We see the set, we see the result, yet we do not understand the equation. The media is mulling it over, it is in despair on what to do. They have so many voices to listen too, producers, executives, stake holders and share holders, none can agree on the story and more precise, most of them are clueless on what the story is. Reuters gives us ‘SolarWinds hackers accessed Microsoft source code, the company says’, the story (at https://www.reuters.com/article/us-global-cyber-microsoft/solarwinds-hackers-accessed-microsoft-source-code-the-company-says-idUSKBN2951M9), gives us plenty, but are they giving us what we need to know? Even as we are told “It is not clear how much or what parts of Microsoft’s source code repositories the hackers were able to access, but the disclosure suggests that the hackers who used software company SolarWinds as a springboard to break into sensitive U.S. government networks also had an interest in discovering the inner workings of Microsoft products as well”, a stage that is a lot bigger than anyone knows, some cyber experts have an inkling of thought on just how bad things got, but they do not know just how bad, because we do not know what was accessed.
Back in Time
So as we consider that on December 13, 2020, The Washington Post reported that multiple government agencies were breached through SolarWinds’s Orion software. So this is when the worm got out, yet I believe that the first instances were early August, I cannot prove this, but that is when the first event took place, they were merely not seen or identified as such. As far as I can tell (through unconfirmed and slightly dubious sources), there was a mapping phase in play and it was in play for weeks. This mapping phase was not contained or limited to the US, or to governmental players. It was also not the first time it happened, but it seems it was the most complete and most successful attempt, and it is about to get a lot worse. You see, people didn’t learn from 9/11, from all these people who went to flight school just to take off and learn how to fly into buildings, they didn’t learn the first time, and they are not learning now (at https://www.youtube.com/watch?v=lZAoFs75_cs), it gets to be funnier, the ethical hacker is topped by another advertisers, offering the same with 75% discount, and would you know it, all these ‘new’ ethical hackers, what are the chances that a few have their own agenda? Now these people are not ready to take over Solarwinds yet, but they are en-route.
A lot of hackers started as ethical hackers and then didn’t end up with a decent job, they had to make ends meet, and would you know it, they had just the education to make that happen. So as they didn’t get high paying positions at Google, Apple or Sun systems, they decided to take the reins themselves. They do have their competitors, people who graduated from London Poly, or Moskovski politekhnicheski universitet an a few others, all having graduates and the world had no positions for them, so they became the new managers of another version of Ransomware, or some other solution. It was only 5 years ago that we saw “Trend Micro released a research paper about sextortion: the means through which cybercriminals obtain compromising personal images or videos of Internet users – which they then hold hostage until their demands have been met” and that was if you were lucky, the idiots that most governments have include idiots that put the national security and defence issues on a USB stick.
Time flies when greed is in charge
Over the last 5 years we saw an abundance of issues, yet the greed driven idiots all had a bottom line and cost is not part of that bottom line, it is actually against it, that was what some of these executives were screaming. And as things were pushed back quarter after quarter, the setting became that nothing was done, so when SolarWinds was transgressed upon the bulk of all corporations had no issue to see just how screwed they were, the sales people needed their bonus structure and so do the board members, as such there was for the most no defence. And it gets to be worse, even as we all want to blame SolarWinds, we need to realise that anyone with a lack of defence only has itself to blame. This is why I took certain defence matters into my own hands and even as they are not perfect, it beats no defence at all. When the Telecom Companies start to scream murder because usage is out of control and the numbers start showing that 100,000 people used 200 GB, all whilst the numbers showed that for the most the average of 50 GB, we will see another issue, the loss of telecom data and more important, our financial records will not match up, and at that point you will see a stage where our data is up for sale and there are plenty of interested parties who want that data. A setting of 5 servers that can be used multiple times and 25 customers all willing to pay $10,000 for the usage records of 100,000-350,000 people, and after the financial data is aggregated, they can collect a lot more from another 40 customers. It boils down to $250,000 for a month of work, and that is merely one segment, once these people hit companies (especially those with underfunded IT departments), The numbers will add up larger and faster, especially when IP data is made available, by the time the companies learn just how intense the pull of data was it will be too late and for the most the global police settings will not be able to cover it, the US has an FBI who can get to the matter to some degree, but they still think that North Korea did the Sony gig, so I am not holding my breath on that one. And that is before they realise that I devised another setting that explains the inside job part and I found a new way of exporting that data, which took less than an hour, the shareholders who needed a patsy in North Korea are that much in the dark at present and for the last 7-9 years actually.
So whilst the sales people are in the push for revenue, I reckon that only the companies that have a CTO on their board of directors will have a decent chance, the rest is cannon fodder, it is basically that simple.
The greed drive looks that good, but in reality they are losing 6:1 at present, SolarWinds is merely showing the agony that is out there, it is ABC News that gives a much larger timeline, with ‘Malware may have been installed in June’, which does give voice to my timeline, but it is not enough, we see the larger stage with “the hackers piggy-backed on the company that made software running on hundreds of thousands of corporate and government networks” and in all this, where was the security of SolarWinds? I believe that the damage is much larger and the players just do not know what to trust and who to trust, and that will stay with them for the larger extent of 2021, implying that their systems will not be properly cleaned for a much larger time, because they look at the larger setting, but this pass over will hit EVERY system, and it will hit a few systems in different ways, because they will get found out in a few ways, but not in all ways and that is why the agony score is so high and all this before someone realises that their cloud system could be just as infected and that is another piece of cake entirely, one that does not clean up so easily.
So whilst we see the trivialisation of “it says patient information was not stolen” or “there was nothing to suggest customer data had been accessed”, it is the basic defence of any company or government organisation, but in reality they are decently clueless on what data was accessed and how it was copied or positioned in a place they can get to. For example it might not show, but when you realise that a person was using 12-17 GB of data during the day, so why is that person’s account using this data on his sick day? Odd is it not? There are a few more examples, but I let you simmer on this, because 2021 has a few more surprises for all of you, perhaps for me too.