Russian Hack of the US Gov't -- Specific concerns?
GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Location: as far S and E as I want to go in the U.S.
Distribution: Fossapup64
Posts: 224
Rep:
Russian Hack of the US Gov't -- Specific concerns?
Addressed to those who may know more than the average regarding such: what do you see as major potential threats to everyday life of a US citizen by the breach?
Please be as specific as possible -- not just, "National Security," but how it may affect private US citizens, public corporations, educational institutions, and local, state and federal govenmental agencies, to name but a few?
My specific concerns center on transportation -- railroad and shipping disruptions -- ultimately affecting agriculture and food supplies and prices. Yours?
Distribution: Mainly Devuan, antiX, & Void, with Tiny Core, Fatdog, & BSD thrown in.
Posts: 5,493
Rep:
Most essential services are run by computers, think water, electricity, gas, petroleum, basically anything your government may have a hand in, not just your nuclear arsenal.
A few weeks ago the IT system of my municipality was hacked and all data was lost because ransomware was installed and did its bit. ALL information was lost: official records, permits, personal data of all residents, all data regarding social assistance benefits, e-mail, just everything.
They got a clue that something was wrong only when on a Tuesday morning they could not login anymore because all accounts were lost as well.
The mayor had to announce a couple of days later that the situation was "grave" because not only all data was lost, all backups were lost as well because they did not have an isolated backup server (as is mandated). I haven't heard back from my local representative yet and although officially the council denies it I am afraid that they paid at least some of the € 750k that the hackers supposedly asked. Anyway, we will find out in the long run.
The disruption this caused is significant and poses a significant breach in our local community.
Distribution: Mainly Devuan, antiX, & Void, with Tiny Core, Fatdog, & BSD thrown in.
Posts: 5,493
Rep:
Back ups should be done at least daily, & kept off site for reasons such as this, that is why it is so important that IT infrastructure is not under people who know nothing about it.
These criminals (who don't have the skills of real hackers so I won't call them that) only get into servers because the people who run them are idiots. Hermani's story is par for the course.
Do you remember when TalkTalk was hacked and its customers' personal details were stolen? A company spokeswoman was asked at a press conference whether the stolen data was at least encrypted and she didn't know! And that's supposed to be a tech firm.
That btw is why I don't buy stuff online. Even though the channel is encrypted by tls, I don't trust the people at the other end to keep my details safe afterwards.
They got a clue that something was wrong only when on a Tuesday morning they could not login anymore because all accounts were lost as well.
While it is bad that the public was adversely affected by the very bad decisions of others in management, and I feel bad for them, the clues are usually shown months or years in advance. Somewhere in all the paper records there is going to be a trail that leads straight back to the culpable parties who can then be brought to court: those managers who insisted on deploying the M$ products within the production infrastructure.
Computers are serious business and have always neen. It is not a game. So if your main activity is not playing video games, then M$ Windows has no business being on the computers. I can't see any municipalities having the right to claim video games as a core activity to the extent that a strong excuse for M$ product can be rationalized.
From the scope of the damage it sounds like the municipality was tricked into playing Windows on the server end too. If that was the case then the courts, and the public, should not show the slightest mercy to the managers who came up with the idea to try M$ product in production. Had they run FreeBSD or GNU/Linux on the servers they could have had the storage in an OpenZFS array with frequent snapshots. The snapshots would have enabled a roll-back to the last-known-good data set even if the desktops connecting to them got destroyed. Or for that matter, the snapshots would still work even if the latest files on the fileserver got encrypted by the attackers.
The attackers have certainly committed a crime but they did not get away with it alone. They have help on the inside from managers who set up the situation and kept it available for the attackers to exploit. If some managers of a building had blocked the installation of sprinklers and smoke detectors and then piled up storage in front of the fire exits and people died in a fire, there would be prosecution. This is the digital equivalent.
Excuse me but how do you know they were using Windows? I don't think Hermani said so.
The ransomware name was not given by him. However, you have 1) the absence of howling to the heavens in the press about "Linux" and the observation that 2) all previous ransomware has been Windows-based.
In every case of the hundred or so ransomware cases I have read about during the last year or so where the name of the ransomware has been given, it has come down to getting nailed by Windows total cost of ownership. So if more information is given, we can see the name of the malware and read up on which CVEs it depends on.
Too many serious activities depend on reliable computing for a gaming system to be tolerated. If there is a M$ presence in the infrastructure, it is not a technical matter but one of staffing and of management in particular.
These criminals (who don't have the skills of real hackers so I won't call them that) only get into servers because the people who run them are idiots.
Oh, they are definitely skilled.
Underestimating Russian cyber intelligence like that is dangerously naive.
Thinking that only the Russians do that (of all large, rich and developed countries) is also dangerously naive.
But I don't subscribe to the OP's alarmistic tone either.
Well Turbocapitalist I am very interested in exactly why you seem to think gaming is a critical condition for security or the lack of it. IMHO there are several large attack surfaces provided by Windows but none of them have anything to do with gaming. M$ has tried to improve security by limiting even Admin account privileges, but the simple fact is the Registry is all the eggs in one basket. Get in there and everything is owned. I don't see how games are relevant to that at all.
There are 3 ranges of IP's, that whois says are in St Petersburg and Moscow, that have been hitting my firewalls, with port scans and ssh, 24 hours a day, 2 to 3 times a minute, for 4 or 5 months now. There is another one in Nuernburg Germany, that has been doing the same.
"They" are doing their best to map the internet. "They" understand the age that we live in, and want all the info on "us" that they can get.
I don't understand why the ISP's, who have to see those constant packets from the same IP range for months, don't block that range.
I know several people that have most of Russia blocked at the firewalls. That means that all legitimate traffic gets blocked too.
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,881
Rep:
TorC, you might consider that nearly every country (and every developed country) has something called "intelligence agencies" who don't just use "human intelligence" (HUMINT) to gather intelligence. There is also something called "signals intelligence" (SIGINT), among other forms of intelligence gathering methods.
You really think the NSA bakes cupcakes? No, they gather signals intelligence (SIGINT), the same as the DSD (Australian Signals Directorate) do where I live. The same as the Russians have their intelligence agencies for all of the above. The reality is that they are all in it up to their necks.
Time to step into the real world TorC... free internet? :laughing:
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.