• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Ultra secure cybersecurity company hacked

Collapse
X
  •  
  • Filter
  • Time
  • Show
Clear All
new posts

    #11
    Arrest Put1ns money that he keeps in accounts of his multiple very well known frontmen - each hack to cost 2-3 bln dollars, until he runs out of money.

    Pretty good start on deterring hostile activities, then it can be escalated if necessary.

    Comment


      #12
      Looks as if this is finally hitting the news, although it is absent from the UK sections and focuses on the USA.

      Thing is, UK public sector and private sector have SolarWinds used across a lot of important infrastructure, including in finance and in, what is deemed, 'critical infrastructure'.

      The solarwinds website has been updated to remove boastful customer lists, but this is just a handful of customers:

      SolarWinds Customers

      Acxiom

      Ameritrade

      AT&T;

      Bellsouth Telecommunications

      Best Western Intl.

      Blue Cross Blue Shield

      Booz Allen Hamilton

      Boston Consulting

      Cable & Wireless

      Cablecom Media AG

      Cablevision

      CBS

      Charter Communications

      Cisco

      CitiFinancial

      City of Nashville

      City of Tampa

      Clemson University

      Comcast Cable

      Credit Suisse

      Dow Chemical

      EMC Corporation

      Ericsson

      Ernst and Young

      Faurecia

      Federal Express

      Federal Reserve Bank

      Fibercloud

      Fiserv

      Ford Motor Company

      Foundstone

      Gartner

      Gates Foundation


      General Dynamics

      Gillette Deutschland GmbH

      GTE

      H&R; Block

      Harvard University

      Hertz Corporation

      ING Direct

      IntelSat

      J.D. Byrider

      Johns Hopkins University

      Kennedy Space Center

      Kodak

      Korea Telecom

      Leggett and Platt

      Level 3 Communications

      Liz Claiborne

      Lockheed Martin

      Lucent

      MasterCard

      McDonald’s Restaurants

      Microsoft

      National Park Service

      NCR

      NEC

      Nestle

      New York Power Authority

      New York Times

      Nielsen Media Research

      Nortel

      Perot Systems Japan

      Phillips Petroleum

      Pricewaterhouse Coopers

      Procter & Gamble


      Sabre

      Saks

      San Francisco Intl. Airport

      Siemens

      Smart City Networks

      Smith Barney

      Smithsonian Institute

      Sparkasse Hagen

      Sprint

      St. John’s University

      Staples

      Subaru

      Supervalu

      Swisscom AG

      Symantec

      Telecom Italia

      Telenor

      Texaco

      The CDC

      The Economist

      Time Warner Cable

      U.S. Air Force

      University of Alaska

      University of Kansas

      University of Oklahoma

      US Dept. Of Defense

      US Postal Service

      US Secret Service

      Visa USA

      Volvo

      Williams Communications

      Yahoo


      ....and that is less than a hundred of the 18,000 customers that were vulnerable.

      Comment


        #13
        Originally posted by rogerfederer View Post
        Looks as if this is finally hitting the news ...
        Aye:

        US cyber-attack: US energy department confirms it was hit by Sunburst hack

        US nuke agency hacked by suspected Russian SolarWinds spies, Microsoft also installed backdoor

        Maybe this is why Microsoft seem keen to get on the linux train (from linux layer in Windows to linux based servers in Azure, and that's just the publicly released stuff/news this year), better security by default.

        Makes one wonder how deep that rabbit hole goes if the hackers have had months to do their thing before the sleeping giants discovered the intrusion.

        Oh well, there should be plenty of contract work for those with the right skillset to help clean up the mess. For the rest of us, we can recommend they just rip out all the IT infrastructure and start again. Only way to be sure is to nuke it from orbit.
        Maybe tomorrow, I'll want to settle down. Until tomorrow, I'll just keep moving on.

        Comment


          #14
          In my own experience, most hacks are internal or done by disgruntled ex-staff
          "A people that elect corrupt politicians, imposters, thieves and traitors are not victims, but accomplices," George Orwell

          Comment


            #15
            Originally posted by Paddy View Post
            In my own experience, most hacks are internal or done by disgruntled ex-staff
            Indeed, have none of them ever watched Mr Robot?

            qh
            He had a negative bluety on a quackhandle and was quadraspazzed on a lifeglug.

            I look forward to your all knowing and likely sarcastic and unhelpful reply.

            Comment


              #16
              Originally posted by rogerfederer View Post
              Deter?

              Perhaps the US could send some digestive biscuits to the Kremlin and ask nicely? Short of continued tangible threats and action I don't know what deterrence would work. The main issue now is that if the US intelligence agencies receive authorization to disable many Russian core infrastructure assets, then it seems they may be able to reciprocate. One thing Russia doesn't have is good infrastructure and a plan B or C. I feel sorry for the people living there, having visited myself. It's a tuliphole, even in Moscow, unless you are well connected and rich. I'm only glad that nowhere in developed countries do we see such misinformation and poverty as they see in Russia. The average age of male death says all we need to know.

              Throughout the world at transit interconnects, within carrier networks, traffic is monitred by UK's GCHQ and the USA's NSA. When the Russian government state they aren't a part of a hack, well, that part is difficult to dispute. However it is absolutely possible to prove that the packets used to complete the hack came from Russia. Given that multiple VPNs and TOR will have been used, it is a more complex task to piece the information together - but piece the intelligence agencies will and it will be demonstrable that the Russian government was involved in this, if that is indeed the case.

              China has a flourishing private sector and I do not believe they would wish to have tit-for-tat attacks, especially towards private sector businesses. What does Russia have? I can count the tech and products I've used from Russia on one hand. Well, on one finger actually.

              It's about time that the west considers cutting off Russia from the internet once the evidence is in on this longer term hack that has ocurred. Given most fair countries own the transit points and interconnects it seems the only way to resolve Russia behaving rogue. They are a fossiel fuel powerhouse, but that is it. They don't have much to offer other countries, the food is extremely poor and the populace seem happy to accept it being this way. A few years hard labour on the Russian government seems fair enough.
              Sanction Russia to stop them using Visa, MasterCard and other international payment systems.

              Comment


                #17
                Originally posted by Paddy View Post
                In my own experience, most hacks are internal or done by disgruntled ex-staff
                Well, when the main password was (presumably they've now changed it) apparently "SolarWinds123" () they only have 2FA to overcome and an inside job (either corrupt, duressed, or disgrunted staffer) makes that simple.

                I guess with clown world we're now into the realm of top Trump password complexity. Though 'covfefe' was a tad harder to break than 'MAGA2020'
                Maybe tomorrow, I'll want to settle down. Until tomorrow, I'll just keep moving on.

                Comment


                  #18
                  Originally posted by Old Greg View Post
                  Sanction Russia to stop them using Visa, MasterCard and other international payment systems.
                  Oil and gas embargo until NATO inspectors are allowed to inspect all Russian IT systems to be satisfied that not a trace of data was kept, plus guilty extradited for trials up to the top chain of command.

                  Comment


                    #19
                    Originally posted by AtW View Post
                    Oil and gas embargo until NATO inspectors are allowed to inspect all Russian IT systems to be satisfied that not a trace of data was kept, plus guilty extradited for trials up to the top chain of command.
                    Wong time of year for a gas embargo. Need to wait until March.

                    Comment


                      #20
                      Originally posted by Old Greg View Post
                      Wong time of year for a gas embargo. Need to wait until March.
                      No, it's great time - reserves are full and plenty of liquid gas are around the world, demand will fall in March - best part is that the way Russian gas production works is that if you stop it then you are fecked.

                      Gasprom is Put1ns personal money too.

                      Comment

                      Working...
                      X