|
Russian Hack of the US Gov't -- Specific concerns?
Addressed to those who may know more than the average regarding such: what do you see as major potential threats to everyday life of a US citizen by the breach?
Please be as specific as possible -- not just, "National Security," but how it may affect private US citizens, public corporations, educational institutions, and local, state and federal govenmental agencies, to name but a few? The latest from NY Times -- As Understanding of Russian Hacking Grows, So Does Alarm My specific concerns center on transportation -- railroad and shipping disruptions -- ultimately affecting agriculture and food supplies and prices. Yours? |
Most essential services are run by computers, think water, electricity, gas, petroleum, basically anything your government may have a hand in, not just your nuclear arsenal.
|
A few weeks ago the IT system of my municipality was hacked and all data was lost because ransomware was installed and did its bit. ALL information was lost: official records, permits, personal data of all residents, all data regarding social assistance benefits, e-mail, just everything.
They got a clue that something was wrong only when on a Tuesday morning they could not login anymore because all accounts were lost as well. The mayor had to announce a couple of days later that the situation was "grave" because not only all data was lost, all backups were lost as well because they did not have an isolated backup server (as is mandated). I haven't heard back from my local representative yet and although officially the council denies it I am afraid that they paid at least some of the € 750k that the hackers supposedly asked. Anyway, we will find out in the long run. The disruption this caused is significant and poses a significant breach in our local community. |
Back ups should be done at least daily, & kept off site for reasons such as this, that is why it is so important that IT infrastructure is not under people who know nothing about it.
|
These criminals (who don't have the skills of real hackers so I won't call them that) only get into servers because the people who run them are idiots. Hermani's story is par for the course.
Do you remember when TalkTalk was hacked and its customers' personal details were stolen? A company spokeswoman was asked at a press conference whether the stolen data was at least encrypted and she didn't know! And that's supposed to be a tech firm. That btw is why I don't buy stuff online. Even though the channel is encrypted by tls, I don't trust the people at the other end to keep my details safe afterwards. |
Yes, those servers were run by idiots.
Quote:
Computers are serious business and have always neen. It is not a game. So if your main activity is not playing video games, then M$ Windows has no business being on the computers. I can't see any municipalities having the right to claim video games as a core activity to the extent that a strong excuse for M$ product can be rationalized. From the scope of the damage it sounds like the municipality was tricked into playing Windows on the server end too. If that was the case then the courts, and the public, should not show the slightest mercy to the managers who came up with the idea to try M$ product in production. Had they run FreeBSD or GNU/Linux on the servers they could have had the storage in an OpenZFS array with frequent snapshots. The snapshots would have enabled a roll-back to the last-known-good data set even if the desktops connecting to them got destroyed. Or for that matter, the snapshots would still work even if the latest files on the fileserver got encrypted by the attackers. The attackers have certainly committed a crime but they did not get away with it alone. They have help on the inside from managers who set up the situation and kept it available for the attackers to exploit. If some managers of a building had blocked the installation of sprinklers and smoke detectors and then piled up storage in front of the fire exits and people died in a fire, there would be prosecution. This is the digital equivalent. |
Excuse me but how do you know they were using Windows? I don't think Hermani said so.
|
Quote:
In every case of the hundred or so ransomware cases I have read about during the last year or so where the name of the ransomware has been given, it has come down to getting nailed by Windows total cost of ownership. So if more information is given, we can see the name of the malware and read up on which CVEs it depends on. Too many serious activities depend on reliable computing for a gaming system to be tolerated. If there is a M$ presence in the infrastructure, it is not a technical matter but one of staffing and of management in particular. |
Quote:
Underestimating Russian cyber intelligence like that is dangerously naive. Thinking that only the Russians do that (of all large, rich and developed countries) is also dangerously naive. But I don't subscribe to the OP's alarmistic tone either. |
Well Turbocapitalist I am very interested in exactly why you seem to think gaming is a critical condition for security or the lack of it. IMHO there are several large attack surfaces provided by Windows but none of them have anything to do with gaming. M$ has tried to improve security by limiting even Admin account privileges, but the simple fact is the Registry is all the eggs in one basket. Get in there and everything is owned. I don't see how games are relevant to that at all.
|
Games are not relevant. That is a key point. Windows is a gaming OS and does not belong out in either industry or the public sector.
|
There are 3 ranges of IP's, that whois says are in St Petersburg and Moscow, that have been hitting my firewalls, with port scans and ssh, 24 hours a day, 2 to 3 times a minute, for 4 or 5 months now. There is another one in Nuernburg Germany, that has been doing the same.
"They" are doing their best to map the internet. "They" understand the age that we live in, and want all the info on "us" that they can get. I don't understand why the ISP's, who have to see those constant packets from the same IP range for months, don't block that range. I know several people that have most of Russia blocked at the firewalls. That means that all legitimate traffic gets blocked too. |
This one has been running for months
https://www.abuseipdb.com/check/45.129.33.185 Others https://www.abuseipdb.com/check/87.251.74.189 https://www.abuseipdb.com/check/194.26.25.124 https://www.abuseipdb.com/check/193.27.228.20 |
Quote:
a) Okay -- the Chinese and who else, in your opinion? b) The NYT is alarmist? Perhaps. But is the threat real? +1 @Turbocapitalist re: M$ +1 @teckk for solid info |
TorC, you might consider that nearly every country (and every developed country) has something called "intelligence agencies" who don't just use "human intelligence" (HUMINT) to gather intelligence. There is also something called "signals intelligence" (SIGINT), among other forms of intelligence gathering methods.
You really think the NSA bakes cupcakes? No, they gather signals intelligence (SIGINT), the same as the DSD (Australian Signals Directorate) do where I live. The same as the Russians have their intelligence agencies for all of the above. The reality is that they are all in it up to their necks. Time to step into the real world TorC... free internet? :laughing: |
One of the things Snowden revealed was that the NSA routinely spy on their "allies" as well as on their enemies. Anything that goes through an American server. They even hacked Angela Merkel's email!
|
Quote:
They also spy on their own love interests too from what I've read. I mean the love interests of the NSA agents themselves, I believe they call it some thing like LOVEINT or something similar. As in, the NSA themselves do that, not just another country's intelligence agencies. |
Quote:
You're assuming to know where I am coming from and what I do or do not know. How prescient of you, jsbjsb01! Perhaps the 02 version took cues from the 01 version of jsbjsb? Just looking for intelligent replies to add to my ignorance, thank you. Please continue, non-trolls! |
Quote:
It's not hard to know where you come from if you put it in your Location field of your user profile, ie. "Location: Southern Rockies". https://en.wikipedia.org/wiki/Southern_Rocky_Mountains BTW, exactly where was I wrong in what I said before ? PS: At least you admit that you're "ignorant", I'll give you that. |
Quote:
|
Quote:
Turbocapitalist probably meant that he can't think of any other reason why someone should install Windows on any computer, so why put it on a server? |
Quote:
The one responsible is our mayor so any responsability will be a political thing. There sure is blame, the local council is mandated to have an isolated and adequate backup - and they did not have that. Would they have had it, we would only have had some message about "a small interruption of service". Right now our mayor is nominated as "best governmental administrator of 2020" - I doubt whether she would accept it :rolleyes: And they did not make it too difficult for the attackers. They did have remote access but from what I heard from two councilors it wasn't secured with two-factor authentication. I guess one keylogger on a strategic place would definitely provide quick access to the whole system. And I really don't get it. Even at home I have an isolated backup server. |
I know there are lot of good coders and software developers in Russia. Not only troll factory. They work for company, but also for government. Cyber spying. I think the same as in USA.
It is a problem but maybe Russia dont want to destroy USA, and USA dont want to destroy Russia. |
Quote:
Quote:
And I looked at the article. It seems mostly concerned with how badly US government network intrusion detection failed - probably as a result of 4 years of incompetence governing - and how they need to fix it. Voicing "specific concerns (...) on transportation -- railroad and shipping disruptions -- ultimately affecting agriculture and food supplies and prices" means letting your emotions & fantasy run lose with the facts offered by the article. ... OK, part of that article is alarmist. I don't like how this paragraph is phrased: Quote:
|
Quote:
|
Quote:
The reason that Windows still holds somewhere in the vicinity of 90% of Desktop users is it's appliance nature. Users don't have to be bothered by those pesky nuts 'n bolts, and the support and applications that MS maneuvered into being all but essential like MS Office and of course a sprinkling of killing off most of their rivals. AFAIK almost all motor vehicles of the masses come with radios or some sort of music playing system and calling Windows "a gaming os" is as meaningless, in my mind, as saying Volkswagon is a music vehicle and for that reason unworthy of being called a serious automobile. Furthermore I find the reference using gaming as trivial biased and mistaken. Games are used in medicine to train micro surgeons and by the military to train soldiers brains in strategy and teamwork as well as in equipment tutorials just to mention a few serious applications. Perhaps most importantly Gaming is the main reason by far that your PC, all our PCs, are as powerful and cheap as they presently are. Nothing else has even come close to providing the impetus and money fueling hardware and software development that games have. This is indisputable. It's History. So I see naming Windows "a gaming os" just wrong on several levels. One might just as well call it or any OS a "Chat OS" at least back in the day of AOL. There are Drivers and there are Mechanics with some overlap but the vast majority of Drivers are not also Mechanics. A similar pattern is the reason for Windows. I happen to agree that it is at least a bit careless to use an OpSys that has always been plagued by real security issues and while some improved still is that way, in Mission Critical situations but it is not because of gaming. Hazel, in another thread you and I both pay some attention to, the Faith and Religion thread, there are several non-believers and non-Christians who blame Christianity or even Religion as a whole for past violence like the Inquisition and Honor Killing. I think that is mistaken, that Religion has sometimes provided false justification for People who would have been violent and intolerant regardless but the Prime Mover is the people so inclined, not their beliefs they use as justification. They would've found something to justify such horrid behaviour just as the Nazis and others used "survival of the fittest" as justification for genocide. That genocide and mass murder has existed since time immemorial is at the core, not belief systems adopting dogma that can be promoted or twisted as support for such a nature. To focus on the possibly apparent commonality is like curing the symptom instead of the cause. |
Quote:
I won't say more about it, not to take this thread OT. But if you or anyone want to continue the discussion, let's do it elsewhere - separate topic, or maybe here. |
Quote:
Quote:
As for the SolarWinds crack, that just goes in the file of case studies for why proprietary software is unsuitable for both the public and private sectors. The presence of M$ is not a technical problem, it is merely a symptom of staffing problems. The attribution of an attack to any particular government is merely a distraction from the need to eliminate the staff who have pushed M$ products into critical infrastructure, and the managers which put them up to it. |
Turbocapitalist, last year MS revenues hit an all-time high of just shy of 150 TRILLION US DOLLARS! (what's a measly $7 trillion ;) ;) ?)... in one year. Take a moment and let that really sink in. That is immensely powerful, beyond comprehension really. There are 213 global nations and Microsoft, one corporation, had greater revenue in one year than over 175 of those entire nations.
What percentage of that do you suppose was Games vs/ Office? Remember, MS wisely (and ruthlessly) pursued getting Word, Excel, etc. the required standard in schools as low as Elementary School. We have to "give the Devil his due" or we risk underestimating the enemy. Even if I misunderstand your conclusions, such claims that single out any one aspect like games, run exactly that risk. Windows and Microsoft is far more than just Games and I seriously think you should reconsider. Just because who you've talked to or read about claims games are the reason is anecdotal at best and "has blinders on" toward the true scale that MS operates on. |
Bill Gates always said that his aim was a computer on every desktop and Windows running on all of them!
|
I think that you have some zeros in the wrong place.
https://www.macrotrends.net/stocks/c...t/gross-profit https://www.microsoft.com/investor/r...r19/index.html https://finance.yahoo.com/quote/MSFT...DkUUM12fvAuS11 |
Quote:
|
Quote:
Of course there is also the fact that every computer you buy on the high street has Windows on it. Most people have never used anything else. It's a bit like the qwerty keyboard, which was invented originally to slow down typing so that the typewriter keys didn't get entangled. Now it's just a pain but nobody can use anything else because no one has any idea where the keys are if they're not where qwerty puts them. |
The annual revenue was "only" $147.114B for 2020, with their fiscal year ending 2020, if one accepts Enron-style accounting. Their OEM monopoly is slipping and so is their monopoly on productivity suite formats, to the point that they've probably lost their main money-maker, the monopoly rents on the two. They've moved much of their activities under the wing of Azure and yet have had several rounds of mass-firings last year with thousands of jobs with Azure getting the axe with each round. They also got a $2.4B handout this last summer from the US government, which might be the only real money they have.
However, you are right that one should not underestimate them. I would add to that the importance of not underestimating both the cult-like nature of the beast as well as the espionage potential that so many governments, big and small, cling to. Some would say that latter point is what has kept them afloat the last decade or two. My complaint about Windows being a (rather poor) game system is that gaming is the only possible excuse for keeping such a system around. As most businesses and agencies do not play games, therefore there is zero rationale for keeping Windows around. As we see in the Netherlands' example mentioned a few posts earlier, those responsible for pushing M$ products into any public or private infrastructure did so on purpose and need to be brought to trial. One risk with the SolarWinds exploit mentioned in the OP is that M$ gets away with trying further to be presented as both critical infrastructure and as synonmous with computing. It is neither and it is costing all of us any time it gets pushed into production and connected to the net, especially as it tries to keep one foot in the server market. |
Quote:
If it weren't for windows, and how it does everything but click the icon, the US would probably have to let go 60-70% of all office workers. That may be rude but it is also fact. Some of those windows users could be made to learn what an IP address and route is, what html is, make a simple script to get thing done, how to edit a pdf, etc, without microsoft doing it for them. But most are too thick. You would have to fire them. If your country is better, I am glad for you. Plus, it comes on the machine from the factory. And a whole lot of MCSE's. They go to school for that. |
Quote:
The input screen was all boxes (something like ncurses I suppose) and they typed into them. No problem there. But how did they learn to launch the input program? Simple. I told them that the computer had the equivalent of a switchboard operator. It was called the operating system. When you first logged in, you were talking to this operator and you gave the name of the program you wanted to talk to, just as you would when you rang up a company and got the switchboard. And you would be put through. Maybe clericals in the US are dumber than our English ones. |
Quote:
However, the part about bullshit jobs is an important point. M$ Windows is for empire builders who get off on head counts rather than getting products or services to market. The presence of M$ products in place of an infrastructure is also a key enabler of bullshit jobs. M$ is not about getting anything done, rather the opposite, and it spreads like a stain through businesses and agencies as staff who are evaluated on results are displaced by those who are evaluated on keeping a chair warm. Incidents like the SolarWinds crack are just a side effect. |
Quote:
|
Quote:
If they would not have kept this easy, maybe all China would now be running Red Flag Linux. |
Quote:
Gates shed some light on his own hard-nosed business philosophy. "Although about 3 million computers get sold every year in China, but people don't pay for the software," he said. "Someday they will, though. As long as they are going to steal it, we want them to steal ours. They'll get sort of addicted, and then we'll somehow figure out how to collect sometime in the next decade."Thus their priority has been to promote "piracy" as means to inhibit an actual competition. Quote:
|
Quote:
|
Quote:
On the original topic, security researchers Bruce Schneier and Brian Krebs both have a number of blog articles on the subject, though neither of them is listing specific concerns. |
Russia is always good to unite Americans as common enemy. China is not such good. There are diversities. Biden promised "to heal nation" - seems one of ways of healing is rather traditional - to make Russia nation-wide enemy. I don't believe all this hacking at percentage was such disastrous as presented in USA media - due to Putin sarcastic congratulations to Russia intelligence - hey guys keep going good work. In really serious matter Putin keeps himself quiet. It is all laugh. Something like: look Americans are just idiots.
|
". . . Americans are just idiots" ?
Quote:
Please clarity, if you would. |
Quote:
https://m.youtube.com/watch?v=r9g0EYIUfX4 https://m.youtube.com/watch?v=6CdfsCz1oKo https://m.youtube.com/watch?v=2-Be9f7Ovgg |
Quote:
|
Igadoter is not calling anyone idiots.
I recommend re-reading the whole post and not isolating words from their context. |
@boughtonp is correct in that it seems @igadoter was trying to quote Putin in saying this/implying this/expressing this with body language -- a sentiment he, Putin, holds towards Americans, in general.
Okay LQers -- you're free to criticize Putin here should you think his feelings unwarranted. Tell us why they may be unwarrranted, please! |
Quote:
There is also a reason why the NSA doesn't report all security related flaws it finds in M$ Windows to M$, and they've admitted this publicly themselves - they save the best flaws for themselves and don't report them to M$ to be fixed. I'll give you 10 points if you can guess why they don't... It's also not just by chance that the Chinese target M$ Windows when they hack my country's government networks (and NGO's for that matter), and it's because that's the very system the government and most NGO's here use. Can you therefore guess why they don't generally target Linux or some other *nix based system? Hint: I just told you the reason. In all fairness, and as much as I dislike the poster who made post #9, the following quote is spot on: Quote:
|
Quote:
This is how I have always thought. My Father who fought in The Battle of the Bulge in WWII used to complain about things he didn't like saying "I fought for this country and this is what it's become?". He would use this even to complain about things like anti-racism and anti-war protests during the 60s and 70s. I would ask him how he defined "country" that he defended. What did he imagine "his country" was? Was it the land? the people, and if so which people were included and which excluded? or was it the laws and ideals that it's government aspired to? I always contended that it was the ideals aspired to and that the balance between diversity of people was in fact the lifeblood of those ideals in free country. Every living person I've ever known considers themselves basically honest even though every living person I've ever met lies sometimes, even if it's just "itty bitty white ones" in their estimation. That doesn't imply Honesty is not a worthy ideal. The reality is, in my mind, "Where do you draw the line?" Under what conditions is lying acceptable? Do you actually have Overriding Principles or just wing it on whim? In any case I am of the opinion that any infringement or limitation on Free Speech should be considered with the utmost concern as it is extremely dangerous and usually counterproductive to allow slippery precedents in the area of ideas. I am also alarmed that what almost everyone considers The Internet is in fact a "Walled Garden" on a scale AOL only imagined in a fever dream. However I am also of the opinion that much of this is because Computers are so new, and STILL extremely underestimated as to their impact on ALL humankind no matter what national borders you reside within. TLDR - I don't think Russians (or any other large group of people) are evil, backwards, or stupid. I don't think the US is a Camelot full of people superior in morals, intellect, or character and I'm confidant there are those in US Govt. that daily work at exactly the sort of hacks recently exposed as originating with some Russians. It's literally business as usual. |
| All times are GMT -5. The time now is 08:46 AM. |