Massive Cyberattack Was Waged From Within US, Top Cybersecurity Firm Says

(post is archived)

You are currently inside a comment thread.

[–] • 0 pt

That's all very well and good, but you are expanding the scope of the discussion greatly to things like how SW's deployment mechanism was hacked and bad internal defense within a network compounds the issue. While those things are fair points in a vacuum, they weren't the point of the article, nor were they the point I was making.

parent
link

[–] • 0 pt

(edited )

Son, listen up - from the original article...

>The massive cyberattack was conducted using servers and computers within the U.S. and often from within the same town or city as the victims of the attack, FireEye told The New York Times. Because the attack came from domestic servers, the perpetrators were able to evade the National Security Agency’s (NSA) authority, which does not extend to domestic private sector networks.

If you are an intruder, as indicated in my initial post - you are going to make it look like a local connection. To connect from a foreign location you might as well march a band through the front door. The NSA has domestic authority - it's the CIA who has a prohibition on domestic activity. The article is very mis-informed. And, there were many levels of connections - both at SolarWinds (into the development servers) that served as the basis for the distribution of the trojan, and from the victim's systems back out to the command & control networks for backhaul of the take.

>“[Russia’s Foreign Intelligence Service (SVR)] is deliberate, they are sophisticated, and they don’t have the same legal restraints as we do here in the West,” former government intelligence analyst Adam Darrah told The Times.

Anyone with access to Vault 7 (which is anyone and everyone on the web) has enough information (even utilities) to make their fingerprints appear to be Russian, Chinese, NorKn, Pak, Israeli, Iranian, French, German or who ever you wish to impersonate (right now the only innocent ones are the Native Americans). To call out the SVR is probably a bit premature. Just remember with Clinton's email server - there were no foreign hacks - well a couple of years later it came to light that EVERYONE was linked into her email one way or another (they were stumbling over one another - trying to avoid each other's hacks - to the point of needing hack management) - the only ones NOT reading her email were the American voters.

My second post was spot on, since folks similar to yourself have little demonstrated appreciation (folks - you gotta think out of the box here on this stuff) for the overall systemic problem illustrated by this type of attack. Perhaps, that's why - I have (yet another) conference call in a couple of minutes on just this exact topic. Even though I'm retired, I keep getting sucked in (their idea, not mine) - and bring some external clarity to the situation.

Son, listen up - from the original article... >>The massive cyberattack was conducted using servers and computers within the U.S. and often from within the same town or city as the victims of the attack, FireEye told The New York Times. Because the attack came from domestic servers, the perpetrators were able to evade the National Security Agency’s (NSA) authority, which does not extend to domestic private sector networks. If you are an intruder, as indicated in my initial post - you are going to make it look like a local connection. To connect from a foreign location you might as well march a band through the front door. The NSA has domestic authority - it's the CIA who has a prohibition on domestic activity. The article is very mis-informed. And, there were many levels of connections - both at SolarWinds (into the development servers) that served as the basis for the distribution of the trojan, and from the victim's systems back out to the command & control networks for backhaul of the take. >>“[Russia’s Foreign Intelligence Service (SVR)] is deliberate, they are sophisticated, and they don’t have the same legal restraints as we do here in the West,” former government intelligence analyst Adam Darrah told The Times. Anyone with access to Vault 7 (which is anyone and everyone on the web) has enough information (even utilities) to make their fingerprints appear to be Russian, Chinese, NorKn, Pak, Israeli, Iranian, French, German or who ever you wish to impersonate (right now the only innocent ones are the Native Americans). To call out the SVR is probably a bit premature. Just remember with Clinton's email server - there were no foreign hacks - well a couple of years later it came to light that EVERYONE was linked into her email one way or another (they were stumbling over one another - trying to avoid each other's hacks - to the point of needing hack management) - the only ones NOT reading her email were the American voters. My second post was spot on, since folks similar to yourself have little demonstrated appreciation (folks - you gotta think out of the box here on this stuff) for the overall systemic problem illustrated by this type of attack. Perhaps, that's why - I have (yet another) conference call in a couple of minutes on just this exact topic. Even though I'm retired, I keep getting sucked in (their idea, not mine) - and bring some external clarity to the situation.

parent
link