Now we learn the OMFG part of the SolarWinds hack

Two days ago the WashPost gave us the Russiagate 2.0 headlines about the SolarWinds hack.

The Russian government hackers who breached a top cybersecurity firm are behind a global espionage campaign that also compromised the Treasury and Commerce departments and other government agencies, according to people familiar with the matter, who requested anonymity because of the sensitivity of the matter...
SolarWinds said Sunday in a statement that monitoring products it released in March and June of this year may have been surreptitiously weaponized in a “highly-sophisticated, targeted . . . attack by a nation state.”

Did you get that? It was HIGHLY-SOPHISTICATED, so it had to be a NATION STATE, like Russia.
Even if we wanted to explain it to you, it would be too complicated for you to understand.

Bullshit! Nothing about that WashPost article is true, except that SolarWinds was hacked.

No doubt the company claims to take security seriously. But while users are being subjected to password requirements that demand them to utilize most of the alphabet and multiple shift key presses, internal security isn't nearly as restrictive. Here's the "OMFG are you goddamn kidding me" news via Reuters, which first broke the news of the malicious hacking.

Security researcher Vinoth Kumar told Reuters that, last year, he alerted the company that anyone could access SolarWinds’ update server by using the password “solarwinds123”.

All five branches of the military. The NSA. The IRS. The USPS. DHS. The Treasury Department. Nearly every Fortune 500 company. All ten of the top ten telcos. The list goes on and on. And with this access, attackers could move laterally, using compromised credentials to eavesdrop on mutuals of targeted entities. And all of this "secured" by a password so simple an idiot could have created it.

We're fucked.

LMFAO! I could come up with a better password than that half-asleep and with one temporal lobe tied behind my back.
This is what passes for our "experts".

But wait! We aren't finished with OMFG news yet. Although admittedly, this next one is a little less surprising.

In a new wrinkle in the still-unfolding SolarWinds saga, it seems that some of the company’s top investors sold off close to a collective $280 million dollars in stock just days before the news of its role in a far-reaching federal cyberattack became public.

That’s according to a new Washington Post report that specifically calls out two investment firms—Silver Lake and Thoma Bravo—that together own a whopping 70% of all SolarWind’s stock and controlled six of the company’s board seats. The two firms sold off, respectively, $158 million dollars and $128 million dollars in shares on December 7—six days before SolarWinds disclosed that some of its monitoring products were subject to a “highly-sophisticated” attack at the hands of an unnamed nation state.

Interestingly enough, these sales also happened just days before the company’s longterm CEO, Kevin Thompson, announced his resignation after close to 10 years with the company.

Imagine for a moment that the same laws that apply to you, also applied to Wall Street and rich people. Boy, these people would be in deep trouble.
But we don't live in that fair world. We live in a world in which you are told that you must send your life-savings to a place where they suffer zero consequences for breaking the law and stealing from you.

Share
up
39 users have voted.

Comments

Pricknick's picture

Holly shit batman.
I wonder how many times the company's lastpass sytem told them the password was vulnerable?
But as is usual anymore, a missed bowel movement is now blamed on Russia.
And insider trading to boot? If it's connected to anything government, it's legal.
Thanks for the giggles and upset stomach gjohn.
Not to worry though. I have some 1980 elderberry wine that will sooth the latter and increase the first of the two.

up
21 users have voted.

Regardless of the path in life I chose, I realize it's always forward, never straight.

@Pricknick gmail went down yesterday

Google has experienced a ‘catastrophic global failure,’ according to Your Content’s server email provider who told us about the potential cyber terrorist attack.

“Starting at around 4:30PM New York (10:30PM Zurich), Gmail suffered a global outage,” ProtonMail—host of Your Content’s Swiss-based email server revealed.

“A catastrophic failure at Gmail is causing emails sent to Gmail to permanently fail and bounce back. The error message from Gmail is the following:550-5.1.1 The email account that you tried to reach does not exist.

In a related note, Protonmail is currently down today.

Let's not forget just how EVIL Putin is.

up
19 users have voted.
Pricknick's picture

@gjohnsit
Avoid them if at all possible.
Some idiots using smart home systems realized they don't know how to turn on lights anymore if an app doesn't do it for them. No sympathy.
Please read the comments. They go good with a doobie or some wine.
https://www.rt.com/news/509623-smart-home-google-outage/

up
15 users have voted.

Regardless of the path in life I chose, I realize it's always forward, never straight.

enhydra lutris's picture

@gjohnsit

communism and USSR with Russia. Decades of propaganda and programming at work.

be well and have a good one

up
9 users have voted.

That, in its essence, is fascism--ownership of government by an individual, by a group, or by any other controlling private power. -- Franklin D. Roosevelt --

The Liberal Moonbat's picture

up
10 users have voted.

In the Land of the Blind, the One-Eyed Man is declared mentally ill for describing colors.

Yes Virginia, there is a Global Banking Conspiracy!

Granma's picture

Edit

up
1 user has voted.

Wasn't it like 20 or so years back, that vast networks of US govt computers were hacked because the default password like "hello1234" was never reset?
The monolithic bureaucracy that pays people to not think...

up
13 users have voted.

That lazy indifference to simple security goes way back. In the Manhattan Project, Feynman gained a reputation as a safecracker and even set off a security ding. He realized that most people in this hyperhidden supersecure atomicsecrets installation couldn't be bothered to reset the factory combinations on safes. The more things change...

Consolation prize: the US empire is fucked. Rotting rapidly.

up
19 users have voted.
Pricknick's picture

@pindar's revenge
sell by date.

Consolation prize: the US empire is fucked. Rotting rapidly.

Soon to be tossed in the dustbin dumpster.

up
9 users have voted.

Regardless of the path in life I chose, I realize it's always forward, never straight.

@pindar's revenge
also when he was on the California school Book panel. Everyone voted a particular book as best. Feynman said, "My copy is defective, all the pages are blank." The others explained that the publisher didn't get the printing done in time but assured the committee of it's contents. Feynman said he couldn't approve a book without reading it and was never again invited to the panel.
My very favorite was back when New Math was hot. "Only the less than one percent that are going to be professional mathematicians need to know set theory. Everyone else just needs to know how to calculate the right answer." One day my elementary school grandson asked for help with his division homework. Now when I got my B.Sc. in Physics I was only four hours shot of a bachelor's in Mathematics. I couldn;t figure out what the H this grade school textbook was saying. crazy calculations and set talk. I told him,"here. Let me show you how I was taught and my father before me." And proceeded with the traditional method with carets and trial divisors. "Oh, that makes sense, Grandpa!" Teachers! Sorry, Lookout, but most of your colleagues should be fired for malpractice.

up
17 users have voted.

I've seen lots of changes. What doesn't change is people. Same old hairless apes.

lotlizard's picture

@The Voice In the Wilderness  
because the materials involved came from UICSM, which stands for the University of Illinois Committee on School Mathematics (at least one source cites an alternate meaning of the University of Illinois Curriculum Study in Mathematics).

https://americanhistory.si.edu/collections/search/object/nmah_1302593

https://duckduckgo.com/?q=new+math+UICSM+textbooks&ia=web

I didn’t get to take it, being in one of the last cohorts to be taught “old math.” Our algebra teacher was a World War I veteran, a jolly, likeable man who walked with a limp, who referred to our textbook as “Hawkes, Luby, Touton” after the names of the authors.

https://duckduckgo.com/?q=hawkes+luby+touton&ia=web

The geometry teacher for my year also taught Illinois math to other classes, but it seems the UICSM materials for geometry were not yet ready, so we used a conventional geometry textbook. As a bonus assignment he invited certain pupils including me to read The Education of T.C. Mits (T.C. Mits = “The Celebrated Man in the Street”) by Lillian Lieber and the sequel, Mits, Wits, and Logic.

https://www.maa.org/press/maa-reviews/the-education-of-t-c-mits-what-mod...

up
7 users have voted.

@lotlizard
Three generations have learned geometry from that book, plus some of my friends' kids. It's clear and to the point. Textbook writers should realize that the book is for kids not academics. After all, if it was good enough for Euclid and Archimedes...
High school geometry was the only math class my daughter got an A in. She's rather innumerate like her mother. It's not a matter of being "smart". Math is in a whole different brain area from speech and reading. She found my High School Algebra book very useful too, and loved my High School Chemistry book. they wouldn't let her take chemistry. that was "advanced". BTW, my daughter now has a two year degree in Electrical and Electronic Technology. She would have had a straight A average except one course was a B. she said that prof was very misogynistic and was always saying things like "women shouldn't be in this class taking space from men who need to make a living". Yes, she complained but had no documentation.
She is a gifted Python programmer and has built all sort of devices using Raspberry Pi microcomputers.
She used a homebuilt Z80 handheld to cheat in Algebra. Her teacher told me he knew it but didn't call her on it because, "Well she had enough initiative and knowledge to program that computer to find quadratic roots, so I let it slide." I don't even want to know what she did to the phone system with that Commodore 64 and a modem.

Please excuse all typos here. My eyes are particularly bad this morning. Macular degeneration.

up
9 users have voted.

I've seen lots of changes. What doesn't change is people. Same old hairless apes.

lotlizard's picture

@The Voice In the Wilderness

up
2 users have voted.
enhydra lutris's picture

@The Voice In the Wilderness @The Voice In the Wilderness @The Voice In the Wilderness

mind, but I think he was wrong on set theory, depending upon the level of detail. Sure, the outer reaches are quite abstruse, but an introduction to the basics, in addition to, as opposed to instead of regular traditional math instruction is very useful and helpful in a lot of ways. I was part of a group (late fifties) who were taught it in Junior High as part of algebra with some rudimentary math theory and all that and all of us got good mileage out of it all through High School, in multiple subjects, and those I stayed in touch with used it in college too. Strangely enough, I took a grad level poli sci seminar from Wolinsky once as an undegrad, and he used in describing and analyzing the structure of societies and polities. It can help clarify many things.

be well and have a good one

up
8 users have voted.

That, in its essence, is fascism--ownership of government by an individual, by a group, or by any other controlling private power. -- Franklin D. Roosevelt --

@enhydra lutris
Feynman was enamored of this country in the center of Asia. Per his sense of humor, he liked a country whose capital city was basically all buzzing consonants, and he loved Tuvan throat singing. He died just before receiving permission to travel there, as described in "Tuva Or Bust!". My copy is signed by Tuvan throat singers.

Check out alashensemble.com, and look for the movie "Genghis Blues".
https://en.wikipedia.org/wiki/Genghis_Blues
"Genghis Blues is a 1999 American documentary film directed by Roko Belic. It centers on the journey of blind American singer Paul Pena to the isolated Russian Republic of Tuva to pursue his interest in Tuvan throat singing. "

up
1 user has voted.

@The Voice In the Wilderness

The main point I made was there's no magic, just follow the steps and you'll get there. Math anxiety is the enemy. Different brain areas are involved in geometry and algebra (to overgeneralize), some folks are better at one than the other, but if you're patient and don't panic you'll get there.

up
9 users have voted.
lotlizard's picture

@The Voice In the Wilderness  
a procedure that looks a lot like long division.

up
4 users have voted.
snoopydawg's picture

"We just don’t have the votes."

"We still don’t have the votes."

People have fallen for this long enough and they’re seeing through it.

up
18 users have voted.

Which AIPAC/MIC/pharma/bank bought politician are you going to vote for? Don’t be surprised when nothing changes.

@snoopydawg

up
17 users have voted.

I've seen lots of changes. What doesn't change is people. Same old hairless apes.

snoopydawg's picture

@The Voice In the Wilderness

Plus they have been pumping money into the banks to affect the stock market and so they can pay bigger dividends. Really nice gig.

up
15 users have voted.

Which AIPAC/MIC/pharma/bank bought politician are you going to vote for? Don’t be surprised when nothing changes.

Pricknick's picture

@snoopydawg

Really nice gig.

It's a big club and you aren't invited.
This one never dies.
[video:https://youtu.be/Nyvxt1svxso]

up
13 users have voted.

Regardless of the path in life I chose, I realize it's always forward, never straight.

lotlizard's picture

@Pricknick  
especially as a concerted campaign of corporate / Big Tech / Hollywood / academic / Dem party PR?

Would George Carlin have recognized and called out “woke-washing” as also being a big sham? What words would he have used, I wonder?

up
7 users have voted.

@Pricknick
Pure gold.

up
7 users have voted.

I've seen lots of changes. What doesn't change is people. Same old hairless apes.

Dawn's Meta's picture

Welp, it seems they are an IT Security Software Company. Huh? This just gets worse and worse.

up
8 users have voted.

A society grows great when old men plant trees in whose shade they know they shall never sit. Allegedly Greek, but more possibly fairly modern quote.

Consider helping by donating using the button in the upper left hand corner. Thank you.

lotlizard's picture

referring to the firm on their website. After news of the hack broke, of course, any references to SolarWinds were removed.

https://duckduckgo.com/?q=Dominion+SolarWinds+voting+machines&ia=web

This is Dominion’s website, by the way:

https://www.dominionvoting.com/democracy-suite-ems/

Would you buy a used  car  constitutional democracy from these guys?

up
10 users have voted.
Pluto's Republic's picture

The links gjohnsit included were very informative. False flag attacks like this are buried under layers of distractions, and even the most discerning readers give up on critical reasoning very early in the process. Thus they absorb the disinformation that is presented. That was the great national tragedy of •Russia Hoax 2016• which left so many Americans with brain lesions that have since been exploited again and again.

Here, we see a splendid example of this exploit being used, primarily, as a cover for insider trading.

Most readers will be caught in the sticky mucous where certain government agencies claim that their emails were spied on by Russians. A few readers will slide deeper into Solarwinds security software, which did not protect users and may have actually infected them. Fewer still will dig into Solarwinds' internal woes, where it is claimed that hackers weaponized their upgrades in ways too sophisticated to describe. Instead, Solarwinds point to the very same hackers that didn't hack the DNC. (This is where all curiosity ends for most readers, since they were not subsequently informed by the media that those so-called Russian hacks never actually took place.)

But gjohnsit manages to follow the story down into the exploits that did take place at Solarwinds. (I call them 'exploits' because they are too dumb to be considered hacks.) Here we learn that Solarwinds accidentally forgot to properly protect their own company software, so intruders could ride Solarwinds' automatic upgrading supply-chain into the control centers of all their customer's computers, where intruders could linger for a longer look. Solarwinds had a very elite group of customers. The Solarwinds exploiters were selling ride tickets to other exploiters.

But that's still not the reason that Russia was pulled into the crisis. That came about because certain Solarwinds board members and the Solarwinds CEO sold hundreds of millions of dollars worth of stock a few days before the public announcement of the hack was made. It was their insider trading cover-up that required a major distraction. So, Solarwinds pulled the infamous CrowdStrike Maneuver and claimed they were hacked by the Russian Government. That pump was already primed and would provide cover for everyone in the supply chain who needed it.

Back in March 2020, when Congress had an insider-trading free-for-all amounting to hundred of millions of dollars — just days before the pandemic was announced, they didn't need a cover-up. That's because Insider trading is legal in Congress. It's part of the American dream, and Congress is preserving it.

Thanks for documenting this so well.

Parts of my narrative may be off the mark, but I think it covers most of what happened.

up
16 users have voted.

____________________

The political system is what it is because the People are who they are. — Plato

@Pluto's Republic
more like The Three Stooges!

up
7 users have voted.

I've seen lots of changes. What doesn't change is people. Same old hairless apes.

@Pluto's Republic Sorta funny Cozy Bear was blamed. Previously they were part of the Russian Army, but now seemed to be transferred to the Russian foreign spy agency. You know the super duper evil genius group of hackers who left Cyrillic files on the DNC serve. Russiagate is still a booming business segment and grift. Crowdstrike had an IPO last year and their stock price is about $170 now.

up
10 users have voted.
snoopydawg's picture

@Pluto's Republic

which left so many Americans with brain lesions that have since been exploited again and again.

I don' get it. Articles spreading the recent propaganda include the following words:
Alleged
Believe
Unnamed source
Not authorized to say anything

and yet people take the reports verbatim. Or on the Russian bounty story. There was never any evidence shown and the news sites verified other news sites reporting without asking, "Hey, where the hell is the evidence?" Just today there's a diary on what Putin said, but the diarist just interpreted his words to say something else and they everyone went with his opinion.

That pump was already primed and would provide cover for everyone in the supply chain who needed it.

The words are in b&w and yet.....If Israel was substituted for Russia, Bibi for Putin this shit would have never been allowed to start. Brennan once said that Russians are basically predestined to start shit and be unreliable. On CNN. It was worse than that, but I can't remember the wording.

up
7 users have voted.

Which AIPAC/MIC/pharma/bank bought politician are you going to vote for? Don’t be surprised when nothing changes.

@Pluto's Republic They focus more on Fireeye, the complete lack of evidence from the Russia angle.

up
8 users have voted.
Pluto's Republic's picture

@gjohnsit

I am aware of the details that are flawed in my comment. I learned that Fireeye was one of Solarwinds 18,000 clients who received weaponized updates on their network management software. Fireeye is a systems security company and they have been chasing their own brand of phantom Russian hacker that they call "Sandworm." Like CrowdStrike, they see Russians lurking behind many cyberattacks. They recently caught on to some unexplained activity on their own servers, figured out they were infected by Solarwinds, and got in touch with Federal cybersecurity authorities.

I actually wrote about this the night the news broke. The story first appeared midday in the UK published in The Guardian. It was an exclusive leak. The Guardian appears to be a CIA asset, so it's the natural place to drop the preferred narrative about what's going on. Russia was not mentioned by The Guardian and was not part of the story. That wouldn't come for another 6 to 8 hours — after the US woke up and ran with their own versions.

Hackers backed by a foreign government have been monitoring internal email traffic at the US treasury department and an agency that decides internet and telecommunications policy, according to people familiar with the matter.

“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” said national security council spokesman John Ullyot.

There is concern within the US intelligence community that the hackers who targeted the treasury department and the commerce department’s national telecommunications and information administration used a similar tool to break into other government agencies, according to three people briefed on the matter. The people did not say which other agencies.

The hack is so serious it led to a national security council meeting at the White House on Saturday, said one of the people familiar with the matter.

.

I was surprised to see the US Treasury named as a target, but that would go nowhere. The Guardian didn't learn much from their initial informants. But in subsequent days we've learned there are other affected agencies, including the US Department of State, US NTIA, US NIH, DHS-CISA, and the US Department of Homeland Security.

Now, five days later, we find out that the networks of the National Nuclear Security Administration (NNSA) and the US Department of Energy (DOE) may have been under surveillance since March 2020. The NNSA is government agency responsible for maintaining and securing the US nuclear weapons stockpile. Other targets of espionage operations include the Federal Energy Regulatory Commission (FERC), the Office of Secure Transportation, the Richland Field Office of the DOE, and Sandia and Los Alamos national laboratories.

The DOE intrusion is the clearest sign yet that the hackers were able to access the networks belonging to a core part of the U.S. national security enterprise. A DOE spokesperson said that an ongoing investigation into the hack has found that the perpetrators did not get into critical defense systems. The hackers are believed to have gained access to the federal agencies’ networks by compromising the software company SolarWinds, which sells IT management products to hundreds of government and private-sector clients.

CISA, the FBI and the Office of the Director of National Intelligence acknowledged the “ongoing” cybersecurity campaign in a joint statement released on Wednesday, saying that they had only become aware of the incident in recent days. Several top officials from CISA, including its former director Christopher Krebs, have either been pushed out by the Trump administration or resigned in recent weeks.

.

There are many different things all happening at the same time.

I wouldn't call this an attack.

I'd call it an occupation.

I see it as a real-time demonstration of US vulnerabilities at home, while the US is trying to terrorize the world into obedience to its Rule. It's a virtual standoff. What drives this point home is that even if you shut off Solarwinds' automatic updates, these occupiers are not ejected from the systems they occupy. They have built other hidden doorways in and out of these networks and can come or go as they please.

So, what other US invincibles are being occupied and spied on?

Well, here's what we do know: More than 425 of the US Fortune 500 companies are SolarWinds' customers. The top ten US telecom companies use Solarwinds Network Management software. Some of the most important Federal entities and agencies are Solarwinds clients, including the US Military, the Pentagon, the Department of Justice, the State Department, NASA, NSA, Postal Service, NOAA, and the Office of the President of the United States.

This incursion has been underway since March 2020, when the pandemic began in earnest. There appears to be little, if any, malicious activity. No leaks. No sabotage. No threats. No demands. There is simply a watchful "presence" in the machine. It cannot be eradicated without rebuilding the entire digital infrastructure.

At least, that what some people are saying.

up
6 users have voted.

____________________

The political system is what it is because the People are who they are. — Plato
enhydra lutris's picture

"hack" by "state actor" already sounded like utter bullshit, then the pw stupidity, publicly exposed, made it look even worse. Now throw in the insider trading scam and ...

be well and have a good one

up
11 users have voted.

That, in its essence, is fascism--ownership of government by an individual, by a group, or by any other controlling private power. -- Franklin D. Roosevelt --

snoopydawg's picture


Of Course.

This story has been swallowed hook line and sinker by the left. Not one iota of doubt to be seen. Disgustingly sad in my book. If there was an ounce of proof Trump would be out on his ear as would any person who allowed a foreign country to hack its systems. Also just plain disgusted that so many people would crawl into bed with the intelligence agencies whose soul purpose is to lie and deceive us.

up
4 users have voted.

Which AIPAC/MIC/pharma/bank bought politician are you going to vote for? Don’t be surprised when nothing changes.