SolarWinds cyberattack on US by Russia

[Robert]

https://www.bbc.co.uk/news/world-us-canada-55374945

US Defense Sec Mike Pompeo describes the worst ever cyberattack on the US.

Trump has downplayed Russian involvement and indicated China - but then that is to be expected.

 

[Cpt. Rishwat]

Russians are so behind the times and we all saw this with the grey slab cities portrayed in the hit BBC tv show Chernobyl. The idea they could be influencing US politics is frankly the most stupid conspiracy theory I have heard to date yet for some reason it is still circulating among supposedly intelligent circles.

 

[Technics 1210]

Yup it's the new thing, blame Russia for everything. They've milked the terrorist excuse now.

What's even more remarkable is the public believe this nonsense not realising US and Israel are champions at hacking - and assassinations.

No one is buying the Russian excuse anymore. The Western governments are untrustworthy, and their motives fully exposed in 2003.

Funny how a guy like Assange is wanted for exposing the truth - we all know why.

 

[Bewal Express]

Yup it's the new thing, blame Russia for everything. They've milked the terrorist excuse now.

What's even more remarkable is the public believe this nonsense not realising US and Israel are champions at hacking - and assassinations.

No one is buying the Russian excuse anymore. The Western governments are untrustworthy, and their motives fully exposed in 2003.

Funny how a guy like Assange is wanted for exposing the truth - we all know why.

I have a friend in Millitary intelligence and his description and narration of attacks by Russia tells me that you maybe a little naive. You are right about the fact that there is no good guys.

 

[Technics 1210]

I have a friend in Millitary intelligence and his description and narration of attacks by Russia tells me that you maybe a little naive. You are right about the fact that there is no good guys.

Western governments have and still engage in regime change at the cost of innocent lives. Bit rich for the same government to be pointing fingers.

If the government want us to believe Russians are behind all of this, then they should present the evidence.

 

[Bewal Express]

Western governments have and still engage in regime change at the cost of innocent lives. Bit rich for the same government to be pointing fingers.

If the government want us to believe Russians are behind all of this, then they should present the evidence.

I don't think they care if we believe or not. There is no evidence that will convince us but its aimed more at opinion formers

 

[Cpt. Rishwat]

I have a friend in Millitary intelligence and his description and narration of attacks by Russia tells me that you maybe a little naive. You are right about the fact that there is no good guys.

Iranians and Chinese are also accused of being linked to cyber-attacks. As you say, there are no good guys, so why would we expect anything else? Just imagine if these countries got a hold of a nuclear weapon!

 

[Technics 1210]

When you have sheeple who believe Brexit and Trump were the result of Russia then you have to ask just how powerful Russia is.

Same people have no problem with Mossad/Isreal hacking Iranian systems and then assassinating scientists. Oops, can't say this or accusations of antisemitism will be thrown around.

It's time people woke up. 2003 was a wake up call. Fabricated evidence by Western governments against a nation that played no part in 9/11 yet is still paying the price.

But yes, lets believe every word our government says.

 

[Bewal Express]

Iranians and Chinese are also accused of being linked to cyber-attacks. As you say, there are no good guys, so why would we expect anything else? Just imagine if these countries got a hold of a nuclear weapon!

My friend talked about Russians playing Islamist radicals and right wing haters to whip up anger. Often it was the same account according to him.

 

[Technics 1210]

My friend talked about Russians playing Islamist radicals and right wing haters to whip up anger. Often it was the same account according to him.

Funny, the Western media has been doing the same for the past 2 decades; whipping up fear and hate through sensationalism and propaganda.

 

[Bewal Express]

Funny, the Western media has been doing the same for the past 2 decades; whipping up fear and hate through sensationalism and propaganda.

And you believe they are good people? There are no good people, I bet the Russian media does exactly the same.

 

[Technics 1210]

And you believe they are good people? There are no good people, I bet the Russian media does exactly the same.

I'm saying the West is worse than any nation it accuses of hacking etc. Even if we accept the news as 100% truthful, it doesn't hold a candle to what the West (and Isreal) have done, and continue to do.

The news in the OP is just another run-of-the-mill distraction piece.

 

[Robert]

Russians are so behind the times and we all saw this with the grey slab cities portrayed in the hit BBC tv show Chernobyl. The idea they could be influencing US politics is frankly the most stupid conspiracy theory I have heard to date yet for some reason it is still circulating among supposedly intelligent circles.

Not US politics this time, US government computer systems.

https://edition.cnn.com/2020/12/14/politics/us-agencies-hack-solar-wind-russia/index.html

Chernobyl was in 1986. Since the USSR fell, and the Russian Federation embraced market forces, their tech has got rather good.

They are masters at asymmetric warfare, at which NATO is struggling to catch up.

 

[Robert]

I want to hear from any American IT people who might be able to shed light on the SolarWinds hack.

I am in contact with a Briton working in networks who says the the hack infiltrated all the US gov systems which makes me wonder how it got past the NSA.

One of the few things I agree with Johnson on is the new spend on GCHQ to harden UK against this sort of threat.

 

[Technics 1210]

I want to hear from any American IT people who might be able to shed light on the SolarWinds hack.

I am in contact with a Briton working in networks who says the the hack infiltrated all the US gov systems which makes me wonder how it got past the NSA.

One of the few things I agree with Johnson on is the new spend on GCHQ to harden UK against this sort of threat.

I can tell you, it's super easy to spoof an attack with a fake source IP address - this gives the impression it is from a particular country.

In this case, it wasn't so much a hack but an exploit on Solarwinds platform.

 

[MenInG]

WILMINGTON, Del./WASHINGTON (Reuters) - President-elect Joe Biden’s team will consider several options to punish Russia for its suspected role in the unprecedented hacking of U.S. government agencies and companies once he takes office, from new financial sanctions to cyberattacks on Russian infrastructure, people familiar with the matter say.

The response will need to be strong enough to impose a high economic, financial or technological cost on the perpetrators, but avoid an escalating conflict between two nuclear-armed Cold War adversaries, said one of the people familiar with Biden’s deliberations, speaking on condition of anonymity.

The overarching goal of any action, which could also include stepped-up counter cyber espionage efforts, would be to create an effective deterrence and diminish the potency of future Russian cyber spying, the person said.

The unfolding crisis - and the lack of visibility over the extent of the infiltration into the computer networks of federal agencies including the Treasury, Energy and Commerce Departments - will push to the front of Biden’s agenda when he takes office on Jan. 20.

President Donald Trump only acknowledged the hacking on Saturday almost a week after it surfaced, downplaying its importance and questioning whether the Russians were to blame.

The discussions among Biden’s advisers are theoretical at this point and will need to be refined once they are in office and have full view of U.S. capabilities.

Biden’s team will also need a better grasp of U.S. intelligence about the cyber breach before making any decisions, one of the people familiar with his deliberations said. Biden’s access to presidential intelligence briefings was delayed until about three weeks ago as Trump disputed the Nov. 3 election results.

With Trump taking no action, Biden’s team are concerned that in the coming weeks the president-elect may be left with only one tool: bluster, according to one of the people familiar with his options.

“They’ll be held accountable,” Biden said in an interview broadcast on CBS on Thursday when asked about how he would deal with the Russian-led hack. He vowed to impose “financial repercussions” on “individuals as well as entities.”

TEST OF WORKING WITH ALLIES

The response could be an early test of the president-elect’s promise to cooperate and consult more effectively with U.S. allies, as some proposals likely to be put before Biden could hit the financial interests or infrastructure of countries friendly to the United States, a person familiar with the matter said.

“Symbolic won’t do it” for any U.S. response, said James Andrew Lewis, a cyber security expert at the Center for Strategic and International Studies, a Washington think tank. “You want the Russians to know we’re pushing back”

A spokeswoman for Biden’s transition team did not respond to a request for comment.

The massive data breach, first reported by Reuters, enabled hackers believed to be from Russia’s SVR foreign intelligence service to explore the networks of government agencies, private companies and think-tanks for months.

Moscow has denied involvement.

One potential target for U.S. Treasury financial sanctions would be the SVR, said Edward Fishman, an Atlantic Council fellow who worked on Russia sanctions at the State Department during the Obama administration.

Media reports have suggested the SVR-linked hacking group known as "Cozy Bear" or APT29 was responsible for the attacks. The United States, Britain and Canada in July accused here "Cozy Bear" of trying to steal COVID-19 vaccine and treatment research from drug companies and academic institutions.

“I would think, at the bare minimum, imposing sanctions against the SVR would be something that the U.S. government should consider,” Fishman said, noting that the move would be largely symbolic and not have a major economic impact. The U.S. Treasury has already imposed financial sanctions on other Russian security services, the FSB and the GRU.

Financial sanctions against Russian state companies and the business empires of Russian oligarchs linked to Russian President Vladimir Putin may be more effective, as they would deny access to dollar transactions, both Fishman and Lewis said.

Those targets could include aluminum giant Rusal, which saw U.S. sanctions lifted in 2018 after blacklisted Russian billionaire Oleg Deripaska reduced his stake to a minority in a deal with the Treasury.

Lewis said a stronger option could be to cut Russia off from the SWIFT international bank transfer and financial messaging system, a crippling move that would prevent Russian companies from processing payments to and from foreign customers.

Such a move was contemplated in 2014 when Russia annexed Ukraine’s Crimean peninsula, but it would hurt the Russian energy sector, complicating gas sales to Europe and hit European companies with Russian operations.

Neither the Treasury nor State Department responded to questions about possible actions in response to the hacking.

The Pentagon’s U.S. Cyber Command likely has options for counter actions that could cripple Russian technology infrastructure, such as disrupting phone networks or denial of internet actions, Lewis said, adding that this too could hurt European allies.

“They’ll need to think through the diplomacy of that,” Lewis said.

The hackers likely left behind some malicious code that would let them access U.S. systems for retaliation against any U.S. cyber attack and it will take months to find and eliminate those “Easter eggs,” he added.

 

[Technics 1210]

Forget Solarwinds which is a monitoring platform, but Isreal have been caught hacking Whatsapp.

I guess this is all ok, we must protect the Zionists, all is fair when Isreal do it.

http://news.sky.com/story/whatsapp-hack-tech-giants-unite-against-spyware-company-nso-group-12170235

 

[MenInG]

The US has announced a range of new sanctions against Russia in response to what it says are cyber-attacks.

The measures, detailed in an executive order signed by President Joe Biden, are aimed at deterring "Russia's harmful foreign activities", the White House said on Wednesday.

The moves target 32 Russian entities and include the expulsion of diplomats.

The US accuses Russia of malicious cyber-activity and interference in the 2020 presidential elections.

The executive order also bars US financial institutions from purchasing rouble-denominated bonds from June.

The measures come at a tense time for US-Russia relations.

They are the second major round of sanctions against Moscow after seven mid-level and senior Russian officials, and more than a dozen government entities, were targeted over the poisoning of Kremlin critic Alexei Navalny last month. Russia says it had no part in the poisoning.

In a call with Russian President Vladimir Putin on Tuesday, Mr Biden said the US would "act firmly" in defence of its national interests.

Mr Biden also proposed a meeting with Mr Putin "in a third country" that could allow the leaders to find areas to work together.

But Kremlin spokesman Dmitry Peskov said any new sanctions, which he described as illegal, would not help plans for a summit.

What's behind this latest move?

Last year, cyber-security researchers identified a hack in a piece of software called SolarWinds - an intrusion that gave cyber-criminals access to 18,000 government and private computer networks.

Intelligence officials believe Russia was behind the attack. The hackers gained access to digital files of several US government agencies, including the treasury, justice and state departments.

Microsoft president Brad Smith said in February the SolarWinds hack was "the largest and most sophisticated" the world had ever seen.

Last December then US Secretary of State Mike Pompeo said he believed Russia was behind the attack but US investigators "were still unpacking precisely what it is".

The US is now set to formally accuse Russian intelligence of carrying out the hack. Russia has denied any involvement.

The revelations of a major Russian cyber-campaign called Solar Winds last year caused dismay in Washington and raised difficult questions about how to respond.

Some in Congress likened it to an "act of war" and demanded retaliation. But others pointed out that the Russians had simply been engaged in exactly the kind of espionage that America itself also carries out online.

In the end, the Biden administration came to a view that the scale of the compromise of US systems required some response - but the question was what. Some of the response will be carried out "covertly" - probably using offensive cyber techniques to degrade the systems of those involved in Russia.

But there was also a debate about how far to link the cyber-incidents to other Russian intelligence activity the US was unhappy about, including interference in the 2020 election, offering bounties to the Taliban for attacks on US soldiers in Afghanistan, and activities in Ukraine. Some favoured keeping issues separate.

In the end, it appears the Biden team have opted to lump all of these issues together with one major response to try to maximise the impact.

But will this actually deter Russia? Past experience suggests it is unlikely. Moscow has for some years believed it is engaged in a conflict with the West, although at a threshold below that of traditional war, and the US retaliation will just confirm that. What it will do, though, is signal inside the US and around the world that the Biden administration is going to take a tougher line than that of Donald Trump.

In his first foreign policy speech in February, Mr Biden made it clear he planned to stand up to Russia, pledging to hold it to account for alleged cyber-attacks and election interference.

"The days of the United States rolling over in the face of Russia's aggressive actions… are over," he said.

The quote provided a stark contrast to the words of his predecessor, Donald Trump, who rarely criticised Mr Putin.

In a report last month, US intelligence agencies concluded the Russian president had probably directed online efforts to help Donald Trump win a second term as US president.

The US has also publicly warned Russia against aggressive actions in Ukraine. Russia is beefing up its military presence near Ukraine's' eastern border.

And in a televised interview last month, when asked if he thought Mr Putin was a "killer", the US president replied "I do".

What has Russia said?

Mr Peskov on Thursday said that sanctions would "in no way" the prospect of a summit.

According to reports, the US ambassador in Moscow was told by Russian officials that Washington must refrain from new sanctions if it wanted to mend the relationship.

Mr Peskov also appeared to explain troop movements near Ukraine as a way of anticipating US actions such as sanctions.

"The hostility and unpredictability of America's actions force us in general to be prepared for the worst scenarios," he said last week.

BBC

 

[Markhor]

Probably pie in the sky thinking, but there should be an international treaty restricting the use of cyber warfare like how there are international agreements on nuclear and chemical weapons.

Let's say these cyber attacks escalate into disabling another country's critical infrastructure like their energy grid, or hack into medical records denying people access to healthcare - you could kill people. How is that not an act of war ? Perhaps you're not using bullets or missiles, but it'd achieve the same outcome.

Yet it seems policymakers are still stuck in Cold War mindset and are ill-equipped to deal with the threats of the future.

 

[Firebat]

Putin to decide on counter sanctions against Washington, says Kremlin

The Kremlin said on Friday that Russian President Vladimir Putin would decide what counter sanctions to impose on Washington, a day after U.S. President Joe Biden hit Moscow with an array of punitive measures, but gave no indication of timing.

The U.S. government on Thursday blacklisted Russian companies, expelled Russian diplomats and barred U.S. banks from buying sovereign bonds from Russia's central bank, national wealth fund and Finance Ministry.

Kremlin spokesman Dmitry Peskov said Moscow was mulling its response.

"The principle of reciprocity for such matters has not been cancelled, but everything will depend on the decisions made by the (Russian) head of state."

Peskov did not say when Putin would decide on counter sanctions, though Russia's Foreign Ministry said on Thursday retaliatory sanctions would come soon.

Peskov added that the Kremlin had yet to decide on Putin's possible participation in a U.S.-led climate summit.

"Their views categorically do not coincide when it comes to creating mutually beneficial relations and taking each other's interests into account," Peskov said of Putin and Biden.

Peskov said the Russian leader had repeatedly said that Russia was ready to cooperate with the United States as much as Washington wanted to cooperate with Moscow.

The U.S. sanctions were a response to Moscow's alleged meddling in last year's U.S. election, cyber hacking, bullying Ukraine and other alleged malign actions. Russia denies all the allegations.

Anatoly Antonov, the Russian ambassador to the United States, was recalled to Moscow last month amid deteriorating ties. He attended a meeting at the Russian Foreign Ministry on Friday.

https://www.reuters.com/business/fi...nter-sanctions-against-washington-2021-04-16/

 

[MenInG]

Russia is expelling 10 US diplomats and blacklisting eight top American officials in retaliation for sanctions imposed by the US on Thursday.

Those now banned from entering Russia include the director of the FBI and the US attorney general.

The White House says the US sanctions were in response to the "SolarWinds" hack last year, bullying Ukraine, and interference in the 2020 US election.

They come at a tense time for relations between Washington and Moscow.

Russia has been moving thousands of troops towards Ukraine, while US warships have been heading for the Black Sea, warned off by the Russian foreign ministry.

Last month the US targeted seven Russian officials and more than a dozen government entities over the poisoning of Kremlin critic Alexei Navalny. Russia says it was not involved.

However, this week US President Joe Biden offered his Russian counterpart Vladimir Putin a summit - an offer that Moscow has said it views positively and is currently considering.

Moscow has asked 10 US diplomats to leave the country. It has also banned eight officials from entry. They include:

US Attorney General Merrick Garland
FBI Director Christopher Wray
US Domestic Policy Adviser Susan Rice
Five Polish diplomats have also been told to pack their bags, after Warsaw expelled five Russian officials.

As well as expelling 10 Russian diplomats, the US is targeting 32 entities and officials accused of trying to influence the 2020 US presidential election "and other acts of disinformation".

US financial institutions are also banned from purchasing rouble-denominated bonds from June.

BBC

 

[Robert]

USA expelling an equal number of diplomats in t1t-for-tat move.

 

[Last Monetarist]

https://www.theguardian.com/technology/2021/jul/31/solarwinds-russian-hackers-email-accounts-top-us-attorney-offices

Russian hackers behind the massive SolarWinds cyber-espionage campaign broke into the email accounts of some of the most prominent US federal prosecutors’ offices last year, the Department of Justice has said.

The department said 80% of Microsoft email accounts used by employees in the four US attorney offices in New York were breached. All told, the DoJ said 27 US attorney offices had at least one employee email account compromised.

The justice department said on Friday it believes the accounts were compromised from 7 May to 27 December last year. That timeframe is notable because the SolarWinds attack, named for the company which made the affected product and which infiltrated dozens of companies and think tanks as well as at least nine government agencies, was discovered and publicized in mid-December.

In April, the Biden administration announced sanctions, including the expulsion of diplomats, in response to SolarWinds and Russian interference in the 2020 US election. Russia has denied wrongdoing.

Jennifer Rodgers, a lecturer at Columbia Law School, said when she was a federal prosecutor in New York, office emails frequently contained sensitive information including case strategy discussions and names of confidential informants.

“I don’t remember ever having someone bring me a document instead of emailing it to me because of security concerns,” she said, noting exceptions for classified materials.

The Administrative Office of US Courts confirmed in January it was also breached, giving the SolarWinds hackers another entry point to steal confidential information like trade secrets, espionage targets, whistleblower reports and arrest warrants.

The list of affected district attorneys included high-profile offices in Los Angeles, Miami, Washington and the eastern district of Virginia. The southern and eastern districts of New York, where large numbers of staff were hit, handle some of the most prominent prosecutions in the country.

“New York is the financial center of the world and those districts are particularly well known for investigating and prosecuting white-collar crimes and other cases, including investigating people close to” Donald Trump, said Bruce Green, a professor at Fordham Law School and a former prosecutor in the southern district.

The DoJ said all victims had been notified and it was working to mitigate “operational, security and privacy risks”. The department said in January it had no indication that any classified systems were affected.

The DoJ did not provide detail about what kind of information was taken and what impact such a hack may have on ongoing cases. Members of Congress have expressed frustration with the Biden administration for not sharing more information about the impact of the SolarWinds campaign.

SolarWinds hackers also gained access to email accounts belonging to the then-acting homeland security secretary, Chad Wolf, and members of cybersecurity staff, whose jobs included hunting threats from foreign countries.

 

[Last Monetarist]

https://www.reuters.com/technology/exclusive-wide-ranging-solarwinds-probe-sparks-fear-corporate-america-2021-09-10/

A U.S. Securities and Exchange Commission investigation into the SolarWinds Russian hacking operation has dozens of corporate executives fearful information unearthed in the expanding probe will expose them to liability, according to six people familiar with the inquiry.

The SEC is asking companies to turn over records into "any other" data breach or ransomware attack dating back to October 2019 if they downloaded a bugged network-management software update from SolarWinds Corp (SWI.N) , which delivers products used across corporate America, according to details of the letters shared with Reuters.

People familiar with the inquiry say the requests may reveal numerous unreported cyber incidents unrelated to the Russian espionage campaign, giving the SEC a rare level of insight into previously unknown incidents that the companies likely never intended to disclose.

"I've never seen anything like this," said a consultant who works with dozens of publicly traded companies that recently received the request. "What companies are concerned about is they don't know how the SEC will use this information. And most companies have had unreported breaches since then." The consultant spoke on condition of anonymity to discuss his experience.

An SEC official said the request's intent was to find other breaches relevant to the SolarWinds incident.

The SEC told companies they would not be penalized if they shared data about the SolarWinds hack voluntarily, but did not offer that amnesty for other compromises.

Cyberattacks have grown in both frequency and impact, prompting deep concern in the White House over the last year. U.S. officials have faulted companies for failing to disclose such events, arguing that it conceals the extent of the problem from shareholders, policymakers and law enforcement looking for the worst offenders.

People familiar with the SEC investigation told Reuters the letters went to hundreds of companies, including many in the technology, finance and energy sectors, thought to be potentially affected by the SolarWinds attacks. That number exceeds the 100 that the Department of Homeland Security said had downloaded the bad SolarWinds software and then had it exploited.

Since last year, only about two dozen firms have been publicly identified as impacted, including Microsoft Corp, Cisco Systems, FireEye Inc and Intel Corp. Of those contacted for this story only Cisco confirmed receiving the SEC letter. A Cisco spokesperson said it has responded to the SEC's request.

Cybersecurity research has also suggested software maker Qualys Inc and oil energy company Chevron Corp were among those targeted in the Russian cyber operation. Both declined to comment on the SEC investigation.

About 18,000 clients of SolarWinds downloaded a hacked version of its software, which the cyber criminals manipulated for potential future access. Yet only a small subset of those customers saw follow-on hacking activity, suggesting the attackers infected far more companies than they ultimately victimized.

The SEC sent letters last month to companies believed to have been affected, following an initial round sent in June, according to six sources who have seen the letters.

The second wave of requests were addressed to recipients at companies from the first round who had not responded. The exact number of recipients is unclear.

The current probe is “unprecedented” in terms of the lack of clarity over the SEC's goal in such a large sweep, said Jina Choi, a partner at Morrison & Foerster LLP and former SEC director who has worked on cybersecurity cases.

Though the SEC issued guidance a decade ago calling for companies to disclose hacks that could be material, then updated that guidance in 2018, most admissions have been vague.

Gary Gensler, who took the helm at the SEC in April, has tasked the agency with issuing new disclosure requirements ranging from cybersecurity to climate risk.

While the hack was first reported by Reuters more than nine months ago, the actual impact of the wide-scale digital spying operation, which U.S. officials say came from a Russian intelligence service, remains largely unknown.

Government officials have shied away from sharing a comprehensive account of what was stolen or what the Russians were after, but described it as traditional government espionage.

Scores of companies have referred to the hacks in SEC filings, but many cite the events only as an example of the sort of intrusion they might one day experience. Most that say they had SolarWinds software installed add that they do not believe their most sensitive data was taken.

John Reed Stark, former head of the SEC’s office of internet enforcement, said “companies will struggle to answer these questions – not just because these are broad, sweeping and all-encompassing requests, but also because the SEC is bound to discover some sort of mistake" in what they've previously disclosed.