren't wordsmiths...

            First, that should have been "security COMMUNITY", of course.

            Second - actually some of us are quite interested in correct terminology, ontology and other details of words.

            In general though, yes ignorance is widespread among even the high-paid experts. How long did too many of our community seriously run around telling people to put special characters into their passwords?

            mentioning that FUBAR comes from military language...

            A lot of early software was in the military sphere, though. It might have simply jumped over from some code examples.

            • A lot of early software was in the military sphere, though. It might have simply jumped over from some code examples.

              I agree. The term "bug" effectively comes from us via this route. However, that's kind of my point. Since our language uses syllabograms instead of logograms, there is a lot that is "adopted" in connotation between words. I have never heard a thorough debate on the entomology of "cool" meaning okay but I find it highly likely that the adaptation comes from temperature relating to our comfort which means the original meaning is adapted to a new context with connotation. Even languages with logograms seem to

              • by Tom ( 822 )

                Yes, language being what it is, words and meanings move around quite a bit. There's the whole area of ethymology to follow the origins of words, but it rarely goes into those details on modern usage. We also have a lot more international travel and trade and a lot more speakers of languages who aren't native speakers, so I think this process is accelerated now towards ancient times.

                It's always interesting to look at words, though. I give lectures on risk management, and I start them off by looking at the me

        • Like you said, I've always understood the term as the way we refer to the person or group without typing out "the person or group". There are at least three reasons for that term that I'm aware of.

          When you're investigating, you have to be very careful about identifying exactly which facts you know and not confuse known facts with assumptions. You have to be very clear and careful when communicating with your team about these things, and all communications may end up in court. Therefore you can't say "the

          • by Tom ( 822 )

            Lastly, we aren't just talking about hackers, so we can't say "the hackers".

            It goes even beyond that. In the initial stages of an investigation, we sometimes don't even know if there actually is a person acting with malicious intent. Saying "actor" allows us to include forces of nature or users making mistakes.

            • That's true. At first, what you have I something that looks suspicious and / or a problem which may be caused by error.

              I clicked your home page link and noticed your work on amplification of reflection attacks. I thought you might find this interesting. Wikipedia and some other large sites use a DNS server called PowerDNS. I discovered that you can DOS the DNS for Wikipedia and other sites with infinite amplification. By spoofing the source as one of the DNS servers and setting the destination as the ot

              • by Tom ( 822 )

                Yeah, that work is 20 years or something old now. I leave it up for historic purposes only.

                Your attack is nifty. I like that. Though spoofing is becoming more and more difficult.

    • Part of the new speak that police started using. They never mention a suspect now as the person has become an actor.

      • by jbengt ( 874751 )

        Part of the new speak that police started using.

        No, the term actor in the sense of the person or group that did a particular action has been around since at least the 1500s.

      • They are not a suspect until they have been identified.

        Until then, they are something else. You could call them actors or agents or individuals, but what's relevant is their action.

    • The announcement reads "This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for..."

      What is an 'actor' in this context? Software performs actions, it acts, it is an actor. The software is likely Russian in origin, and we don't know what party or parties carried it out?

      Or, is an actor a person or persons, and the intelligence agencies are saying that the Russians did it?

      This is stupid terminology that's been floating around governments for years. It's linguistic turd polishing. What used to be "government hackers" or "criminal hackers" is now "threat actor".

      • by jbengt ( 874751 )
        This is stupid terminology that's been floating around governments for years. It's linguistic turd polishing. What used to be "government hackers" or "criminal hackers" is now "threat actor".

        No, the term "actor" carries fewer connotations than "hackers" or "criminals", so is the better term to use when you don't want to imply things that you don't yet know for sure.

      • This is stupid terminology that's been floating around governments for years.

        Actor, origin latin "agere" (do, act) -> latin "actor" (doer, actor) -> middle english "actor" (originally denoting an agent or administrator)

        You could have googled "actor etymology" and then known what you were talking about. But you didn't, so you don't know what you're talking about. Congratulations! You done fucked up!

        • This is stupid terminology that's been floating around governments for years.

          Actor, origin latin "agere" (do, act) -> latin "actor" (doer, actor) -> middle english "actor" (originally denoting an agent or administrator)

          You could have googled "actor etymology" and then known what you were talking about. But you didn't, so you don't know what you're talking about. Congratulations! You done fucked up!

          I could call all the local stores "retail vending actors" and it would be similarly stupid linguistic turd polishing.

    • The software is likely Russian in origin

      It is however 2 years old. I did a full analysis on my blog when this came out: https://www.fagain.co.uk/node/... [fagain.co.uk]

      Executive summary:

      Case A. Best case scenario. Someone is using Russian software they have gotten from somewhere. Captured, received via security info exchange, etc. Basically, someone is driving a trophy tank. Old, but still serviceable. We should open the bubbly.

      Case B. Russia has had every single major USA agency including the NSA and CIA, most major NATO governments and their 3 letters h

      • Further to this, this puts a HUGE question mark on other claims of Russian hacking within the last few years.

        If they had access to BND, the German department of Defence (both SolarWinds customers and both affected by the hack) as well as other parts of the German government, why the f*ck the Bundestag?

        Goes to show, that someone using Russian tools is like someone using an AK47. They may have it straight from a Russian factory. Alternatively, they could have pilfered it from half of the world instead.

        • I work for a medium-sized company. Occasionally, we find that different teams are working on duplicative projects. Fortunately it's pretty infrequent, but that's even without any active attempt to maintain "need to know" secrecy between teams. I imagine that the Russian security services have some version of the same problem, and can easily imagine how one team could unknowingly be working on a hack that's made unnecessary by the work of a different part of the organization.
  • this quote (Score:4, Informative)

    by phantomfive ( 622387 ) on Tuesday January 05, 2021 @09:56PM (#60901638) Journal

    Trump tweeted that the “Cyber Hack is far greater in the Fake News Media than in actuality” and suggested without any evidence that China could be to blame.

    ok, it is true that Trump says stuff without evidence. I want to know how the article missed that the joint statement was also presented without evidence.

    Here is a link to the actual statement [cisa.gov]. Worth noting that they don't actually blame the Russian government (unlike the article and careless commenters), they say the hackers were "likely Russian in origin."

    • The difference is that Trump does not HAVE evidence, which is what the joint statement said. He is the President, not a forensic tech.

      The joint statement was put out by the people that actually investigated and definitely have evidence. They have not publicly shown that evidence because a) it is rather technical and 99% of the world would simply have to take their word about it anyway b) showing their evidence publicly also publicly teaches the hackers the mistakes they made, and c) should they ever pros

      • Re:this quote (Score:5, Insightful)

        by phantomfive ( 622387 ) on Tuesday January 05, 2021 @10:36PM (#60901712) Journal

        Yes, until 4 years ago, you could trust the President to not make statements unless apolitical federal employees could back it up with evidence.

        You have a short memory. Remember WMDs in Iraq?

        • Yes, until 4 years ago, you could trust the President to not make statements unless apolitical federal employees could back it up with evidence.

          You have a short memory. Remember WMDs in Iraq?

          Trump could learn a thing or two.

          Leadership is about finding trusted subordinates and having them do the work.

          Real Presidents don't invent the evidence, they have their Intelligence agencies invent it for them!

      • by tlhIngan ( 30335 )

        The other difference is Trump has rather significant business interests in Russia. That's why he wants to "preserve" that business relationship by ignoring what's going on.

        The problem is attacks are coming from Russia, China and North Korea

        • The problem is attacks are coming from Russia, China and North Korea

          I think they're coming from Cleveland, Fort Lauderdale, and Barstow

      • You think there are apolitical federal employees? Just look at it this way - conservatives don't think government is a good solution for most problems. Liberals think government is a good solution. Which do you think are more likely to go work in the government?

        That's right! People who want to get as close to power as possible without having to go through all that being elected nonsense. Wait, sorry, they're the ones at the top of the bureaucracy, the rank and file are just predominantly Democrats.

    • Given that Russia has a lot of competent hackers and programmers in general, and that if you were to hack the US, OF COURSE you'd make it look like it came from a source they would just eat up, like Russia, we can safely assume it to be both true and completely useless.

      That's lime saying Sweden attacked you because the IP adress belonged to ipredator.se's VPN. (That's the VPN service by the Pirate Bay guys.)

    • Comment removed based on user account deletion
      • The axis powers that are China, Russia, and Iran are going to really fuck us badly.

        :-) Got your panic meter dialed up to 11, eh? You should be more worried about the cat lady across the street.

  • by AcidFnTonic ( 791034 ) on Tuesday January 05, 2021 @10:25PM (#60901696) Homepage

    They dropped an intentional cyrillic character in a binary file somewhere let me guess.

    Our CIA tools for doing this and framing other nations was already leaked by shadow brokers ages ago... Can we really determine what nation dropped hacked binary blobs anymore after the discovery that nation-state actors poison them with fake russian\chinese\korean\arabic character sets?

    Please.

  • Aren't inhabitants of the USSA getting tired of this 'Russians' thing?
    Where is the proof?
    • You're bringing a knife^Wlogic to a gun^Wemotions fight.

    • Aren't inhabitants of the USSA getting tired of this 'Russians' thing?

      Yes. I am tired of our intelligence agencies telling us it's Russians, and our president telling us it isn't when he's in bed with the Russians both figuratively and literally.

  • Why include the meaningless line, "rejecting President Donald Trump's claim that China might be to blame"? That is extraneous, irrelevant, and biased.

    Here's why including it is complete bullshit - "The statement represented the U.S. government's first formal attempt to assign responsibility". So, they threw in a line to say, "Trump guessed wrong", but phrased it to convey their own private opinion instead of any fact. That's bad journalism, but good propaganda.

    I'm appalled by how many people fall fo

    • Comment removed based on user account deletion
      • That's why i rely on Forensic Journalism - like Wikileaks.

        Between the Snowden releases and the Vault releases we know many of the methods used in intrusions, whereas before it was mostly what we had observed and what we suspected (and what idiots called conspiracy theories).

    • Why include the meaningless line, "rejecting President Donald Trump's claim that China might be to blame"? That is extraneous, irrelevant, and biased.

      It's not biased, as it is factual. It's not irrelevant, because Trumpanistas still believe that China is to blame. It's not extraneous for reasons which would be obvious to anyone not trying to come up with an argument against, but since you need it spelled out for you, it's because the president has claimed that someone else is responsible despite every intelligence agency telling him otherwise.

      So, they threw in a line to say, "Trump guessed wrong", but phrased it to convey their own private opinion instead of any fact.

      It's a fact that Trump claimed that China was the likeliest party behind the hacking attempts, even after he was

  • Please stop waging a cold war that nobody wants and is in nobody's interest.

    I get you spy guys need something to do. Please devote your attention to criminals trying to steal money and trade secrets before some madman decides to start a real shooting war.
  • ...this is just another line in a long line of bullshit assertions.

    Anyone who read the Wikileaks Vault releases know that the C.I.A. (and therefore others) have stolen tools from various other intelligence agencies and ROUTINELY uses those tools to obfuscate that the attacks are being performed by the C.I.A. so they can be attributed to the makers of those tools and ALWAYS using systems that have been hijacked, or VM's that have been rented from providers.

    Yesterday I had to block off targeted attacks from t

You know you've landed gear-up when it takes full power to taxi.

Working...