A fascinating detective story on computer hacking....

[Blansky]

This is a long read on tracking down and stopping a major computer hack a few years ago.

https://www.wired.com/story/the-unto...7-ee9891393828

[aftereffector]

A few years ago... must have been the Sandworm story, right? Wait, SolarWinds was a few years ago already?!!

Excellent article - that was a surreal time to be in the security field. Lots of late nights for incident responders, and of course it was over the winter holidays. Name a more iconic duo than major cybersecurity breaches and the second half of December!

[Blansky]

Quote:

Originally Posted by aftereffector

A few years ago... must have been the Sandworm story, right? Wait, SolarWinds was a few years ago already?!!

Excellent article - that was a surreal time to be in the security field. Lots of late nights for incident responders, and of course it was over the winter holidays. Name a more iconic duo than major cybersecurity breaches and the second half of December!

Something I've always wondered (since I nothing about writing code) is do companies have a "master" of their code and can run it to look for anomalies in their working code to see hacks and viruses snuck in, or are there programs that look for "intruders" or do they get their people in and go through every single line of code to search out hacks.

I'm amazed at the whole issue of sneaking in and hiding or creating back doors etc.

[aftereffector]

Disclaimer, I'm not a software engineer nor a full time security researcher, but I work adjacent to those disciplines.

It's almost impossible to audit code for backdoors and other malware in an enterprise software environment, particularly with how skilled these threat actors are. VPNFilter and its derivatives are another great example of how well-crafted these malware campaigns can be. Code reviews and audits are useful, but it's a Herculean ordeal to try to examine every function and module in a big codebase like SolarWinds. Supply chain attacks are frightening - who's going to audit every individual dependency in millions of packages that are imported into the production code? The alternative is to force developers to create their own packages from scratch, which is incredibly time-consuming and often introduces bugs and security holes anyways.

Defenders have a lot of layered approaches at their disposal like looking for abnormal behaviors from legitimate applications or users, which does help. But if one of the big-league offensive teams wants something badly enough, they're most likely going to get it. We only hear about the breaches that get discovered...

[Blansky]

Quote:

Originally Posted by aftereffector

Disclaimer, I'm not a software engineer nor a full time security researcher, but I work adjacent to those disciplines.

It's almost impossible to audit code for backdoors and other malware in an enterprise software environment, particularly with how skilled these threat actors are. VPNFilter and its derivatives are another great example of how well-crafted these malware campaigns can be. Code reviews and audits are useful, but it's a Herculean ordeal to try to examine every function and module in a big codebase like SolarWinds. Supply chain attacks are frightening - who's going to audit every individual dependency in millions of packages that are imported into the production code? The alternative is to force developers to create their own packages from scratch, which is incredibly time-consuming and often introduces bugs and security holes anyways.

Defenders have a lot of layered approaches at their disposal like looking for abnormal behaviors from legitimate applications or users, which does help. But if one of the big-league offensive teams wants something badly enough, they're most likely going to get it. We only hear about the breaches that get discovered...

Thanks. It's pretty frightening when you consider now that basically every system a country is responsible for, air traffic, nuclear, govt info, banking, utilities, military, etc etc is all run by computers.

The US and probably all the major players have the capabilities and systems in place to basically shut down an enemy country if they wanted to. Even a minor thing like shutting down the banking system and traffic lights. Or shutting down the power grid. No stores, no home entertainment. No gas, etc etc

My wife was ready to kill me when we lost internet for 4 hours.

[77T]

Quote:

Originally Posted by aftereffector

But if one of the big-league offensive teams wants something badly enough, they're most likely going to get it. We only hear about the breaches that get discovered...

Agree…
It is likely that similarly important breaches have occurred (and are still occurring) using different vectors.

Sadly, governments aren’t staffed adequately to protect themselves. It will be the creative talent inside small asymmetrical contractors who will break the next “big breach”.

Issuing executive orders to DHS for assessments of “cyber incidents” are too late and too cumbersome. Their desire to spend the least in both industry and government will result in new failures faster than anyone’s tools can evolve to prevent a new attack or detect those that happened earlier (and are still undetected today).

A blockchain-driven Web3 has promise to find netflow that’s bogus. But we are years away…


Sent from my iPhone using Tapatalk Pro

[Ferdelious]

Great article, thanks for sharing. They should make this story into a movie.