# US hacked December 2020



## OceanBonfire (18 Dec 2020)

The US just got hacked and it's the worst hack in history. Trump is doing nothing to date and hasn't been doing his job for months and looks very likely to leave this mess to Biden:



> Federal authorities are expressing increased alarm about a long-undetected intrusion into U.S. and other computer systems around the globe that officials suspect was carried out by Russian hackers. The nation’s cybersecurity agency warned of a “grave” risk to government and private networks.
> 
> The hack compromised federal agencies and “critical infrastructure” in a sophisticated attack that was hard to detect and will be difficult to undo, the Cybersecurity and Infrastructure Security Agency said in an unusual warning message Thursday. The Department of Energy acknowledged it was among those that had been hacked.
> 
> ...


----------



## Bruce Monkhouse (18 Dec 2020)

Didn't know he was the Govt cyber expert .....you could actually post about something else once in a while, hey, maybe even read the forum instead of a post and run.


----------



## brihard (18 Dec 2020)

Bruce Monkhouse said:
			
		

> Didn't know he was the Govt cyber expert .....you could actually post about something else once in a while, hey, maybe even read the forum instead of a post and run.



Your attack on him is out of line and uncalled for, especially coming from a member of the page staff. That kind of reply is exactly the sort of thing you or other DS would shut the rest of us down for were we to introduce it into a discussion.

Incidentally, in the past couple weeks he's also been active in posting about the C20 sniper system, the invitation to the Chinese to train on our bases, domestic terrorism/extremism, and the acquisition and distribution of vaccines. Yes, he has also posted on US political subjects, and there are political themes or tones in some of his other posts, but that's not against any rules and it hasn't been the dominant theme of his posting, especially not in the past few weeks. Some members post long personal analyses and opinions. Some mostly share articles or analyses from others that they think may be of others. It's not against the rules and at least one member of the DS largely posts the same way, so it certainly seems accepted.

I'm not sure why you think it's necessary or appropriate to be blasting him like that, but it isn't.


----------



## Bruce Monkhouse (18 Dec 2020)

You're right...I'll eat it.
Sorry folks.


----------



## Jarnhamar (18 Dec 2020)

OceanBonfire said:
			
		

> The US just got hacked and it's the worst hack in history. *Trump is doing nothing *to date and hasn't been doing his job for months and looks very likely to leave this mess to Biden:



What should Trump have done/what should he do?


----------



## Mike Bobbitt (18 Dec 2020)

I’d like to say “not fire his experienced head of CISA” but this attack was initiated months ago, while Kerbs was in office. Honestly not sure anything reasonable could have deterred this, short of unshackling cyber operations from legal constraints - not where we want to go though.


----------



## Remius (18 Dec 2020)

Since %u201CTrump%u201D is taboo for some, let%u2019s just discuss what the leader of any country should be doing in situations like this.

Public denouncement would be good.  Diplomatic pressure overt and behind the scenes.  Call in the ambassador.  Etc etc. Reassuring your domestic audience.  Then let your experts do their jobs.  

But, these types of hacking events are relatively new in the global conflict/competition. 

Should these be viewed as acts of war?  Or a new tool in the world global influencing.  I don%u2019t know.  But I am sure the US is doing it too.


----------



## brihard (18 Dec 2020)

Bruce Monkhouse said:
			
		

> You're right...I'll eat it.
> Sorry folks.



Credit to you for that. Thanks Bruce.


----------



## brihard (18 Dec 2020)

Remius said:
			
		

> Since %u201CTrump%u201D is taboo for some, let%u2019s just discuss what the leader of any country should be doing in situations like this.
> 
> Public denouncement would be good.  Diplomatic pressure overt and behind the scenes.  Call in the ambassador.  Etc etc. Reassuring your domestic audience.  Then let your experts do their jobs.
> 
> ...



Not new, now by a long shot, just rarely public. Cyber espionage has been long established at this point- though there’s some blur between ‘mere’ information collection, and active efforts to influence/disrupt. The same system compromises that allow the former can potentially allow or enable the latter. It’s like if you are able to find an infil route through enemy lines- you could use it for a recce, or a raid.


----------



## Brad Sallows (18 Dec 2020)

Hard to figure out how we'd know what is being done about it unless the US disclosed whatever it does in response to cyber/secret threats.

Maybe the president is trying to avoid inflaming tensions with Russia.


----------



## QV (18 Dec 2020)

Mike Bobbitt said:
			
		

> I’d like to say “not fire his experienced head of CISA” but this attack was initiated months ago, while Kerbs was in office. Honestly not sure anything reasonable could have deterred this, short of unshackling cyber operations from legal constraints - not where we want to go though.



I'd say this somewhat validates the firing of Krebs.


----------



## Bruce Monkhouse (18 Dec 2020)

Maybe the Russians are being set up....im sure everyone hacks into everyone....and then "throw the scent off" evidence is left behind.


----------



## Old Sweat (18 Dec 2020)

Could be, or he has just tuned out. I saw an interview a hour or so ago with Senator Angus King from Maine about the hacking. According to him, it started last winter, and was only discovered a short while ago by a private company. They are not sure, or are being very tight-lipped, about what was being "hacked", if that is the term.


----------



## Cloud Cover (18 Dec 2020)

Mike Bobbitt said:
			
		

> I’d like to say “not fire his experienced head of CISA” but this attack was initiated months ago, while Kerbs was in office. Honestly not sure anything reasonable could have deterred this, short of unshackling cyber operations from legal constraints - not where we want to go though.



The weakest link in the security chain is ... if they have been rooted thickly by multiple exploits across multiple systems that aren't even connected to each other it might be they have to look at vulnerabilities in the IT supply chain, and that is a huge undertaking.


----------



## Navy_Pete (18 Dec 2020)

QV said:
			
		

> I'd say this somewhat validates the firing of Krebs.



Firing a guy for something no one knew about? He was fired for saying the election was secure, not for any specific job performance issues. Maybe outsourcing cybersecurity to a complicated web of private companies is a bad idea? Almost like understanding your supply chain applies digitally as well. That's been a big growth industry for several decades, so it's not on any one guy.


----------



## tomahawk6 (18 Dec 2020)

Speculation is that the cause of the breech was a failed firewall.


----------



## PuckChaser (18 Dec 2020)

OceanBonfire said:
			
		

> Trump is doing nothing to date and hasn't been doing his job for months and looks very likely to leave this mess to Biden:



Don't make us move/lock this thread because you can't resist taking partisan jabs. There's a reason why this place is much calmer after locking down the US Politics area.

- Milnet.ca Staff


----------



## Retired AF Guy (19 Dec 2020)

tomahawk6 said:
			
		

> Speculation is that the cause of the breech was a failed firewall.



An excerpt from a larger Washington Post article on the breach:



> A major avenue for breaching victims%u2019 networks was an update for computer software made by a Texas-based company called SolarWinds. The firm said about 18,000 customers that received the patch, for network management software called Orion, were potentially exposed. The Russians covertly added malware to the update, which installed a backdoor on computers that the hackers could use to enter a victim%u2019s system at will.
> 
> But the intruders were selective in choosing who to compromise. Not everyone who downloaded the patch was seen as an attractive target, Microsoft said.
> 
> The SolarWinds update was not the only path into victims%u2019 networks, the Department of Homeland Security%u2019s Cybersecurity and Infrastructure Security Agency said in an alert this week. %u201CCISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated,%u201D the agency said.



And, from the President of Microsoft, who says that the US was not the only target**:



> While roughly 80% of these customers are located in the United States, this work so far has also identified victims in seven additional countries. This includes Canada and Mexico in North America; Belgium, Spain and the United Kingdom in Europe; and Israel and the UAE in the Middle East. It%u2019s certain that the number and location of victims will keep growing.



** This article also includes a map that shows the locations around the world (including Canada) that were targeted.


----------



## Retired AF Guy (19 Dec 2020)

And for those computer nerds out there, here, courtesy of the US Cybersecurity and Infrastructure Security Agency (CISA) is how it was done:



> Technical Details
> Overview
> 
> CISA is aware of compromises, which began at least as early as March 2020, at U.S. government agencies, critical infrastructure entities, and private sector organizations by an APT actor. This threat actor has demonstrated sophistication and complex tradecraft in these intrusions. CISA expects that removing the threat actor from compromised environments will be highly complex and challenging. This adversary has demonstrated an ability to exploit software supply chains and shown significant knowledge of Windows networks. It is likely that the adversary has additional initial access vectors and tactics, techniques, and procedures (TTPs) that have not yet been discovered. CISA will continue to update this Alert and the corresponding indicators of compromise (IOCs) as new information becomes available.
> ...



The rest of the much more detailed article is here.


----------



## shawn5o (5 Jan 2021)

brihard said:


> Your attack on him is out of line and uncalled for, especially coming from a member of the page staff. That kind of reply is exactly the sort of thing you or other DS would shut the rest of us down for were we to introduce it into a discussion.
> 
> Incidentally, in the past couple weeks he's also been active in posting about the C20 sniper system, the invitation to the Chinese to train on our bases, domestic terrorism/extremism, and the acquisition and distribution of vaccines. Yes, he has also posted on US political subjects, and there are political themes or tones in some of his other posts, but that's not against any rules and it hasn't been the dominant theme of his posting, especially not in the past few weeks. Some members post long personal analyses and opinions. Some mostly share articles or analyses from others that they think may be of others.  It's not against the rules and at least one member of the DS largely posts the same way, so it certainly seems accepted.
> 
> I'm not sure why you think it's necessary or appropriate to be blasting him like that, but it isn't.


Sorry Brihard but BM spoke truth. 

And distracting from the issue bringing up OB's other activities is called distraction. Address the issue that BM brought up and don't distract.


----------



## brihard (5 Jan 2021)

shawn5o said:


> Sorry Brihard but BM spoke truth.
> 
> And distracting from the issue bringing up OB's other activities is called distraction. Address the issue that BM brought up and don't distract.



Check the dates on the post, and the subsequent replies. This was resolved weeks ago.


----------

