Pages

Friday, December 18, 2020

UPDATED: A Cyber Pearl Harbor?

The last time I posted extensive videos and print material from a purported expert, it was Michael Osterholm. 'Nuff said.

Nevertheless, there's stuff going on with this cyber attack of incredible proportions--if we're to believe half of what we're hearing. I certainly haven't the background to assess what's being said, nor to know to which expert to turn. Presumably the people backing up Lou Dobbs have a handle on who Lou should be having on his show, so I present this interview of Morgan Wright:



I offer no opinion here because I really have no basis for doing so. Information at my usual sources has been scanty at best. Does this play into the election politics--Ratcliffe's delayed report, the shutdown of DoD transition talks? I don't know, and I'm loath to speculate. And yet we should be paying attention.

Insights, assessments, are welcome.

ADDENDUM: I just saw that TGP has a very partial transcript of what Wright had to say, so as tease to the video above ...


Lou Dobbs said he doesn’t remember the cyber community ever saying an attack was of “grave, grave danger” and that the Department of Homeland Security has no capacity to stop it.

Here are portions of what Wright said in response:

Any time you call a meeting on Saturday in the National Security Counsel it’s serious.  This is almost like a prelude to war!  … Not only were the government agencies hit, we got Lockheed Martin, we’ve got Firerite…this very well could have started after the 2018 election…. this is Russia’s way of getting back in the game… they attacked… SolarWinds…the updates were secure but they contained a malicious payload… it could be hundreds, it could be thousands of companies.

The companies in the military – industrial complex – were attacked.  This looks like what Russia did to Ukraine in 2016.

UPDATE: At the FireEye site there's a fairly lengthy report. I'm pasting in just the executive summary. Note that while this report characterizes the "actor" as "highly skilled", it makes no attempt to identify the actor, nor even to speculate in that regard as to whether this is a State sponsored actor or others. Notably, while the compromise is characterized as "global" in its effects, I couldn't find any suggestion as to how access was gained, i.e., was access gained by an outside actor or could the actor have had some form of internal access:


Executive Summary

  • We have discovered a global intrusion campaign. We are tracking the actors behind this campaign as UNC2452.
  • FireEye discovered a supply chain attack trojanizing SolarWinds Orion business software updates in order to distribute malware we call SUNBURST. 
  • The attacker’s post compromise activity leverages multiple techniques to evade detection and obscure their activity, but these efforts also offer some opportunities for detection.
  • The campaign is widespread, affecting public and private organizations around the world.
  • FireEye is releasing signatures to detect this threat actor and supply chain attack in the wild. These are found on our public GitHub page. FireEye products and services can help customers detect and block this attack.

Summary

FireEye has uncovered a widespread campaign, that we are tracking as UNC2452. The actors behind this campaign gained access to numerous public and private organizations around the world. They gained access to victims via trojanized updates to SolarWind’s Orion IT monitoring and management software. This campaign may have begun as early as Spring 2020 and is currently ongoing. Post compromise activity following this supply chain compromise has included lateral movement and data theft. The campaign is the work of a highly skilled actor and the operation was conducted with significant operational security.



77 comments:

  1. Richard Grenell said the report about the DOD suspending briefings to Election Thief Biden is fake news. I assume he'd know, given his sources in the Trump administration. Here's Grenell's tweet: https://twitter.com/RichardGrenell/status/1339965330454687752

    ReplyDelete
    Replies
    1. Grenell doesn't say that nothing has been postponed nor does he use the term "fake news".

      Delete
    2. "Fake news" was my word. He calls it "click bait reporting" and says, "This isn't true."

      Delete
    3. I KNOW that was your word--not Grenell's--so why did you initially say that that WAS what Grenell said? Further, the question is actually what Grenell is saying "isn't true." The essential part you don't quote is this:

      "The current Pentagon team has given more transition meetings than were given in 2016."

      IOW Grenell appears to be generally responding to accusations of a lack of cooperation, not to specific reporting that what had been ongoing meetings have been suspended for a time."

      In line with that, Fox is reporting:

      DoD pushes back on AXIOS scoop that Acting Pentagon Defense Secretary halts Biden transition briefings - says Miller asked for 1 day pause and both teams agreed to two week break over the holidays.

      Delete
    4. Really? I did not put Fake News in quotes but was characterizing what he said. It was an accurate characterization. Further, it seems that Axios's report is false, as Grenell said, per the other reporting you cite.

      Delete
    5. Thank you, Mark, for your ongoing integrity regarding what is presented here. Too many rumors are generated on forums by commenters putting their words in the mouths of prominent people, including the President. They are picked up and can then go viral. Anything stated as fact should be accompanied by a link to its source. Otherwise it is just the opinion of the commenter.

      Axios, a spinoff from Politico, is not a reliable source when it comes to anything about the President or Republicans, IMO.

      Delete
    6. "Axios's report is false, as Grenell said" - except Grenell doesn't say "false". What Grenell is saying "isn't true" appears to be the implication that the DoD is not offering as much transition cooperation as is called for--and more than was provided to Trump's team. But he's not denying that scheduled meetings were canceled. Nor, per Fox, is DoD.

      It remains a FACT that scheduled talks have been halted for a time, at the instigation of DoD, and the question is: Why? Transition talks ALWAYS take place over the "holidays"--it's the transition season. The question is, Why did Miller ask for one day and then agree to two weeks--which is a long time?

      I'm not offering or even suggesting answers, although I'm open to the idea that a cybersecurity breech could be part of the reason. Your comments are not helpful.

      Delete
    7. Seems to me that briefing the incoming administration about the status of a major cyber attack would not be something put off because "everyone is busy". The Pentagon has more than enough flag officers to handle just this type of situation. Not saying there is something nefarious about stopping the briefings, but the explanation appears weak to say the least. Which in itself causes everyone to read into it.
      Steve M

      Delete
  2. Jeffrey Prather gives some insights in a 7 minute short

    https://jeffreyprather.com/video-streams/#livestreamBreaking121720

    Prather in other podcasts posits that there is an intense struggle within the intelligence community between not only Deep Staters and Trump loyalists but also between the traditional powerbroker Russia analysts and the up and coming China analysts. In other words, it's quite possible that the IC is lyimg (again) about Russian involvement partly as a turf war thing and possibly as a deception to divert attention from China's actual activities.

    ReplyDelete
    Replies
    1. Yeah, I am HIGHLY skeptical that this is Russia. But whoever it is, from an enemy perspective, they could hardly pick a better time to go for the American jugular. Methinks a lot of hyenas, both internal and external, are quietly inspecting the corpse the deep state has laid out for their moment.

      Delete
  3. There seems to be no shortage of analysis and documentation of what went wrong with this election but the question is whose going to step up and do something about it...

    ReplyDelete
    Replies
    1. This country needs these hacks to step down. Stepping up to them is genuflecting to the donor du jour.

      Delete
  4. One specific question I have: What is the basis for saying this was the Russians rather than the Chinese (or Iranians or N. Koreans for that matter)? I keep seeing references to it being the Russians, but to use a recent popular phrase, these seem to be claims "without evidence." (Not criticizing your report Mark, I'm referring to the news organizations that are reporting it.) Given the sensitivity, I don't expect the smoking gun to be produced to the public, but has anyone with the appropriate security clearances whom we trust (e.g, not Pelosi, Nadler, Schiff, etc.) come out and said, "I've seen the evidence and it was Russia?) It seems like the blame Russia bandwagon got loaded up extra heavy just as the latest on Hunter Biden and China was coming out. And I keep hearing the blame-Russia portion coming from Democrats and the media (not there is a difference between the two).

    I also don't like the drumbeats of war being beat by the likes of Sen. Durbin (calling it an invasion") or others in the cyber community calling it in an "attack." Unless affirmative steps were taken to harm the infrastructure, this seems like a very sophisticated spying operation. (Unlike Stuxnet, which was infiltration that actually caused damage. I loved the Stuxnet result, but I think it was a good step closer to an act of war than infiltrating and stealing info).

    Here's hoping that the party of war is not looking for a distraction from the election hacking. Of course, if this is related to the election hacking, then it might be properly characterized as an attack or act of sabotage.

    Andy S.

    ReplyDelete
    Replies
    1. "What is the basis for saying this was the Russians ..."

      One of many questions I'd like to hear some answers to. From trustworthy persons. It's why I specifically didn't offer an opinion. Nevertheless, at this point people are saying this is a big deal. I'd like some answers.

      Re Stuxnet, I agree that it was "a good step closer to an act of war." It also raises questions about what other cyber acts of war the US has carried out, and whether the CinC really controls all that goes on with our Cyber forces.

      Delete
    2. I think the issue is there is irrefutable evidence inside the intelligence community. Because no side is able to deny it each side wants to spin it their way.

      If it's spinned towards Russia Russia Russia! then Obama/Soros/DS have their way. They will be able to say it was the same in 2016 against Hillary, so it is in 2020. Let Biden fix it.

      If it goes the way of China, Trump can claim, 2016 was fake but this time it's real and he needs to stay because Biden is compromised. Redo elections in swing states.

      I have started to believe nationalists may have tipped the election a little bit in 2016 towards Trump, and globalist upped the ante in 2020 cheating massively.

      This is all speculation of course. I have no insider knwolegde.

      Delete
    3. China expert Michael Pillsbury also wonders why the focus on the Russians - he believes China is our biggest threat, not Russia.

      Is that a convenient carryover from the Cold War? I can remember an office colleague in the 70s who would say “the Russians are shooting at us?” whenever anything went wrong.

      Delete
    4. I may have missed this in the thread, but didn't Morgan Wright say the cyber attacks are essentially same playbook Russians used to kill the power grid in Ukraine?

      I don't think he definitively stated it was them, but the attack had the M.O of Ukraine.

      Dave

      Delete
    5. Right--it all seems long on claims of 'Russia' but short on specifics that would amount to proof. At the same time, it does sound serious.

      Delete
    6. How about pure speculation of the most outrageous - could this 'attack' be a splinter of a resistance plan gone wrong? It's a great distraction and could - potentially - lead POTUS to declare our election invalid thereby releasing the dogs of war within our own borders? How cold the cyber watchdogs within our IC not have been paying attention to Solar Winds everyday? If an outside hack happened then how did we miss it? If one of our enemies knew this was our cyber Fort Knox, then how could it have been breached for months without someone knowing about i? Who knew this was a weak point. Foreign actors would have to have been probing this for years before making a successful hack happen.

      Delete
    7. Some of the bigger "news" and rag outlets in the UK are also saying 'suspected' Russian hacking...

      But at this point, who is to say this wasn't an inside job, the work of a US Deep State malfeasant, bent on undermining what little cohesion is left?

      The number of Marxist's in the US Government butt-hurt over the double screwing of Bernie isn't inconsequential - so that's my own 'conspiracy theory' for the week.

      Recall, that in June/July? Chris Wray was VERY open in his speech about China's 'economic blitzkrieg' against the USA.

      For that matter, who is to say China isn't responsible, making it look like Russia...

      No matter how you slice it, it's a full-scale attack, and IMO not any less egregious than what we just saw in the election.

      Delete
  5. I'm with you on the who says it's Russia. I heard the sobriquet 'Cozy Bear' popped up. So maybe the hackers have a sense of humor. Or maybe it was those jerks at the CIA trying to work some con.

    But pay attention to the pea under the thimble. Our well-paid espionage types at military and intelligence agencies know this sort of thing goes on. They do it themselves. So yes, once again they got caught flat-footed. You know, like 9-11.

    So maybe the idiots in Washington, instead of getting their skis all waxed over transgender soldiers, diversity, critical race theory, and girls in special forces should start doing the jobs they're paid to do. What I see here is incompetence.

    "The updates were secure, but they contained a malicious payload." WTF! Is that like, "We had to bomb the village in order to save it"?

    I thought maybe the stupidity in higher places would stop after Boeing turned the safest plane in aviation history into a murder weapon (it still is). No such luck. Overlord stupidity is bottomless.

    And what are we going to do if the Russians get tired of our obstreperous bullshit? Go crying to the U.N.? Russia's not Iraq (another stupid war we lost).

    Sidebar: Russia's not the enemy. I'm not going to name names, but our real enemies use acronyms and live in or near Washington D.C.

    ReplyDelete
    Replies
    1. Our Military Industrial Intel complex is up to all sorts of stuff that We The People have no say in. While secrecy is obviously necessary, the big picture of our policy should not be manipulated without consent. I'm very much afraid that's been going on for, well, since at least WW2.

      Delete
    2. Yes, and it includes EX military, "retired" Generals using some of the most advanced surveillance tools on the planet...aimed at US citizens.

      "Troubling" doesn't come close to describing it...

      Delete
    3. @Titan: That was a fabulous comment start to finish.

      Delete
  6. The only thing that makes me skeptical of China being involved is that they expect to assume ownership of the U.S. gov't come Jan 20th. Why try this now when, come Jan 21st, they can just sit down at a keyboard in the agency/dept. of their choice and just download/modify whatever they want? After all it's been paid for.
    Tom S.

    ReplyDelete
  7. The general consensus seems to be that, SCOTUS abstained out of fear or ignorance, or something like that.

    While reading below passage regarding emergency powers, a question sparked in my mind.

    "Unknown to most Americans, a parallel legal regime allows the president to sidestep many of the constraints that normally apply. The moment the president declares a “national emergency”—a decision that is entirely within his discretion—more than 100 special provisions become available to him."

    https://www.theatlantic.com/magazine/archive/2019/01/presidential-emergency-powers/576418/

    The question is this: what would a supreme judge do, if he (or she) believed the cancer metastized deep and the only way to clean it is by executive branch to take drastic actions?

    What would Kavanaugh do, considering he is on record publicly recognizing there is a parallel body of laws, during his hearing while being questioned by Graham, here: https://m.youtube.com/watch?v=oOAkU_4iPYA

    I think he would do just what he has done; nothing. Because if SCOTUS would try the case on merits, it could take months, if not years.

    I think at the risk of sounding a conspiracy theorist, Trump is going to use (not martial law or EO 13848), but simply emergency powers to deal with this mess. How he does it I don't exactly know, but he had at least a month to figure out, if not more.

    ReplyDelete
    Replies
    1. "I think at the risk of sounding a conspiracy theorist,.."

      Kirk, if we have learned *anything * from the last 4 years it is that the conspiracies are not only real but deeper and far worse than anything the wildest crackpot or Hollywood screenwriter could have imagined. Neither you nor anyone else should front load an apology like that.

      Delete
    2. "Trump is going to use (not martial law or EO 13848), but simply emergency powers."
      Whatever he uses, it's anticipated that these acts may well be seen as "crossing the Rubicon", as it's being put at such places as
      https://macris.substack.com/p/trump-at-the-rubicon ,and
      https://www.rt.com/usa/510156-pentagon-biden-meetings-rubicon/ .

      Delete
  8. Well, consider me skeptical since we were all definitively told Russia colluded with Trump and hacked HIllary's emails. Not saying this hack wasn't them, but if it was a cyber offensive targeted at us, we need to keep our response on the cyber side of the ledger. Tit-for-tat, but no kinetic escalation.

    I know it's been four whole years since the military industrial complex has had any new wars, and they must be chomping at the bit for when Biden takes over. Maybe Trump can throw a wrench into any new war efforts?

    ReplyDelete
  9. I would say Morgan Wright is fairly correct over all with some points of conjecture. It almost mirrors my posting 2 postings a few days ago to the tee. But that also tells you they are keeping a tight lid on new information because I have no direct knowledge if the event, just the common knowledge of how this works. But also says Morgan Wright has no direct knowledge either.

    I tried to write a post on simplifying the issued with determining "who" did this but it ended up over 6000 words long and exceeds the post limit.

    To overly overly overly simplify it... We may never actually know "who".

    ReplyDelete
    Replies
    1. I'm about to do an UPDATE from what I believe is a reputable source that is very cautious about attribution.

      Delete
  10. Just before this was disclosed the NSA warned about Russian actors exploiting a VMware flaw that required access from internal network, the belief is the way they got inside was through the SolarWinds hack. At this point there is 90% probability that this was all Russian state sponsored. I work in Cyber Secuirty for a DIB contractor.
    MB

    ReplyDelete
    Replies
    1. Check out the FireEye report and see what you think.

      Delete
    2. And so that the point isn't lost in all of this, CISA was compromised as they too use SolarWinds. From theconservativetreehouse.com

      "A backdoor into SolarWinds’ is essentially a backdoor breach into the U.S. Cybersecurity and Infrastructure Security Agency (CISA). That same agency is in charge of operating all security networks connected to U.S. voting and election security systems, including the Dept. of Homeland Security. In essence, and as a matter of emphatic emphasis, the breach into SolarWinds’ is a breach into the U.S. election security network."

      If this doesn't trigger Trump's EO13848, then what would?

      Delete
    3. That aspect is, I believe, what had Morgan Wright really worked up.

      Delete
    4. "A backdoor into SolarWinds’ is essentially a backdoor breach into the U.S. Cybersecurity and Infrastructure Security Agency (CISA)."

      I wonder if this had something to do with Bryan Ware's sudden on set of high dudgeon back mid-November? About the same time SolarWinds exec's were dumping stock if I recall correctly.
      Tom S.
      Tom S.

      Delete
    5. Certainly would not be surprising.

      Delete
    6. The last FireEye report I read still claims unknown actor.
      Here is more about the VMware attack by Russian actors reported by NSA.
      https://krebsonsecurity.com/category/comingstorm/
      MB

      Delete
    7. Unfortunately the NSA advisory only contains a bare assertion.

      Summary of the SolarWinds customer list:

      https://krebsonsecurity.com/wp-content/uploads/2020/12/solarwindscustomers.png

      Delete
  11. Hmm, aren't these two on the team awaiting the report from DNI required by the EO 13838?

    https://twitter.com/stevenmnuchin1/status/1340016577496965122?s=20
    https://twitter.com/SecPompeo/status/1340016756627271681?s=20

    ReplyDelete
  12. Don't believe anything you hear about the perpetrator of this hack. The only thing you can be sure of - the perpetrator is disguised to appear to be someone he's not.

    ReplyDelete
  13. Am I putting too much together to connect this with the firing of the head of CISA?

    ReplyDelete
  14. Aren't major cyber attacks like this a predecessor to something more egregious? My suspicion is there is something bigger on the horizon. Taking advantage of the polarized grip we have as a nation could be a significant sign of trouble with a foreign entity.

    ReplyDelete
    Replies
    1. I agree, something big is up and if we don't get our s**t together PDQ it's going to be bad. Hope I'm wrong, but prepare for shocks......

      Delete
  15. "https://www.newsmax.com/politics/cia-trump-barr-attorneygeneral/2020/12/18/id/1002274/"

    Well, this puts speculation on this front to final rest.
    Tom S.

    ReplyDelete
    Replies
    1. Regarding the FireEye update I think they are being intelligent, it also has not changed much since I read their bulletin a few days ago.

      To the issue with "who"... I'm speculating that THE BEST answer will be no better than within a "margin of error".

      The problem is in the math... I can see 5 lead paths, 4 primary suspects and several hundred variations. Knowing the natural road blocks to hacking investigations, even with the best tools the possibilities become almost infinite.

      A "margin" is not a good basis for retaliation. This is going to get tricky.

      Delete
    2. I get the joke. With all of the unanswered questions swirling about us, it’s perhaps not too hard to take a cynical view of the recent actions of Bill Barr.

      Notwithstanding, I was curious about what Barr actually said in his interview with the WSJ so I’ve just read it. First of all, I was surprised to see that it was written by Kim Strassel, who, for my money, is right up there with Mark Wauck in having taken a clear-eyed view of much of the mischief done by Mrs Clinton and Mr Obama and their minions over the past five years. I’m inclined to believe what Ms Strassel writes.

      So, here’s a summary of what Mr Barr told her, in particular regarding the topics which have greatly interested this blog. You can make up your own mind about whether you buy what Barr is selling. But, at least, he answers some questions. (I’ve bolded some of Mr Barr’s most definitive statements. The judgment regarding what’s definitive is mine alone. And because I’ve again exceeded the word limit for comments I’ll try to post this lengthy comment in two parts.)


      1/Barr reminded Ms Strassel why he took the job in the first place. He had told the Senate at the time of his nomination, “I’m in a position in life where I can do the right thing and not really care about the consequences.” Then he said: “The Department of Justice was being used as a political weapon” by a “willful if small group of people,” who used the claim of collusion with Russia in an attempt to “ topple an administration. Someone had to make sure that the power of the department stopped being abused and that there was accountability for what had happened.”

      He said his overarching objective was to ensure that there is “one standard of justice.” That is why he appointed U.S. Attorney John Durham to investigate the FBI’s 2016 Crossfire Hurricane probe. “Of course the Russians did bad things in the election. But the idea that this was done with the collusion of the Trump campaign—there was never any evidence. It was entirely made up.”

      He said that Mr. Durham’s appointment would not have been necessary if Mueller’s investigation had exposed FBI malfeasance as it should have. Instead, he said, “[T]he Mueller team seems to have been ready to blindly accept anything fed to it by the system… [this] is exactly what DOJ should not be.”

      Barr said that Durham has been delayed because he had to wait until the end of 2019 for Horowitz to complete the IG investigation into the FBI’s actions and then the Covid lockdowns suspended federal grand juries and prevented Durham from using the subpoena power to leverage uncooperative witnesses.

      He said naming Durham as a special counsel would both provide assurance that his team would be able to finish its work and that Durham will produce a report to the attorney general. He said that “the force of circumstances will ensure [the report] goes public”, even under a new administration.

      Delete
    3. 2/In what is sure to be a controversial conclusion, Barr said that he has ruled out CIA wrong-doing in connection with the efforts against Trump. He said that he had been initially suspicious that agents had been spying on the Trump campaign before the official July 2016 start date of Crossfire Hurricane and that the CIA or foreign intelligence had played a role. But he concluded that he didn’t “see any sign of improper CIA activity [or] foreign government activity before July 2016… The CIA stayed in its lane.”


      He said that Durham is now tightly focused on “the conduct of Crossfire Hurricane, the small group at the FBI that was most involved …,” and “the activities of certain private actors.” He gave no indication who the private actors are.


      He said that Durham is also looking at the January 2017 intelligence-community “assessment” that claimed Russia had “developed a clear preference” for Mr. Trump in the 2016 election.

      He said that most of the substantive documents related to the FBI’s investigation have now been made public.

      He said that the FBI’s use “of confidential human sources and wiretapping to investigate people connected to a campaign was outrageous,” whether or not it leads to criminal charges.

      Also outrageous, he said, was the abuse of power by both the FBI and the Mueller team toward Mr. Flynn. The review by U.S. Attorney Jensen found that the FBI’s interview of Flynn had “no legitimate investigative basis.” The Mueller team also denied Flynn exculpatory information and pressured him into pleading guilty to lying.

      Mr. Barr said that Jensen’s review made clear that the case “was entirely bogus. He said prosecuting Flynn is analogous to DOJ right now prosecuting the person Biden named as his national security adviser for communication with a foreign government.

      He said that the DoJ’s powers are vast, and professional attorneys therefore are subordinate to democratically accountable officials. “The Department of Justice is not a trade association for prosecutors,” he said. Its client is the American people; its duty is to ensure the principles and standards of justice are fairly executed.

      He admitted he took flak from the right for not bringing the DoJ hammer down on Trump’s adversaries. He said, “A lot of Republicans think that’s playing by Robert’s Rules—you are being soft on the other side. And I understand that frustration. It’s painful that the system is used against Republicans and there is an AG not willing to do the same thing against Democrats. But that is the only way we find our way back.”

      He made no apology for declining to divulge before the election that Hunter Biden was under investigation. He acknowledged that the Justice Department’s rule against confirming probes involving office-seekers is “not absolute” and that he could imagine a dilemma in which government has “decisive evidence of a serious crime...” But in the absence of those conditions there’s “damn good reason for the rule,” which protects disfavored politicians, and private citizens with whom they’re associated, against the deep state. “Think about the power it would give the federal bureaucracy. The standard for investigating someone is low. So just gin up an investigation, make it public, affect every election.”

      For what it’s worth, he said that he had planned to stay on in a second Trump term.

      Delete
    4. I'm about half through my write up of the Barr interview. I took a couple of hours off to watch a mystery. I'm finding the interview rather offputting and frustrating--his perspective seems short sighted.

      Delete
    5. "But that is the only way we find our way back" Barr said.

      And I wish good luck finding his way in the upcoming Demshevik Gulag Archipelago.

      Delete
  16. What about agen. Flynn’s comment tonight on Dobbs that foreign governments have transmitted information about our elections? This seems so strange. Why now? If they had this information, we would have known it before now, yes? Then Dobbs quickly went to a break and asked if the general might continue afterwards. Some clearance checking? I don’t know, but I learn from you all, so I wonder.
    Aletheia

    ReplyDelete
    Replies
    1. It so possible some of that intelligence might have been gathered through not legally pre-approved methods, such as using intelligence agency powers listening to DNI, like Obama and Hillary did in 2016. So releasing them via another country, such as maybe Taiwan could be preferable, like Brennan used MI6 and 5 eyes.

      Delete
  17. read the whole tweet thread:

    >> https://twitter.com/RidT/status/1338537697560965120 <<

    We are being manipulated by calling this a "cyber attack."

    It isn't. By definition, since no one can point to any data destruction, alteration, or damage to networks that occurred as a result of the malware. It is a "network exploitation," not an "attack."

    >> https://pbs.twimg.com/media/Eph37G-XcAAz9ST?format=jpg&name=small <<

    I would add that, despite all the hysteria, there is no reason to think any classified network was compromised, based on the standard practices to isolate classified networks from all non-classified networks, equipment, and even power supplies.

    Whoever did this may have penetrated many networks over a several month period, but they didn't break anything, disable anything, and basically all they can access/exfiltrate is websites, and backend systems connected to those networks, and email servers.

    Calling this a Cyber Pearl Harbor is completely overblown, based on evidence so far available.

    ReplyDelete
    Replies
    1. OK, thanks. So who's manipulating us, and why? Is it possible that the Biden "transition" has been leaking inflated claims about a Cyber Pearl Harbor," and that's why the suspension of transition meetings?

      Delete
    2. Acting SecDef issued statement the hiatus in briefings for transition was by mutual agreement for holidays. Claims there was something nefarious going on were just more "fake news."

      Delete
    3. Is it possible that the Biden "transition" has been leaking inflated claims?
      Not only possible, but quite par for that crowd's course.

      Delete
    4. @EZ

      After you said this I asked a few I know in defence, aeronautical and space that I know work in sensitive networks. All are in IT and at least one of them works for one of the largest defense contractors in the world. A company that I've seen listed in more than one article as one of those majorly affected.

      All said they were not affected at all... That's NOT the answer I expected to hear.

      So.. you may be on to something there.

      Delete
  18. Doesn't it beg the question, why did Trump create the EO?

    Did he know something about this, expected something?

    Or is that off base?

    Frank

    ReplyDelete
  19. Not being an "expert", I wonder why we are told BOTH that 1) cyber-security during the election was absolutely perfect AND 2) the biggest network hack in the US on record has been running since late Spring.

    What am I missing here?

    ReplyDelete
  20. Every single Fox news headline on the hack uses the word “Russia.” The attribution of the hack has all the appearance of a media blitz.

    ReplyDelete
  21. Off topic but Lin Wood hit with a show cause order to revoke his appearance as Carter Page's counsel in Delaware.

    Lyn's been slightly off the rails as of late with his Twitter and tossing around all sort of crazy. However to do this to someone for their filings as counsel / cocounsel in election cases has to be a new low in judicial misconduct.

    This is just insane!

    https://mobile.twitter.com/LLinWood/status/1340128279521619968?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1340128279521619968%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.thegatewaypundit.com%2F2020%2F12%2Fjudge-delaware-revokes-attorney-lin-wood-appearance-counsel-carter-page-filing-georgia-wisconsin-cases-democrat-voter-fraud%2F

    ReplyDelete
    Replies
    1. @devil

      Care to cite specific examples of this "crazy" you smear a patriot and legendary attorney with?

      We have had 4 years of Democrat Media calling President Trump crazy for such outrageous claims that he was spied on or that the election was stolen or the Russia Mueller coup attempt. We should all be very hesitant to call anyone crazy or off the rails, especially someone who is working 24/7 to undo the coup in Georgia.

      Delete
    2. I would cite his statements about Roberts and Breyer, which have no source support--in fact, the SCOTUS hasn't met face to face since March. The flight logs, while calling for investigation aren't proof--there are multiple John Roberts in this world and the possibility of aliases. Going down those rabbit holes is 'off the rails' and not helpful.

      Delete
    3. @mark

      Lin Wood is only one of many many sane and credible commenters who have speculated that Roberts is acting in ways that raise questions of corruption or being compromised in some way, and that goes back all the way to the Obamacare farce decision. Woods' remark about Roberts and Breyer was based upon a reported conversation between them indicating extreme prejudice against Trump and if true grounds for recusal and judicial disqualification. The reports do not rule out a zoom call or other communication. "Off the rails" implies to me a kind of crazy which Woods certainly is not. Intemperate perhaps. Not crazy.

      Delete
    4. It's strictly speculation--a lawyer doesn't do that on a public forum. "Reported conversation." Reported by a radio host with no credible sourcing. "Somebody claiming to be a SCOTUS clerk but otherwise unidentified called me and said ..." NOT CREDIBLE.

      Delete
    5. Mark, your comment about ....'strictly speculation'....'not credible'....'a lawyer doesn't do that'. How is this different from what we wanted Barr to do - which was step out of what he thought he shouldn't do? In many ways Barr, isn't this what Barr was trying to say - that AG's don't act in that way? I badly wanted pushback against the letter those 50 retired IC idiots signed on to, but it would have started a media storm of it's own. Which is what I know I wanted.

      Delete
    6. It's totally different. Barr would not have been 'speculating'--he was in possession of solid, verified evidence which was being falsely contradicted publicly by political actors. Please reread Brett Tolman's comments in the UPDATE to the Barr thread.

      Delete
    7. @Tschifty Mccoy,

      I think Mark pretty much covered what I was pointing out.

      Everyone likes to root for the outlandish and ridiculous when it suits their side but it often completely degrades the integrity of the argument.

      I agree with what you are saying about the liberal press or liberals in general... But how hypocritical is it to use or cheer the same tactics?

      Roberts is what I consider to be a typical republican. Which is to say he has zero regard for the constitution or preservation of law. His focus is to further the means and motives of big government at the peril of liberty. His actions over time meet that characterization.

      Epstein didn't kill himself...

      But I don't need someone that who is supposed to be a fighter of truth and justice on twitter slinging conspiracies like the hypocrisy of a zoo monkey. It doesn't help, it hurts and it gives the liberal base a means to attack another piece of creditably to this election disaster.

      If Lyn wants to go prove that it was Chief Justice John Roberts in that flight log vs someone with the common name of John Roberts he knows how and has the means to make that happen. If he wants to make the case that the GA gov and SoS are guilty of crimes ACTUAL crimes he also has the means and abilities make that happen. It give us the evidence or state it with the correct skepticism and context. (Like Powell offers)

      There are a LOT of truths in conspiracies but when you just commit to them without question you simply become one.

      Delete
  22. Computers cannot be made secure; we’ve seen this time after time after time. The weakness to any and all computers is the introduction of new data or new software and even that assumes the original data/software was not corrupt,

    As computer scientists develop new ways to secure computers, other computer scientists develop new ways to corrupt computers. It’s a continuous battle of wits and the bad guys can try their malware over and over again, where the good guys can’t afford to lose even once.

    In the present case, we have hundreds and maybe even thousands of good guys defeated by the bad guys because the good guys all used SolarWinds Orion software. It was a fatal but unavoidable mistake. The computers have to allow new data and new software or they become useless.

    mso

    ReplyDelete
    Replies
    1. And it wasn't the software itself, it was the way the security of the way the software was developed and deployed. Security on developers and their processes is often lacking due to the work environment developers enjoy.

      Delete
  23. https://blog.reversinglabs.com/blog/sunburst-the-next-level-of-stealth

    Based on this analysis you conclude that they had access to SolarWinds’s build system since last year. And potentially every SolarWinds product could have been compromised and that would increase the scope. But every analysis I’ve seen is that the actors were targeting specific victims. They certainly had the potential of inflicting wide spread damage. They certainly had the ability to compromise a huge number of systems.
    MB

    ReplyDelete
    Replies
    1. @MB

      "But every analysis I’ve seen is that the actors were targeting specific victims."

      I think that's conjecture, at best it's *wanting to be ahead* of other reports. Or at worst it's narrative building to intentionally paint a picture.

      I think w more accurate description would be it was a large scale fishing expedition of industrial scale espionage.

      Also, I believe by the size, scope and complexity of this whoever did it was in SW longer than just last year. I say this based on the first infection build being from April 2019.

      Speculation is also rising with rumors it wasn't just SW they did this with... No confirmation yet though.

      Delete
    2. I've seen several cases where people who should know better are saying that, once this infection is cured we're good, our systems are clean again. But CISA's directive to isolate or power down, and in many cases completely reinstall all software, suggests they don't think so. Neither do I.

      Any entity going to as much trouble as the attacker did to blend in, hide, and operate in the background would almost certainly have several other hooks into the system. If they didn't install a couple of root kits, they've been negligent, and properly done root kits can be almost impossible to find and root out.
      All they need is a little of the unmapped space on a hard drive, or the storage on a video card or some other place, and a tweak to the Master Boot Record; all very hard to detect.

      They almost certainly infected more of SolarWinds' portfolio than has been reported so far. Again, anyone going to this much trouble, showing this much patience and expertise, would not settle for infecting a single file.

      WRT breaking in and taking nothing, it's too soon to make that claim. But even if nothing was taken, that doesn't mean a lot. The intrusion was slow and painstaking to avoid catching the attention of SolarWinds' security team (assuming they have one, as they certainly should). The intruder may be only part way to its ultimate goal, which we cannot know at this time. And that ultimate goal could easily be a “cyber Pearl Harbor.”

      SolarWinds has many thousands of customers, including critical government agencies and critical infrastructure. If you wanted to take it all down at once, SolarWinds is the way to do it in a massive instantaneous attack with no apparent outside initiation. The attacker has displayed so much patience thus far that we shouldn't discount an ultimate goal far beyond what we've seen, and exercising patience would mean foregoing any short-term gain in order to avoid jeopardizing the ultimate goal.

      And there's still another factor I haven't seen adequately addressed yet. The left has demonstrated that they're perfectly willing to do anything to achieve total control. With NSA and US Cyber Command in one organization under one leader, lefty control of someone at the right level (not necessarily at the top) within Cyber Command (especially) gives them access to NSA's hacking tools (and everyone breathing has access to the CIA hacking tools released by Wikileaks a few years ago) and the ability to do the SolarWinds thing unnoticed by NSA or anyone else. I wouldn't put it past them.

      In the cyber world, attribution is a bitch. If you're following the flow of outbound data, or backtracking to find the command and control servers, whatever you find isn't the end of it. There's so much smoke and mirrors, and there are so many ways of faking and disguising that you can rarely know you've found the culprit that way. Another method is to reverse compile the hack, examine the results, and try to tie it back to some known entity. Compiled code (the binaries, or executables) contain artifacts the compiling system throws in, and those artifacts may offer a clue. Stuxnet, for example, contained a couple of names from the Old Testament, leading many to believe that Israel was involved. Or the code may look like something previously seen from a known entity.

      But an attacker as patient and expert as this one knows how attribution works, so you can bet the farm that any artifacts found in the compiled code will point away from the real attacker. If it looks Russian, it's probably from China, Iran, or North Korea. CIA even had a tool to help with this.

      I'd bet there's an insider at SolarWinds and maybe one or more in our government.

      Delete
  24. "There is a provision in the National Defense Authorization Act ... that's sitting on the President's desk waiting for his signature ... that would give CISA, my old agency, the authorities to go out and really aggressively hunt and look for these adversaries and that's what we're going to have to do to get certainty to the other side of this," the ex-cyber chief said."

    https://www.cnn.com/2020/12/20/politics/mitt-romney-chris-krebs-trump-russia-cyberattack-cnntv/index.html

    So is pressure to sign the NDAA behind of this "attack"?

    One could say that's paranoid, but what reasoning person would reject the possibility since most every "official" utterance from the DS appears to be designed to "herd" public opinion.
    Tom S.

    ReplyDelete