Chinese Hackers Breach US Internet Firms via Startup, Lumen Says (msn.com) 16
The state-sponsored Chinese hacking campaign known as Volt Typhoon is exploiting a bug in a California-based startup to hack American and Indian internet companies, according to security researchers. From a report: Volt Typhoon has breached four US firms, including internet service providers, and another in India through a vulnerability in a Versa Networks server product, according to Lumen's unit Black Lotus Labs. Their assessment, much of which was published in a blog post on Tuesday, found with "moderate confidence" that Volt Typhoon was behind the breaches of unpatched Versa systems and said exploitation was likely ongoing.
Versa, which makes software that manages network configurations and has attracted investment from Blackrock and Sequoia Capital, announced the bug last week and offered a patch and other mitigations. The revelation will add to concerns over the susceptibility of US critical infrastructure to cyberattacks. The US this year accused Volt Typhoon of infiltrating networks that operate critical US services, including some of the country's water facilities, power grid and communications sectors, in order to cause disruptions during a future crisis, such as an invasion of Taiwan.
Versa, which makes software that manages network configurations and has attracted investment from Blackrock and Sequoia Capital, announced the bug last week and offered a patch and other mitigations. The revelation will add to concerns over the susceptibility of US critical infrastructure to cyberattacks. The US this year accused Volt Typhoon of infiltrating networks that operate critical US services, including some of the country's water facilities, power grid and communications sectors, in order to cause disruptions during a future crisis, such as an invasion of Taiwan.
Re: anyone see this coming...? (Score:1)
So by your wordy comment and supported moderation...you have proved it untrue? On a message board every comment does not need a citation. So in summary give an opposing view or even an example of citation you make case of instead of insulting the poster?
Re: anyone see this coming...? (Score:1)
Just how I word my opinion. Further, you have stated that the fact a statement contains the word "rumor" makes it completely baseless. Which makes no sense. As for moderation, around this message board I have heard rumors that people keep spare accounts ready just to mod a comment they respond to. Hard to believe, I know.....
Re: (Score:2)
Any post that begins "and the rumors were..." has no actual content.
just like tfa and the summary, then, which in finest "national security threat report" tradition doesn't show a single shred of evidence for all the finger pointing and throwing around of silly names of imaginary hacker groups. somehting to do with budgets, marketing, opinion shaping and self-importance.
funny that when bad shit actually happens all these lumminaries are usually caught with their pants down.
An exploit, and it's not in MS-Windows? (Score:2, Insightful)
But everyone here knows that MS-Windows is the only vulnerable operating system ever written. Wait, I know, is Versa a Microsoft business partner? No? How can this be? Everyone knows Cisco, Apple and the GNU/Linux communities collectively produce perfect software that's absolutely immune to exploit or abuse (well, everyone here at /., at any rate?). Even other companies make a far more stable and secure product than Microsoft, right?
There. Got that out of my system. Now, from TFA:
there is good, bad, and ugly (Score:2)
But everyone here knows that MS-Windows is the only^H^H^H^Hmost vulnerable operating system ever written. (OK, maybe not.)
It's not surprising that we see bugs at every layer of software. Operating system bugs tend to be critical because they affect a wide range of use cases. Applications tend to have exploits more frequently because there are a lot of different applications of widely varying quality, most of it very poor quality.
If we lived in a system where you could sue for damaged due to hackers. Then I
Re: (Score:2)
Yeah, there sure is. And I'll give you this - I can look at practically any Linux software, certainly anything FOSS, and see the design choices and even implementation specifics. Microsoft's proprietary black-box approach magnifies the effect of all design and implementation failures while simultaneously making it more difficult to identify and fix said deficiencies. A known sin of the proprietary model which makes Microsoft a beloved pariah in the IT industry.
Weird world (Score:3, Insightful)
More or less open borders, agents could blow up critical infrastructure hubs and cripple the country for weeks if not months and nobody really worries about it.
But someone hacks the control systems and we both lose our shit AND don't consider it an act of war.
Re: (Score:3, Informative)
Borders or not, terrorist cells are able to operate within a country. Either by bringing people in legally, such as tourist visa or asylum seeker. We saw this with the ISIS stabbings in Germany. But also a terrorist organization can enlist radicalized citizens of a country in order to do their dirty work.
Shutting down borders. Ceasing trade. Ending globalization. And so on is going to cause more economic harm than good, and in the end it won't really keep you safe.
State sponsored cyberwarfare is happening t
Remember when people said NIH syndrome was bad? (Score:2)
Copy-pasta third party security isn't. But at least you can pass the blame.
China hacking US says NSA (Score:2)