LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   General (https://www.linuxquestions.org/questions/general-10/)
-   -   Russian Hack of the US Gov't -- Specific concerns? (https://www.linuxquestions.org/questions/general-10/russian-hack-of-the-us-govt-specific-concerns-4175687880/)

TorC 01-02-2021 11:25 AM

Russian Hack of the US Gov't -- Specific concerns?
 
Addressed to those who may know more than the average regarding such: what do you see as major potential threats to everyday life of a US citizen by the breach?

Please be as specific as possible -- not just, "National Security," but how it may affect private US citizens, public corporations, educational institutions, and local, state and federal govenmental agencies, to name but a few?

The latest from NY Times --

As Understanding of Russian Hacking Grows, So Does Alarm

My specific concerns center on transportation -- railroad and shipping disruptions -- ultimately affecting agriculture and food supplies and prices. Yours?

fatmac 01-02-2021 01:26 PM

Most essential services are run by computers, think water, electricity, gas, petroleum, basically anything your government may have a hand in, not just your nuclear arsenal.

Hermani 01-02-2021 01:50 PM

A few weeks ago the IT system of my municipality was hacked and all data was lost because ransomware was installed and did its bit. ALL information was lost: official records, permits, personal data of all residents, all data regarding social assistance benefits, e-mail, just everything.

They got a clue that something was wrong only when on a Tuesday morning they could not login anymore because all accounts were lost as well.

The mayor had to announce a couple of days later that the situation was "grave" because not only all data was lost, all backups were lost as well because they did not have an isolated backup server (as is mandated). I haven't heard back from my local representative yet and although officially the council denies it I am afraid that they paid at least some of the € 750k that the hackers supposedly asked. Anyway, we will find out in the long run.

The disruption this caused is significant and poses a significant breach in our local community.

fatmac 01-03-2021 04:58 AM

Back ups should be done at least daily, & kept off site for reasons such as this, that is why it is so important that IT infrastructure is not under people who know nothing about it.

hazel 01-03-2021 05:30 AM

These criminals (who don't have the skills of real hackers so I won't call them that) only get into servers because the people who run them are idiots. Hermani's story is par for the course.

Do you remember when TalkTalk was hacked and its customers' personal details were stolen? A company spokeswoman was asked at a press conference whether the stolen data was at least encrypted and she didn't know! And that's supposed to be a tech firm.

That btw is why I don't buy stuff online. Even though the channel is encrypted by tls, I don't trust the people at the other end to keep my details safe afterwards.

Turbocapitalist 01-03-2021 05:45 AM

Yes, those servers were run by idiots.

Quote:

Originally Posted by Hermani (Post 6203101)
They got a clue that something was wrong only when on a Tuesday morning they could not login anymore because all accounts were lost as well.

While it is bad that the public was adversely affected by the very bad decisions of others in management, and I feel bad for them, the clues are usually shown months or years in advance. Somewhere in all the paper records there is going to be a trail that leads straight back to the culpable parties who can then be brought to court: those managers who insisted on deploying the M$ products within the production infrastructure.

Computers are serious business and have always neen. It is not a game. So if your main activity is not playing video games, then M$ Windows has no business being on the computers. I can't see any municipalities having the right to claim video games as a core activity to the extent that a strong excuse for M$ product can be rationalized.

From the scope of the damage it sounds like the municipality was tricked into playing Windows on the server end too. If that was the case then the courts, and the public, should not show the slightest mercy to the managers who came up with the idea to try M$ product in production. Had they run FreeBSD or GNU/Linux on the servers they could have had the storage in an OpenZFS array with frequent snapshots. The snapshots would have enabled a roll-back to the last-known-good data set even if the desktops connecting to them got destroyed. Or for that matter, the snapshots would still work even if the latest files on the fileserver got encrypted by the attackers.

The attackers have certainly committed a crime but they did not get away with it alone. They have help on the inside from managers who set up the situation and kept it available for the attackers to exploit. If some managers of a building had blocked the installation of sprinklers and smoke detectors and then piled up storage in front of the fire exits and people died in a fire, there would be prosecution. This is the digital equivalent.

hazel 01-03-2021 05:49 AM

Excuse me but how do you know they were using Windows? I don't think Hermani said so.

Turbocapitalist 01-03-2021 05:57 AM

Quote:

Originally Posted by hazel (Post 6203365)
Excuse me but how do you know they were using Windows? I don't think Hermani said so.

The ransomware name was not given by him. However, you have 1) the absence of howling to the heavens in the press about "Linux" and the observation that 2) all previous ransomware has been Windows-based.

In every case of the hundred or so ransomware cases I have read about during the last year or so where the name of the ransomware has been given, it has come down to getting nailed by Windows total cost of ownership. So if more information is given, we can see the name of the malware and read up on which CVEs it depends on.

Too many serious activities depend on reliable computing for a gaming system to be tolerated. If there is a M$ presence in the infrastructure, it is not a technical matter but one of staffing and of management in particular.

ondoho 01-03-2021 06:10 AM

Quote:

Originally Posted by hazel (Post 6203358)
These criminals (who don't have the skills of real hackers so I won't call them that) only get into servers because the people who run them are idiots.

Oh, they are definitely skilled.
Underestimating Russian cyber intelligence like that is dangerously naive.
Thinking that only the Russians do that (of all large, rich and developed countries) is also dangerously naive.

But I don't subscribe to the OP's alarmistic tone either.

enorbet 01-03-2021 06:46 AM

Well Turbocapitalist I am very interested in exactly why you seem to think gaming is a critical condition for security or the lack of it. IMHO there are several large attack surfaces provided by Windows but none of them have anything to do with gaming. M$ has tried to improve security by limiting even Admin account privileges, but the simple fact is the Registry is all the eggs in one basket. Get in there and everything is owned. I don't see how games are relevant to that at all.

Turbocapitalist 01-03-2021 06:55 AM

Games are not relevant. That is a key point. Windows is a gaming OS and does not belong out in either industry or the public sector.

teckk 01-03-2021 06:55 AM

There are 3 ranges of IP's, that whois says are in St Petersburg and Moscow, that have been hitting my firewalls, with port scans and ssh, 24 hours a day, 2 to 3 times a minute, for 4 or 5 months now. There is another one in Nuernburg Germany, that has been doing the same.

"They" are doing their best to map the internet. "They" understand the age that we live in, and want all the info on "us" that they can get.

I don't understand why the ISP's, who have to see those constant packets from the same IP range for months, don't block that range.

I know several people that have most of Russia blocked at the firewalls. That means that all legitimate traffic gets blocked too.

teckk 01-03-2021 07:08 AM

This one has been running for months
https://www.abuseipdb.com/check/45.129.33.185

Others
https://www.abuseipdb.com/check/87.251.74.189
https://www.abuseipdb.com/check/194.26.25.124
https://www.abuseipdb.com/check/193.27.228.20

TorC 01-03-2021 08:12 AM

Quote:

Originally Posted by ondoho (Post 6203373)
Oh, they are definitely skilled.
. . .
Thinking that only the Russians do that (of all large, rich and developed countries) is also dangerously naive.

But I don't subscribe to the OP's alarmistic tone either.


a) Okay -- the Chinese and who else, in your opinion?
b) The NYT is alarmist? Perhaps. But is the threat real?

+1 @Turbocapitalist re: M$
+1 @teckk for solid info

jsbjsb001 01-03-2021 10:07 AM

TorC, you might consider that nearly every country (and every developed country) has something called "intelligence agencies" who don't just use "human intelligence" (HUMINT) to gather intelligence. There is also something called "signals intelligence" (SIGINT), among other forms of intelligence gathering methods.

You really think the NSA bakes cupcakes? No, they gather signals intelligence (SIGINT), the same as the DSD (Australian Signals Directorate) do where I live. The same as the Russians have their intelligence agencies for all of the above. The reality is that they are all in it up to their necks.

Time to step into the real world TorC... free internet? :laughing:


All times are GMT -5. The time now is 10:47 AM.