As I write this the Winter Solstice has passed. The SolarWindows story just keeps getting bigger. Trump is most likely out buying chains and padlocks to fasten himself to the Resolute Desk so he can hang onto the Presidency. We are staring down the barrel of a new year, just not one that will get better overnight.
January 20th certainly won’t be the last eviction notice Trump gets. He isn’t legally allowed to take up residency at Mar-a-Lago. Some say the more cronies he pardons the fewer places Trump will be allowed to live. Then again, it is highly probably the next years of his life will be spent in prison. Those New York tax fraud investigations have just been nibbling on the fringes until he gets out of office. On January 21st they can run full throttle.
So far two for two of these COVID-19 vaccines have populations that suffer sever allergic reactions. Moderna just started rolling out and has already scored its first severe reaction. In Moderna’s defense it appears to be only those allergic to shell fish for now. At least that is testable. Pfizer had to warn off people with any significant allergy. The current handful of straw being clutched to explain the Pfizer reactions is PEG. Here’s hoping the third vaccine does better or at least doesn’t have PEG.
Debate will rage high for many years to come over exactly when the Russian hackers penetrated SolarWinds. I’ve heard some estimates of months. My gut tells me that is when the hackers first started screwing up or maybe it was just a colossal screw up that could be traced back that far.
I’m not part of the investigation, I’ve just been in IT for over 30 years. Kids, back in the dial-up days used to mess something up right away just to let you know they got in. It was annoying, but most weren’t out to rob you blind. They just got a thrill from being able to crash your box. Why can’t we have those days back?
Today’s hackers are well funded state and organized crime agents. They can be in your system for years. If you are one of those “paperless” companies where it doesn’t require a hard copy form in a physical filing cabinet to get an account, once they get far enough in they can “legitimately” (as far as your processes can tell) create user accounts with access to various systems and data you would really rather keep hidden.
You have to understand, the goal has changed. These aren’t kids out for the thrill of crashing a system, nor are they looking for the fast buck, hacking your system is a long term investment for these groups. They want to stay hidden for years, mining all of your information, using insider knowledge to make money.
This year they got a little brazen. My gut tells me they’ve probably been inside possibly as far back as pre-2016 election. You see, right now all of these reports are focusing on when companies downloaded a software update containing a Trojan Horse. Nobody has spun back the line of thought (at least in media reports) to how long Russia had to have access to put that into motion.
Just ponder things for a moment. An update on a supposedly secure server for a supposedly secure network got pulled down. After that (assuming they didn’t breach the actual development systems and start with both source code and build environment) they reverse engineered enough of the update to add their Trojan Horse without knocking things over. Maybe they are good with a wrapper? To be a true Trojan Horse, it has to be inside the thing, not wrapping it.
All of that took time. We don’t have to be rocket scientist to understand that sequence of events wasn’t a 15-minute task. We may not know how many days/weeks/months/years it actually took, but we can all agree it was longer than 15-minutes.
Where Did They Think This Would End?
Not all that long ago we created Stuxnet. We also created a virus that infected the firmware of hard drives. Honestly, I get really tired of the Syphilis Willie management style of technology. Syphilis Willie never thought past the end of his dick when he was trying to get re-elected spouting the “Information Super Highway” campaign slogan. He created the global village without first creating the global village council and it gave rise to all of the badness on the Internet.
If you want to read a great fictional book about Stuxnet I humbly suggest you read
A Dangerous Element by fellow author Gregory S. Lamb. He did a really good job on that book. Given the actual truth will probably never be released, it’s a better explanation than most are offering.
Honestly though, where did they think this was going to end? They didn’t think! That’s the simple truth of it. We simply have too many people in Washington that don’t think past the end of their dick.
Seriously, the Cyber War eventually has to come to shooting. All of the talking heads on media outlets keep bringing up the fact some of these nations are now nuclear powers. Basically because we didn’t invade Russia like Patton wanted immediately after WWII, well before they got the bomb.
Negotiation could not stop proliferation anymore than the paper a treaty was written on. You have to destroy the capability and financial assets of any country pursuing it. You can’t teach something in college, allowing other nations to send their kids to said colleges, and expect those nations not to use it. Period!
Yet another case of nobody thinking past the end of their dick. They started dabbling in Cyber War thinking Americans wouldn’t sign off on yet another shooting war, given how the Bush wars still aren’t over. Well, here you are now boys and girls. You either put a zillion boots on the ground starting a hot-hot-hot war that will most likely go nuclear if you get close to victory, or you suspend the rules of engagement.
All of those movies and books about wet teams dropping in to cleanse a hacker house or other site, that has to be actual reality now. Not big military operations. This has to be large scale reality and pretty much outside the bounds of existing military agencies. You need freelance for deniability.
Yeah, not thinking past the end of your dick left the world with two options.
- The Wild Wild West
- Nuclear
Maybe that is what they wanted all along? That was the underlying story/theme in Meryl Streep’s Lions for Lambs. The reason the Vietnam war was fought in such a shitty fashion. Having soldiers die repeatedly taking the same hills and not trying to hold and deny territory was to get authorization to use the bomb. If the American people got fed up enough with the body bags of their children they would finally authorize a wholesale glassing of China, Vietnam, and anyone else in the region the military wanted to nuke.
Well, they’ve gone and done it again. Only this time we are getting our asses handed to us. We don’t have a great big stick to hit with because Syphilis Willie didn’t bother to create the Global Village Council.
[…] is another interesting Russian essay you might like and another essay much like this […]
[…] written about security in this blog before. I also have a geek blog because I make my living being a […]
[…] official software updates! Solarwinds should have taught you […]
[…] Russia already has it. When MBAs run Internet companies your data is at complete risk. Read up on SolarWindws some […]