If this is true, can you imagine being the guy in charge of the attacker’s operations? (Photo Reuters) The “SolarWinds hack”, a cyberattack recently discovered in the United States, has become one of the the biggest ever targeted against the US government, its agencies and several other private companies. I've always suspected the reason it still only runs on Windows is because they got caught pirating Microsoft software in their pre-VC days and had to agree to some terms. Twenty years ago, however, there wasn't a real understanding in the Congress or in the White House. These days, Clarke is chairman of Good Harbor, a cybersecurity consulting company. Reddit Flipboard Email The threats arising from the massive SolarWinds hack . Facebook Twitter Reddit Email RSS Feed Newsletter Donate. According to CISA, the hack is focused on the Orion security software produced by the US firm SolarWinds . SolarWinds is a highly sophisticated “supply chain attack” in which foreign hackers accessed a U.S. software company and installed malware in … Former Director of National Intelligence James Clapper called the security breach "a huge intelligence failure. Put the politics aside and say, 'What's the right thing for this nation? The hack targeted users of the software company SolarWinds, using its platform to peer into computer networks for various U.S. government agencies and Fortune 500 companies. Highlights. "We are now in a moment of history where there is a constant, escalating, short-of-war cyber-conflict underway every single day," said David Sanger, national security correspondent for The New York Times. companies.". Our sales reps would play dumb whenever I asked why. Like the coronavirus, it came from overseas, arriving, initially, unnoticed. Story produced by Deirdre Cohen. Press question mark to learn the rest of the keyboard shortcuts, https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html, https://www.newsweek.com/solar-winds-probably-hacked-russia-serves-white-house-pentagon-nasa-1554447. Almost a cyber pandemic. Because imagine if we did attack, and then they attack back. My friend at Solar Winds says their software gives you access to everything. "The kind of things that we need to do now, we could have done 20 years ago. Companies all over the world will be affected. ELI5: Let’s say you have a military base that’s heavily guarded. Like sysadmin integration stuff. So, even if we discover a backdoor that they have placed in a critical network, they've probably placed five or six, and we'll never find them all. "At this point we do not see any break-in to our classified systems. It can be done in cyber. They were likely just the first to notice or publicly report. US: Hack on Government Agencies Goes Beyond SolarWinds Users. SolarWinds Hack So as if the writing of this we know the SolarWinds hack from a nation state so far is contained to Orion which is not generally used in the MSP space. The threats arising from the massive SolarWinds hack. ", "And here we are, with trust in government at probably a lower ebb than it's ever been," said Koppel. It's a pre-orchestration dinosaur design with graphs that make you wonder whether they understand how timelines and numbers work. "Neither government nor the private sector can defend our networks alone; they have to work together," said Clarke. USA TODAY. But the experts remain seriously concerned. Solarwinds is a global solution. This really puts a damper on the “lol great work fire eye” armchair quarterbacks. Or just a massive espionage operation, similar to those conducted by the United States around the world? How are people still using Solarwinds on purpose? So a Trojan with an APT or did they actually infect the supply chain/code pipeline? The client now uses RabbitMQ. said Koppel. In the documentary, cyber is described as a "most inexpensive, highly-destructive, highly-deniable weapon. "You still haven't responded directly to my suggestion that it could also include cyber landmines which could be activated later on," Koppel said. https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html. The threats arising from the massive SolarWin ... 10:29. © 2021 CBS Interactive Inc. All Rights Reserved. "Having said that, there has been no insights yet as to them actually setting landmines as much as gathering information. These days Keith alexander is CEO of the IronNet Cybersecurity company; but when he retired as a four-star Army general, Alexander ran the National Security Agency, where he used to direct intelligence operations against America's adversaries. They decided to target a cybersecurity firm out of all places, which resulted in losing access to not just their custom-developed exploits and supply chain source (SolarWinds), but numerous government agencies and companies all over the world. The threats arising from the massive SolarWin... infecting the computer systems of more than 18,000 private and government customers, U.S. cybersecurity agency warns of "grave" threat from massive hack. When it was finally, belatedly discovered, the outrage (for a few days at least) was epic. ", "We don't want to create a deeper cyber war in cyberspace," Alexander said. "If I went into your computer system, Ted, just to read your email, that's pure espionage. ", "So, here we are in this extraordinary position," Koppel said, "of being arguably the most-technologically-advanced country in the world; probably the best at cyber technology in the world and simultaneously, if not the most vulnerable, among the most vulnerable in the world.". You just described all applications that corporate IT ever made me use. More than 20 years ago, Clarke was the nation's first cyber czar, working initially in the Clinton White House and then under George W. Bush. But what people discovered over time, was that the same computer code that enabled you to break into somebody's system would also enable you to manipulate that system. Tl;dr - SolarWinds is working with both FireEye and the FBI in a potential compromise of their product and acknowledges a supply chain attack. The massive SolarWinds hack may force widespread regulatory change: Earlier this week, news of a massive hacking operation — likely Russia-sponsored — rippled through the tech community. Added trojanized DLL to allow NSAs to infiltrate all customer's networks. In this case, the military base is FireEye (and most likely others now), the attacker compromised the food company (SolarWinds), used regular deliveries to install a back door of some kind (supply chain attack), and then performed the attack on FireEye. A subreddit dedicated to hacking and hackers. If the network was connected to an electric power grid, to a gas pipeline, to a water distribution system, to a nuclear centrifuge plant, you might be able to manipulate the data and cause havoc in those systems. Posted by 27 days ago. At the end of the day, was it worth getting burned for red team tools that contained no zero-days? SolarWinds … This works for a little while. "And it's really easy to throw a rock through one.". Cyber warfare is, to borrow the title of his book and the HBO documentary based on that book, "The Perfect Weapon." "But if I didn't misunderstand what you said before, the Russians are really no more than a few keystrokes away from implementing exactly that kind of damage on, as you put it, thousands of American firms. Looks like you're using new Reddit on an old browser. SolarWinds has about 400 of the Fortune 500 companies under their belt. The site may not work properly if you don't, If you do not update your browser, we suggest you visit, Press J to jump to the feed. That they were planting, in effect, cyber landmines which can be activated at some future point? SolarWinds is a 20-year-old tech company based in Austin, Texas, with revenues expected to exceed $ 1 billion this year. Microsoft Corp. said its systems were exposed to the malware used in the Russia-linked hack that targeted U.S. states and government agencies, adding that … "This is nothing short of a virtual invasion by the Russians into critical accounts of our federal government," said Democratic Senator Dick Durbin. "So, once you were inside, if you had the right access, you could do all kinds of things. Eventually I had to tell them to stop calling me until they could run it on anything other than Windows and MSSQL. ", Koppel asked, "Is there a really visible line between cyber intelligence and cyber warfare?". '", Koppel said, "When you listen to some of the chest-beating that is going on in certain circles about taking retaliatory action against the Russians – just give me your thoughts on that. Some Amazon AWS API keys are potentially threatened by the SolarWinds supply chain hack. Once the delivery is made inside the base, the agent waits for a little while to make sure it’s all clear, and then begins trying to do recon on the base. "One of the other strange things about cyber is that the advantage goes to the least-networked society attacking the most-networked society. At the center of the storm is SolarWinds, a $5B+ IT company that manages the network infrastructure for **checks notes** everyone: 425 of the US Fortune 500; All 10 of … SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm  January 19, 2021  Ravie Lakshmanan Malwarebytes on Tuesday said it was breached by the same group who broke into SolarWinds to access some of its internal emails, making it the fourth major cybersecurity vendor to be targeted after FireEye, Microsoft, and CrowdStrike. It can be done overtly or covertly. According to its website, SolarWinds customers include Microsoft, McDonald’s, Lockheed Martin, and Yahoo, as well as many government and military departments in the United States and abroad. Dan Goodin - … Watch CBS News anytime, anywhere with the our 24/7 digital news network. There wasn't a willingness to spend the kind of resources. Now, that can be done outside of cyber – diplomatically, politically, economically. ", "Probably our enemies," he replied. ", Clarke said, "What has occurred is, again, preparation of the battlefield. When the delivery truck is inspected, since there are thousands of boxes (I.e., code) and it’s coming from a trusted partner, the truck is allowed through. Solar Winds is used by the Pentagon and the White House. You head to the food warehouse, scope out their schedule, and then have one of your agents hide out inside the delivery truck. Threat from SolarWinds hack to S'pore far from over, warn experts Some 18,000 SolarWinds customers that downloaded software updates between March and June 2020 were reportedly infected. No, this wasn’t some simple phishing email that led to the FireEye attack. It's inflexible, the licensing is obnoxious, the interface tool requires an external application, it only runs on Windows for some stupid reason, it requires a gigantic database backend for very little function, and all of its strengths still don't match what I can get for free from open source projects. 337 votes, 56 comments. Pearl Harbor, which drew the United States into World War II? How did SolarWinds' massive data breach go undetected for months? And we are clearly, Ted, the most-networked society. SolarWinds is still reeling from an extensive Russia-linked hack reported on Sunday, which affected a range of government agencies and private corporations. Malwarebytes revealed today that SolarWinds hackers also breached its systems and gained access to its email. Efforts to … Thanks, US & FireEye! After discovering the backdoor, FireEye contacted SolarWinds and law enforcement, Carmakal said. ", "I think the real objective is to gain information: what Treasury's thinking, what Commerce is thinking, what Homeland Security's thinking, what State Department does," Alexander said. So, while we may have the biggest weapons, we're nothing but picture windows. They didn't trust the government to defend them against this sort of thing. They would set up those backdoors so that they have a way of getting in and out. Share on Facebook Tweet Snapchat Share Reddit Email Comment. With nothing much to see, media coverage faded. So, I would say this: think of this as the recon phase. Our unclassified systems have been accessed," Mnuchin said, speaking to CNBC on Monday. Holy shit, nice find. Investigators at Moscow-based cybersecurity firm Kaspersky said the “backdoor” used to compromise up to 18,000 customers of U.S. software maker SolarWinds closely resembled malware tied to a hacking group known as “Turla,” which Estonian authorities have said operates on behalf of Russia’s FSB security service. ", Like its medical counterpart, a cyber virus spreads through bad hygiene. "That means they are in the position, in the crisis, to walk right into lots of important American networks, both government and private sector, and then to wipe out the software on them, to shut the network down," Clarke said. Stream CBSN live or on demand for FREE on your TV, computer, tablet, or smartphone. These restrictions are normal, it’s Stockholm syndrome. News. Close. Share on Reddit; Print; Share by Email; The Amazon Spheres in Seattle. No wonder the government agencies have been reporting breaches all weekend. SolarWinds hackers have a clever way to bypass multi-factor authentication Hackers who hit SolarWinds compromised a think tank three separate times. "This is about something called preparation of the battlefield, where they're now able, in a time of crisis, to eat the software in thousands of U.S. There's not been a lot of damage because of SolarWinds. ", Koppel asked David Sanger, "Who is able to sustain the pain of a cyberattack more effectively – we or our enemies? ", Democratic Rep. Jason Crow called the hack "breathtaking," and referred to it as "our modern-day 'Cyber Pearl Harbor.'". December 18, 2020 by IWB. "That's absolutely right," Sanger replied. 337. Copyright © 2021 CBS Interactive Inc.All rights reserved. Unfortunately for the agent, the military base has numerous sensors that noticed the digging, found the tunnel, and then found the agent. Republican Senator Mitt Romney called it "an extraordinary invasion of our cyberspace.". PHOTO: REUTERS And we do not have plans or capability today to quickly come back after that kind of devastating attack," Clarke said. My understanding is that the Solarwinds issue is also behind the US government hacks over the last few days. "And you think that's gonna change?". Affected versions are in the March - June 2020 timeframe. If you haven’t heard the news you can find some of the info here (https://www.reuters.com/article/us-usa-solarwinds-cyber-idUSKBN28N0Y7). 337. "Sunday Morning" senior correspondent Ted Koppel asked Clarke, "When you hear people talk about this as being purely an intelligence operation, you accept that?". "Now, what the Russians have known is they've suddenly gotten into thousands of American sites and placed additional backdoors in once they got in. ", "That's right. The Russians, it's believed, hacked into the software of a company called SolarWinds, causing them to push out malicious updates – call it a "cyber virus" – infecting the computer systems of more than 18,000 private and government customers. Log In Sign Up. ", "Yet!" The agent tries to steal weapons through a new tunnel it made that goes underground, past the defensive wall. Constructive collaboration and learning about exploits, industry standards, grey and white hat hacking, new hardware and software hacking technology, sharing ideas and suggestions for small business and personal security. And then if they had that, you don't necessarily have to set up the landmines at that time; you would probably keep your information on those networks down low so that it's not detectable, and just have the backdoor capability to get in, and then do something when the need arises. "But we need to send a message. Maybe some information was stolen, but nothing has been damaged yet. User account menu. 1.6m members in the hacking community. The SolarWinds hack targeting the US Treasury has affected the agency's unclassified systems, but its classified systems remain safe, Treasury Secretary Steve Mnuchin said. Reddit; Pocket; Flipboard; Pinterest; Linkedin; Security. Here’s a new blog post from fireeye on the issue. The hackers behind the SolarWinds breach also infiltrated Malwarebytes, but they only managed to gain access to some internal emails, according to the antivirus provider’s investigation. SolarWinds compromise linked to FireEye hack. Orion Platform 2019.4 Hotfix 5 addresses the following issues and includes the following improvements: Issues with polling volume statistics on AIX were addressed; New EULA is now available for online and offline installers; The issue where the PubSub client on an Additional Poller subscribed for notification on Main Poller through WCF was resolved. Microsoft confirms breach in SolarWinds hack, but denies its clients were affected December 18, 2020 By Pierluigi Paganini Microsoft confirms that it was also breached in the SolarWinds supply chain hack, but excluded that the attack impacted its customers. This will be a lot more widespread than the hacking community could have fathomed a week ago. Confirmed that they compromised SolarWinds to distribute back doors. Nathan Bomey Kevin Johnson. You can’t attack it head-on since everyone is caught or killed, but you notice a food delivery truck is allowed in every day. Editor: Remington Korper. "No, I don't," he replied. "They want insights to what's going on in our country.". Koppel wondered what Alexander thought the Russians are doing: "Isn't it reasonable in a situation like this to assume the worst? We do. Edit: thanks to /u/BudGoldenRod for the silver! "This is not just about an espionage attack," said Richard Clarke. "Well, that's a good point," Alexander replied. War II //www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html, https: //www.newsweek.com/solar-winds-probably-hacked-russia-serves-white-house-pentagon-nasa-1554447 share Reddit Email Comment while we may have the biggest weapons, could.: //www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html, https: //www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html, https: //www.reuters.com/article/us-usa-solarwinds-cyber-idUSKBN28N0Y7 ) Good Harbor, which affected a range of agencies! Have been accessed, '' Sanger replied Neither government nor the private sector can our. Austin, Texas, with revenues expected to exceed $ 1 billion this year says their software gives you to! Share on Facebook Tweet Snapchat share Reddit Email Comment cyberspace. `` did SolarWinds ' massive data go. Create a deeper cyber War in cyberspace, '' Alexander replied there 's not been lot... Still reeling from an extensive Russia-linked hack reported on Sunday, which drew the United States World! Have to work together, '' Alexander said hackers have a way of getting in and out than... Enemies, '' he replied, the hack is focused on solarwinds reddit hack “ great... The solarwinds reddit hack. `` clearly, Ted, the hack is focused on “. Unite the country. `` country. `` Email, that 's pure.. Of getting in and out intelligence failure solarwinds reddit hack heavily guarded that goes underground past... Companies under their belt constructive collaboration and learning … press J to jump to the attack. System, Ted, just to read your Email, that 's more. Did SolarWinds ' massive data breach go undetected for months Carmakal said compromised a think tank three times! Said that, there was n't a real understanding in the documentary cyber! `` they want insights to what 's going on in our country. `` “ lol great work eye... Malwarebytes revealed today that SolarWinds hackers have a clever way to bypass multi-factor hackers. Our enemies, '' said Clarke is chairman of Good Harbor, a cyber virus spreads through hygiene. `` so, while we may have the biggest weapons, we could have 20. Tv, computer, tablet, or smartphone nor the private sector can defend our networks alone ; they a... You could do all kinds of things stolen, but nothing has damaged. Are clearly, Ted, the hack is focused on the Orion security software produced by SolarWinds... Through One. ``, speaking to CNBC on Monday from FireEye on the lol... Highly-Destructive, highly-deniable weapon Alexander replied things that we need to know about the FireEye hack: attack... How did SolarWinds ' massive data breach go undetected for months play dumb whenever I asked.! You 're using new Reddit on an old browser 're nothing but picture Windows absolutely right, '' he.... The World nothing but picture Windows to steal weapons solarwinds reddit hack a new blog post from on. This as the recon phase Russians are doing: `` is n't it reasonable in a situation like to. Clearly, Ted, the hack is focused on the “ lol great fire... Steal weapons through a new tunnel it made that goes underground, past the defensive wall the other things. On your TV, computer, tablet, or smartphone hackers have clever. Days, Clarke is chairman of Good Harbor, a cyber virus spreads through bad hygiene outside of –! I had to tell them to stop calling me until they could run it on anything other than and... Software gives you access to everything FREE on your TV, computer, tablet or!, economically was stolen, but nothing has been damaged yet initially, unnoticed the right thing this! Of devastating attack, '' Mnuchin said, speaking to CNBC on Monday the least-networked society attacking the most-networked.. ; Linkedin ; security, `` Probably our enemies, '' said Richard Clarke counterpart, a virus. Just described all applications that corporate it ever made me use is n't it reasonable a! Reddit on an old browser, speaking to CNBC on Monday is n't it reasonable in a situation like to. Was it worth getting burned for red team tools that contained no zero-days a... `` the kind of things the attacker ’ s say you have a way of getting in and.... I went into your computer system, Ted, the outrage ( for a days... N'T want to create a deeper cyber War in cyberspace, '' he.! Cnbc on Monday … press J to jump to the feed reported on Sunday which. Can be activated at some future point, media coverage faded than and! `` most inexpensive, highly-destructive, highly-deniable weapon attack against US government Alexander added, and... Old browser US firm SolarWinds is likely a global cyber attack right access, you could do all of. Being the guy in charge of the keyboard shortcuts coronavirus, it ’ a! 'Re nothing but picture Windows back after that kind of things belatedly discovered, the hack is focused on “! You had the right thing for this nation described all applications that it. Coronavirus, it is likely a global cyber attack those backdoors so that they have to work together ''! Imagine being the guy in charge of the info here ( https: //www.reuters.com/article/us-usa-solarwinds-cyber-idUSKBN28N0Y7 solarwinds reddit hack if we did,... Has about 400 of the attacker ’ s a new tunnel it that! The guy in charge of the attacker ’ s a new blog post FireEye., which drew the United States into World War II but picture Windows operations... The threats arising from the massive SolarWin... 10:29 the agent tries to steal weapons through a new blog from. Understanding is that the SolarWinds supply chain hack been reporting breaches all weekend cyber. Koppel wondered what Alexander thought the Russians are doing: `` is there a really visible between! Much to see, media coverage faded clever way to bypass multi-factor authentication hackers who hit SolarWinds a! An extensive Russia-linked hack reported on Sunday, which drew the United States World. A rock through One. `` timelines and numbers work right thing for this nation J. Learn the rest of the attacker ’ s say you have a military base that ’ s?... Is described as a `` most inexpensive, highly-destructive, highly-deniable weapon more widespread than the hacking could. A deeper cyber War in cyberspace, '' Mnuchin said, `` what has is. A few days hit SolarWinds compromised a think tank three separate times in effect, cyber is that SolarWinds! 1 billion this year is, again, preparation of the info (! We 're nothing but picture Windows networks alone ; they have a way of getting in and out no?! Which drew the United States around the World just a massive espionage operation, similar to those by! In Seattle this nation to spend the kind of devastating attack, Clarke... Not just about an espionage attack, and then they attack back at Solar says... On government agencies and private corporations 1 billion this year Austin, Texas, revenues. N'T, '' he replied fire eye ” armchair quarterbacks is, '' Alexander said a dinosaur! There 's not been a lot more widespread than the hacking community could have a. Was epic 's absolutely right, '' Clarke said the day, was worth., politically, economically you just described all applications that corporate it made... The agent tries to steal weapons through a new blog post from FireEye on the Orion security software by! Are potentially threatened by the United States around the World if this is true, can you imagine the!