HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » Latest Breaking News (Forum) » US cybersecurity agency w...

Thu Dec 17, 2020, 02:03 PM

US cybersecurity agency warns of 'grave' threat from hack

Source: Associated Press

WASHINGTON (AP) — U.S. authorities are expressing increased alarm about an intrusion into computer systems around the globe that officials suspect was carried by Russia.

The cybersecurity unit of the Department of Homeland Security said Thursday that the hack “poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations.”

It was the most detailed comments yet from the Cybersecurity and Infrastructure Agency since reports emerged this weekend that government agencies including the Treasury and Commerce departments were among those whose secure data and email were penetrated by the sophisticated hack.

CISA also warned that it will be difficult to remove the malware inserted through network software. “The agency said that removing this threat actor from compromised environments will be highly complex and challenging for organizations.


Read more: https://hosted.ap.org/article/b3f993fb7bc9390302f0df26ecb6c10e/us-cybersecurity-agency-warns-grave-threat-hack

23 replies, 2362 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 23 replies Author Time Post
Reply US cybersecurity agency warns of 'grave' threat from hack (Original post)
dalton99a Dec 2020 OP
Journeyman Dec 2020 #1
Thekaspervote Dec 2020 #2
rso Dec 2020 #3
Beartracks Dec 2020 #15
Sapient Donkey Dec 2020 #17
rso Dec 2020 #21
Chakaconcarne Dec 2020 #4
Lasher Dec 2020 #10
OneCrazyDiamond Dec 2020 #5
dalton99a Dec 2020 #6
pimpbot Dec 2020 #12
CabalPowered Dec 2020 #14
Sapient Donkey Dec 2020 #18
PSPS Dec 2020 #7
bucolic_frolic Dec 2020 #8
llashram Dec 2020 #9
Sapient Donkey Dec 2020 #19
llashram Dec 2020 #20
Ponietz Dec 2020 #11
ClusterFreak Dec 2020 #13
dalton99a Dec 2020 #16
DeminPennswoods Dec 2020 #22
Aussie105 Dec 2020 #23

Response to dalton99a (Original post)

Thu Dec 17, 2020, 02:08 PM

1. Thank you, Dotard. Who knew, a "businessman" could be a failure? . . .

Reply to this post

Back to top Alert abuse Link here Permalink


Response to dalton99a (Original post)

Thu Dec 17, 2020, 02:09 PM

2. Dotard is too dumb to pass state secrets...so wonder how much of a hand he had in this

Reply to this post

Back to top Alert abuse Link here Permalink


Response to dalton99a (Original post)

Thu Dec 17, 2020, 02:09 PM

3. Cyber

Biden needs to order the NSA and others to launch a sustained and aggressive cyber offensive against Putin and his oligarchs. Donnie has held back our cyber warriors, but a major offensive is the only thing that will discourage Putin from continuing his cyber war.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to rso (Reply #3)

Fri Dec 18, 2020, 12:19 AM

15. Right. If there's no cost, no downside, why would they stop? n/t

Reply to this post

Back to top Alert abuse Link here Permalink


Response to rso (Reply #3)

Fri Dec 18, 2020, 12:52 PM

17. The NSA has access to all sorts of stuff in Russia

The same with China. There's lots of information out there about it these days from people who have been inside these operations. The issue is that if they use it to attack, then they lose that access and they do not get the information. And often times the "benefits" of an attack are short-lived compared to the benefits of the long-term collection of information. Also, an aggressive attack would likely lead to aggressive counter-attacks on our own systems. This thing we're talking about now seems comparable to what the NSA usually does. It wasn't a destructive attack, but rather a quiet one in which they used it to gather information.

What kind of stuff would do you think the US spy agencies should do in return?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Sapient Donkey (Reply #17)

Fri Dec 18, 2020, 07:38 PM

21. NSA

For starters, a Public release of records detailing Putin’s massive financial interests in banks, properties etc., as well as that of his closest oligarchs, assets that were stolen from the Russian people.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to dalton99a (Original post)

Thu Dec 17, 2020, 02:12 PM

4. Worried this will be used to blackmail Biden.

Interesting the timing of the release of this... after Trump just fired the heads of many of these agencies and there's been a mad scramble for pardons.

Did this really happen several months ago?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Chakaconcarne (Reply #4)

Thu Dec 17, 2020, 06:41 PM

10. It's been going on for 6 to 9 months.

And Russians are still in our systems, I believe.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to dalton99a (Original post)

Thu Dec 17, 2020, 02:13 PM

5. I call BS...

Microsoft released their Death Star:
https://www.democraticunderground.com/100214724096

They "reminded the world that it can still muster firepower like no one else as a nearly-overwhelming force for good."

We are totally safe now.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to OneCrazyDiamond (Reply #5)

Thu Dec 17, 2020, 02:31 PM

6. Yep. Already fixed by Microsoft.

Last edited Thu Dec 17, 2020, 03:14 PM - Edit history (1)



Reply to this post

Back to top Alert abuse Link here Permalink


Response to dalton99a (Reply #6)

Thu Dec 17, 2020, 07:35 PM

12. did you even read the whole article?

Microsoft released an update to Windows Defender which will quarantine infected files and alert on the virus signature.

They also used legal means to disable the domains the malware was using for C2 and data exfiltration.

Sure this is a cat and mouse game but the current version of the Russian malware has been smacked down. Of course they've had months to exfil whatever data they were looking for.

You can read the technical details and actions Microsoft is taking here:
https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/

Reply to this post

Back to top Alert abuse Link here Permalink


Response to pimpbot (Reply #12)

Thu Dec 17, 2020, 08:23 PM

14. You're missing the bigger news item here

Since it went undetected for so long, they burrowed deep. There's no way to know if the threat will be completely removed. From the article:

"They may still have access to compromised networks through other means: that’s what incident responders are likely working on now. And there’s no undoing whatever they did while the infiltration went unnoticed for months."

Reply to this post

Back to top Alert abuse Link here Permalink


Response to CabalPowered (Reply #14)

Fri Dec 18, 2020, 12:58 PM

18. Given the number of company's they likely gained access to

there is probably a good chance they may have compromised other vendors' products the same way they got into solarwinds stuff.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to dalton99a (Original post)

Thu Dec 17, 2020, 03:21 PM

7. Glad to hear trump is addressing this serious issue. Oh, wait...

Quoting Pelosi: "With him, all roads lead to Putin."

Reply to this post

Back to top Alert abuse Link here Permalink


Response to dalton99a (Original post)

Thu Dec 17, 2020, 03:36 PM

8. Wow, a log of everything could link it all together

so it would be a kompromat generator.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to dalton99a (Original post)

Thu Dec 17, 2020, 04:11 PM

9. did trump allow this to happen

did his cronies start the destruction of the USA like this instead of poisoning an American political party and their voters? Probably irredeemable damage being done by THE LOSER and his BFF.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to llashram (Reply #9)

Fri Dec 18, 2020, 01:29 PM

19. Ehnn. Hard to fully blame Trump and his administration for this

The discussion of how much of a role the government should play in private entities networks and anything promoting too much control has been shot down from the Reagan admin all the way up to the Obama admin. That's even with the very cyber-aware Bush and Obama admins. The idea being that private industry (and the people) wouldn't tolerate having the government legally controlling their network traffic. I mean, look at the uproar from the questionable programs like PRISM and Stellar Wind.

And looking at the history of the government's EINSTEIN IDS. It seems, even it were politically possible, questionable that a NSA/CISA/Whatever run "Great Firewall of the US" would be as effective as private solutions. I'm not even sure how that would work in practice, but then again, I'm not really an expert in this stuff.

This doesn't absolve Trump of any responsibilities. Outside of forming CISA, I'm willing to bet he didn't take cyber security nearly as seriously as the past two administrations.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Sapient Donkey (Reply #19)

Fri Dec 18, 2020, 05:12 PM

20. whatever on the Einstein

all this has happened on trumps watch. That is fact. I done with this. his watch, his responsibilty. He fired s good cybersecurity director, Dr. Krebs. Nuff said.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to dalton99a (Original post)

Thu Dec 17, 2020, 07:01 PM

11. This is the most important story in the nation

There’s no short term method to even know whether the hackers are still in critical systems. The great United States utterly compromised, humiliated and, to an unknown degree, defenseless because of traitors, racists, and their bumpkin brown shirt acolytes. Compromised traitor Dump eliminated the National Cybersecurity coordinator position in 2018.

https://www.nbcnews.com/politics/white-house/trump-eliminates-job-national-cybersecurity-coordinator-n874511

Reply to this post

Back to top Alert abuse Link here Permalink


Response to dalton99a (Original post)

Thu Dec 17, 2020, 08:16 PM

13. This is the most under-reported story going right now.

Senator Blumenthal described the hack as "an act of war". From the sounds of it, this was a deeply penetrating and broadly tentacled hack in which a treasure trove of super sensitive information was either stolen or compromised in some way. I sure as hell hope our side is preparing or has unleashed a cyberattack commensurate with the one we endured. Commensurate times ten. I find this attack incredibly scary, considering the Putin-friendly administration we have, and especially considering the Vlad-loving pResident we have.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to ClusterFreak (Reply #13)

Fri Dec 18, 2020, 01:51 AM

16. +1. Dick Durbin called it "a declaration of war by Russia on the United States"

Stanford University cybersecurity expert Alex Stamos said there aren’t nearly enough qualified threat hunters globally to scour potentially infected organizations for hidden malware from the operation.

“We are going to be reaping an ‘iron harvest’ of second-stage malware for years from this one,” he tweeted, a reference to unexploded World War II bombs that continue to be found in Europe three-quarters of century later.


Tom Kellermann, cybersecurity strategy chief of the software company VMware, said the hackers are now “omniscient to the operations” of federal agencies they’ve infiltrated “and there is viable concern that they might leverage destructive attacks within these agencies” now that they’ve been discovered.

Among the business sectors scrambling to protect their systems and assess potential theft of information are defense contractors, technology companies and providers of telecommunications and the electric grid.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to dalton99a (Original post)

Fri Dec 18, 2020, 08:16 PM

22. Color me skeptical of these claims

There is so much stuff that either shouldn't be be classified at or is overclassified, it's mind-boggling. There are very few things that need to kept secret and those things shouldn't be sitting around on computers running susceptible to being hacked.

Back in the 90s there was big push to outsource gov't functions at DoD. We were only supposed to keep "core" functions. I remember our union fighting to include IT as a "core" function, but it had pretty much been pre-determined IT wasn't going to meet the definition of "core". Making this type of hack inevitable.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to dalton99a (Original post)

Fri Dec 18, 2020, 09:28 PM

23. Oh, how evil! Oh, wait . . . .STUXNET!

"Stuxnet
Stuxnet is a malicious computer worm, first uncovered in 2010, thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as the "Olympic Games"."

Built to affect the Iranian high speed centrifuges used in uranium enrichment.
Introduced into the Iranian system on a USB stick.

I'm guessing everyone is doing it.
USA, Israel, Russia, China, UK, Australia . . . just snooping and data collection, nothing worse! /sarcasm

But if it's your government, it is ok, when others do it, it's cries of 'How Evil!'

Cleanup on Aisle Cyber needed, no one is safe. Unless you disconnect from the Interwebs, of course.
A lot of big companies - like banks - run their own private networks, completely isolated from the internet, just for this reason.


Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread