LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 01-02-2021, 12:25 PM   #1
TorC
Member
 
Registered: Dec 2020
Location: as far S and E as I want to go in the U.S.
Distribution: Miyo, Puppy, Salix
Posts: 78

Rep: Reputation: Disabled
Russian Hack of the US Gov't -- Specific concerns?


Addressed to those who may know more than the average regarding such: what do you see as major potential threats to everyday life of a US citizen by the breach?

Please be as specific as possible -- not just, "National Security," but how it may affect private US citizens, public corporations, educational institutions, and local, state and federal govenmental agencies, to name but a few?

The latest from NY Times --

As Understanding of Russian Hacking Grows, So Does Alarm

My specific concerns center on transportation -- railroad and shipping disruptions -- ultimately affecting agriculture and food supplies and prices. Yours?
 
Old 01-02-2021, 02:26 PM   #2
fatmac
Senior Member
 
Registered: Sep 2011
Location: Upper Hale, Surrey/Hants Border, UK
Posts: 3,977

Rep: Reputation: Disabled
Most essential services are run by computers, think water, electricity, gas, petroleum, basically anything your government may have a hand in, not just your nuclear arsenal.
 
Old 01-02-2021, 02:50 PM   #3
Hermani
Member
 
Registered: Apr 2018
Location: Delden, NL
Distribution: Ubuntu
Posts: 254
Blog Entries: 3

Rep: Reputation: 113Reputation: 113
A few weeks ago the IT system of my municipality was hacked and all data was lost because ransomware was installed and did its bit. ALL information was lost: official records, permits, personal data of all residents, all data regarding social assistance benefits, e-mail, just everything.

They got a clue that something was wrong only when on a Tuesday morning they could not login anymore because all accounts were lost as well.

The mayor had to announce a couple of days later that the situation was "grave" because not only all data was lost, all backups were lost as well because they did not have an isolated backup server (as is mandated). I haven't heard back from my local representative yet and although officially the council denies it I am afraid that they paid at least some of the € 750k that the hackers supposedly asked. Anyway, we will find out in the long run.

The disruption this caused is significant and poses a significant breach in our local community.
 
Old 01-03-2021, 05:58 AM   #4
fatmac
Senior Member
 
Registered: Sep 2011
Location: Upper Hale, Surrey/Hants Border, UK
Posts: 3,977

Rep: Reputation: Disabled
Back ups should be done at least daily, & kept off site for reasons such as this, that is why it is so important that IT infrastructure is not under people who know nothing about it.
 
Old 01-03-2021, 06:30 AM   #5
hazel
LQ Guru
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 5,061
Blog Entries: 14

Rep: Reputation: 2865Reputation: 2865Reputation: 2865Reputation: 2865Reputation: 2865Reputation: 2865Reputation: 2865Reputation: 2865Reputation: 2865Reputation: 2865Reputation: 2865
These criminals (who don't have the skills of real hackers so I won't call them that) only get into servers because the people who run them are idiots. Hermani's story is par for the course.

Do you remember when TalkTalk was hacked and its customers' personal details were stolen? A company spokeswoman was asked at a press conference whether the stolen data was at least encrypted and she didn't know! And that's supposed to be a tech firm.

That btw is why I don't buy stuff online. Even though the channel is encrypted by tls, I don't trust the people at the other end to keep my details safe afterwards.

Last edited by hazel; 01-03-2021 at 06:47 AM.
 
Old 01-03-2021, 06:45 AM   #6
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,363
Blog Entries: 3

Rep: Reputation: 2667Reputation: 2667Reputation: 2667Reputation: 2667Reputation: 2667Reputation: 2667Reputation: 2667Reputation: 2667Reputation: 2667Reputation: 2667Reputation: 2667
Yes, those servers were run by idiots.

Quote:
Originally Posted by Hermani View Post
They got a clue that something was wrong only when on a Tuesday morning they could not login anymore because all accounts were lost as well.
While it is bad that the public was adversely affected by the very bad decisions of others in management, and I feel bad for them, the clues are usually shown months or years in advance. Somewhere in all the paper records there is going to be a trail that leads straight back to the culpable parties who can then be brought to court: those managers who insisted on deploying the M$ products within the production infrastructure.

Computers are serious business and have always neen. It is not a game. So if your main activity is not playing video games, then M$ Windows has no business being on the computers. I can't see any municipalities having the right to claim video games as a core activity to the extent that a strong excuse for M$ product can be rationalized.

From the scope of the damage it sounds like the municipality was tricked into playing Windows on the server end too. If that was the case then the courts, and the public, should not show the slightest mercy to the managers who came up with the idea to try M$ product in production. Had they run FreeBSD or GNU/Linux on the servers they could have had the storage in an OpenZFS array with frequent snapshots. The snapshots would have enabled a roll-back to the last-known-good data set even if the desktops connecting to them got destroyed. Or for that matter, the snapshots would still work even if the latest files on the fileserver got encrypted by the attackers.

The attackers have certainly committed a crime but they did not get away with it alone. They have help on the inside from managers who set up the situation and kept it available for the attackers to exploit. If some managers of a building had blocked the installation of sprinklers and smoke detectors and then piled up storage in front of the fire exits and people died in a fire, there would be prosecution. This is the digital equivalent.
 
Old 01-03-2021, 06:49 AM   #7
hazel
LQ Guru
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 5,061
Blog Entries: 14

Rep: Reputation: 2865Reputation: 2865Reputation: 2865Reputation: 2865Reputation: 2865Reputation: 2865Reputation: 2865Reputation: 2865Reputation: 2865Reputation: 2865Reputation: 2865
Excuse me but how do you know they were using Windows? I don't think Hermani said so.
 
Old 01-03-2021, 06:57 AM   #8
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,363
Blog Entries: 3

Rep: Reputation: 2667Reputation: 2667Reputation: 2667Reputation: 2667Reputation: 2667Reputation: 2667Reputation: 2667Reputation: 2667Reputation: 2667Reputation: 2667Reputation: 2667
Quote:
Originally Posted by hazel View Post
Excuse me but how do you know they were using Windows? I don't think Hermani said so.
The ransomware name was not given by him. However, you have 1) the absence of howling to the heavens in the press about "Linux" and the observation that 2) all previous ransomware has been Windows-based.

In every case of the hundred or so ransomware cases I have read about during the last year or so where the name of the ransomware has been given, it has come down to getting nailed by Windows total cost of ownership. So if more information is given, we can see the name of the malware and read up on which CVEs it depends on.

Too many serious activities depend on reliable computing for a gaming system to be tolerated. If there is a M$ presence in the infrastructure, it is not a technical matter but one of staffing and of management in particular.
 
Old 01-03-2021, 07:10 AM   #9
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 16,643
Blog Entries: 10

Rep: Reputation: 4922Reputation: 4922Reputation: 4922Reputation: 4922Reputation: 4922Reputation: 4922Reputation: 4922Reputation: 4922Reputation: 4922Reputation: 4922Reputation: 4922
Quote:
Originally Posted by hazel View Post
These criminals (who don't have the skills of real hackers so I won't call them that) only get into servers because the people who run them are idiots.
Oh, they are definitely skilled.
Underestimating Russian cyber intelligence like that is dangerously naive.
Thinking that only the Russians do that (of all large, rich and developed countries) is also dangerously naive.

But I don't subscribe to the OP's alarmistic tone either.
 
Old 01-03-2021, 07:46 AM   #10
enorbet
Senior Member
 
Registered: Jun 2003
Location: Virginia
Distribution: Slackware = Main OpSys
Posts: 3,312

Rep: Reputation: 3289Reputation: 3289Reputation: 3289Reputation: 3289Reputation: 3289Reputation: 3289Reputation: 3289Reputation: 3289Reputation: 3289Reputation: 3289Reputation: 3289
Well Turbocapitalist I am very interested in exactly why you seem to think gaming is a critical condition for security or the lack of it. IMHO there are several large attack surfaces provided by Windows but none of them have anything to do with gaming. M$ has tried to improve security by limiting even Admin account privileges, but the simple fact is the Registry is all the eggs in one basket. Get in there and everything is owned. I don't see how games are relevant to that at all.
 
Old 01-03-2021, 07:55 AM   #11
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,363
Blog Entries: 3

Rep: Reputation: 2667Reputation: 2667Reputation: 2667Reputation: 2667Reputation: 2667Reputation: 2667Reputation: 2667Reputation: 2667Reputation: 2667Reputation: 2667Reputation: 2667
Games are not relevant. That is a key point. Windows is a gaming OS and does not belong out in either industry or the public sector.
 
Old 01-03-2021, 07:55 AM   #12
teckk
Senior Member
 
Registered: Oct 2004
Distribution: FreeBSD Arch
Posts: 3,273

Rep: Reputation: 983Reputation: 983Reputation: 983Reputation: 983Reputation: 983Reputation: 983Reputation: 983Reputation: 983
There are 3 ranges of IP's, that whois says are in St Petersburg and Moscow, that have been hitting my firewalls, with port scans and ssh, 24 hours a day, 2 to 3 times a minute, for 4 or 5 months now. There is another one in Nuernburg Germany, that has been doing the same.

"They" are doing their best to map the internet. "They" understand the age that we live in, and want all the info on "us" that they can get.

I don't understand why the ISP's, who have to see those constant packets from the same IP range for months, don't block that range.

I know several people that have most of Russia blocked at the firewalls. That means that all legitimate traffic gets blocked too.
 
Old 01-03-2021, 08:08 AM   #13
teckk
Senior Member
 
Registered: Oct 2004
Distribution: FreeBSD Arch
Posts: 3,273

Rep: Reputation: 983Reputation: 983Reputation: 983Reputation: 983Reputation: 983Reputation: 983Reputation: 983Reputation: 983
This one has been running for months
https://www.abuseipdb.com/check/45.129.33.185

Others
https://www.abuseipdb.com/check/87.251.74.189
https://www.abuseipdb.com/check/194.26.25.124
https://www.abuseipdb.com/check/193.27.228.20
 
Old 01-03-2021, 09:12 AM   #14
TorC
Member
 
Registered: Dec 2020
Location: as far S and E as I want to go in the U.S.
Distribution: Miyo, Puppy, Salix
Posts: 78

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by ondoho View Post
Oh, they are definitely skilled.
. . .
Thinking that only the Russians do that (of all large, rich and developed countries) is also dangerously naive.

But I don't subscribe to the OP's alarmistic tone either.

a) Okay -- the Chinese and who else, in your opinion?
b) The NYT is alarmist? Perhaps. But is the threat real?

+1 @Turbocapitalist re: M$
+1 @teckk for solid info

Last edited by TorC; 01-03-2021 at 09:16 AM. Reason: add kudo
 
Old 01-03-2021, 11:07 AM   #15
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth, unfortunately...
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,628

Rep: Reputation: 1877Reputation: 1877Reputation: 1877Reputation: 1877Reputation: 1877Reputation: 1877Reputation: 1877Reputation: 1877Reputation: 1877Reputation: 1877Reputation: 1877
TorC, you might consider that nearly every country (and every developed country) has something called "intelligence agencies" who don't just use "human intelligence" (HUMINT) to gather intelligence. There is also something called "signals intelligence" (SIGINT), among other forms of intelligence gathering methods.

You really think the NSA bakes cupcakes? No, they gather signals intelligence (SIGINT), the same as the DSD (Australian Signals Directorate) do where I live. The same as the Russians have their intelligence agencies for all of the above. The reality is that they are all in it up to their necks.

Time to step into the real world TorC... free internet? :laughing:
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Raspberry Pi OS Update to hack WiFi Hack LXer Syndicated Linux News 0 08-20-2017 03:12 PM
Hack, hack, hacking away!! cousinlucky General 6 07-09-2015 02:01 PM
How to change the keyboard layout (I have English-Russian set-up, Russian kbd wrong) Wombat Pete Linux - Newbie 20 05-07-2010 12:08 PM
LXer: New russian blog "Digged Linux Articles in Russian" LXer Syndicated Linux News 0 07-31-2007 07:16 AM
Hack Hack anoop_chandran Linux - General 9 12-07-2001 11:38 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 11:33 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration