The Rolex Forums   The Rolex Watch

ROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEX


Go Back   Rolex Forums - Rolex Forum > General Topics > Open Discussion Forum

Reply
 
Thread Tools Display Modes
Old 18 May 2023, 12:48 AM   #1
Blansky
2024 Pledge Member
 
Blansky's Avatar
 
Join Date: Feb 2013
Location: swmnpoolsmovie*
Posts: 9,809
A fascinating detective story on computer hacking....

This is a long read on tracking down and stopping a major computer hack a few years ago.

https://www.wired.com/story/the-unto...7-ee9891393828
__________________
OlllllllO
Blansky is offline   Reply With Quote
Old 18 May 2023, 12:56 AM   #2
aftereffector
"TRF" Member
 
Join Date: Apr 2023
Location: N/A
Posts: 60
A few years ago... must have been the Sandworm story, right? Wait, SolarWinds was a few years ago already?!!

Excellent article - that was a surreal time to be in the security field. Lots of late nights for incident responders, and of course it was over the winter holidays. Name a more iconic duo than major cybersecurity breaches and the second half of December!
aftereffector is offline   Reply With Quote
Old 18 May 2023, 02:48 AM   #3
Blansky
2024 Pledge Member
 
Blansky's Avatar
 
Join Date: Feb 2013
Location: swmnpoolsmovie*
Posts: 9,809
Quote:
Originally Posted by aftereffector View Post
A few years ago... must have been the Sandworm story, right? Wait, SolarWinds was a few years ago already?!!

Excellent article - that was a surreal time to be in the security field. Lots of late nights for incident responders, and of course it was over the winter holidays. Name a more iconic duo than major cybersecurity breaches and the second half of December!
Something I've always wondered (since I nothing about writing code) is do companies have a "master" of their code and can run it to look for anomalies in their working code to see hacks and viruses snuck in, or are there programs that look for "intruders" or do they get their people in and go through every single line of code to search out hacks.

I'm amazed at the whole issue of sneaking in and hiding or creating back doors etc.
__________________
OlllllllO
Blansky is offline   Reply With Quote
Old 18 May 2023, 03:39 AM   #4
aftereffector
"TRF" Member
 
Join Date: Apr 2023
Location: N/A
Posts: 60
Disclaimer, I'm not a software engineer nor a full time security researcher, but I work adjacent to those disciplines.

It's almost impossible to audit code for backdoors and other malware in an enterprise software environment, particularly with how skilled these threat actors are. VPNFilter and its derivatives are another great example of how well-crafted these malware campaigns can be. Code reviews and audits are useful, but it's a Herculean ordeal to try to examine every function and module in a big codebase like SolarWinds. Supply chain attacks are frightening - who's going to audit every individual dependency in millions of packages that are imported into the production code? The alternative is to force developers to create their own packages from scratch, which is incredibly time-consuming and often introduces bugs and security holes anyways.

Defenders have a lot of layered approaches at their disposal like looking for abnormal behaviors from legitimate applications or users, which does help. But if one of the big-league offensive teams wants something badly enough, they're most likely going to get it. We only hear about the breaches that get discovered...
aftereffector is offline   Reply With Quote
Old 18 May 2023, 03:58 AM   #5
Blansky
2024 Pledge Member
 
Blansky's Avatar
 
Join Date: Feb 2013
Location: swmnpoolsmovie*
Posts: 9,809
Quote:
Originally Posted by aftereffector View Post
Disclaimer, I'm not a software engineer nor a full time security researcher, but I work adjacent to those disciplines.

It's almost impossible to audit code for backdoors and other malware in an enterprise software environment, particularly with how skilled these threat actors are. VPNFilter and its derivatives are another great example of how well-crafted these malware campaigns can be. Code reviews and audits are useful, but it's a Herculean ordeal to try to examine every function and module in a big codebase like SolarWinds. Supply chain attacks are frightening - who's going to audit every individual dependency in millions of packages that are imported into the production code? The alternative is to force developers to create their own packages from scratch, which is incredibly time-consuming and often introduces bugs and security holes anyways.

Defenders have a lot of layered approaches at their disposal like looking for abnormal behaviors from legitimate applications or users, which does help. But if one of the big-league offensive teams wants something badly enough, they're most likely going to get it. We only hear about the breaches that get discovered...
Thanks. It's pretty frightening when you consider now that basically every system a country is responsible for, air traffic, nuclear, govt info, banking, utilities, military, etc etc is all run by computers.

The US and probably all the major players have the capabilities and systems in place to basically shut down an enemy country if they wanted to. Even a minor thing like shutting down the banking system and traffic lights. Or shutting down the power grid. No stores, no home entertainment. No gas, etc etc

My wife was ready to kill me when we lost internet for 4 hours.
__________________
OlllllllO
Blansky is offline   Reply With Quote
Old 18 May 2023, 04:27 AM   #6
Ferdelious
2024 SubLV41 Pledge Member
 
Ferdelious's Avatar
 
Join Date: May 2013
Real Name: Matt
Location: Tampa, FL
Watch: Hulk/SD4K/SeaQ/P39
Posts: 3,203
Great article, thanks for sharing. They should make this story into a movie.
__________________
Why is it, "A penny for your thoughts," but, "you have to put your two cents in?" Somebody's making a penny.
Ferdelious is offline   Reply With Quote
Old 18 May 2023, 06:34 AM   #7
77T
2024 SubLV41 Pledge Member
 
77T's Avatar
 
Join Date: Dec 2010
Real Name: PaulG
Location: Georgia
Posts: 42,016
A fascinating detective story on computer hacking....

Quote:
Originally Posted by aftereffector View Post
But if one of the big-league offensive teams wants something badly enough, they're most likely going to get it. We only hear about the breaches that get discovered...
Agree…
It is likely that similarly important breaches have occurred (and are still occurring) using different vectors.

Sadly, governments aren’t staffed adequately to protect themselves. It will be the creative talent inside small asymmetrical contractors who will break the next “big breach”.

Issuing executive orders to DHS for assessments of “cyber incidents” are too late and too cumbersome. Their desire to spend the least in both industry and government will result in new failures faster than anyone’s tools can evolve to prevent a new attack or detect those that happened earlier (and are still undetected today).

A blockchain-driven Web3 has promise to find netflow that’s bogus. But we are years away…


Sent from my iPhone using Tapatalk Pro
__________________


Does anyone really know what time it is?
77T is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Wrist Aficionado

My Watch LLC

WatchesOff5th

DavidSW Watches

Takuya Watches

OCWatches


*Banners Of The Month*
This space is provided to horological resources.





Copyright ©2004-2024, The Rolex Forums. All Rights Reserved.

ROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEX

Rolex is a registered trademark of ROLEX USA. The Rolex Forums is not affiliated with ROLEX USA in any way.