The wide net

We all have the idea to go phishing, we want trout, we want salmon and we use the biggest net possible to get at least one. So when AP gave us ‘Casting a wide intrusion net: Dozens burned with single hack’ (at https://apnews.com/article/donald-trump-politics-europe-eastern-europe-new-zealand-f318ba1ffc971eb17371456b015206a5), not only was I not surprised, I had been warning people about this for a few years, that setting is apparently upon us now (or at least some are admitting it now). There we see “Nimble, highly skilled criminal hackers believed to operate out of Eastern Europe hacked dozens of companies and government agencies on at least four continents by breaking into a single product they all used” this does not surprise me, this happened in the late 80’s as well when someone used Aston Tate’s DB3 to introduce a virus, it is simple find something they all use and hamper its function, a basic strategy that an Italian (Julius Caesar) introduced 2000 years ago, there he hampered the roads and not servers but you get the idea, the classics still work.

When we are given “The Accellion casualties have kept piling up, meanwhile, with many being extorted by the Russian-speaking Clop cybercriminal gang, which threat researchers believe may have bought pilfered data from the hackers. Their threat: Pay up or we leak your sensitive data online, be it proprietary documents from Canadian aircraft maker Bombardier or lawyer-client communications from Jones Day.” It might seem rash but the people relied on others to keep their data safe and whilst we see more and more that they cannot contain the bacon the clients are suffering, this is not a simple station and we get it, but package solutions tend to come with flaws and that has been a truth for 20 years, so why are you all crying now? It is the final part that has more bearing “Members of Congress are already dismayed by the supply-chain hack of the Texas network management software company SolarWinds that allowed suspected Russian state-backed hackers to tiptoe unnoticed — apparently intent solely on intelligence-gathering — for more than half a year through the networks of at least nine government agencies and more than 100 companies and think tanks. Only in December was the SolarWinds hacking campaign discovered by the cybersecurity firm FireEye. France suffered a similar hack, blamed by its cybersecurity agency on Russian military operatives, that also gamed the supply chain. They slipped malware into an update of network management software from a firm called Centreon, letting them quietly root around victim networks from 2017 to 2020.” This is important because of what happened in the last two years, remember how ‘stupid’ American people started to blame Huawei for all the bad whilst offering absolutely no supporting evidence? Huawei does not need to bother to aid whichever government there was, silly software developers are doing that for them, we see an abundance of intrusion problems that include SolarWinds, Accellion and Cisco. A stage where thousands of systems are at risk, but no, the ‘silly’ people kept on blaming Huawei. Even I knew better and as Sony gave me the idea for an intrusion method called ‘Plus One’ (a viable way to drive the Pentagon nuts) with an alternative direction that I call ‘Vee One’, but that one has a few hiccups I reckon. Then I got creative and saw a new parameter in play. One that is based on a little part I read in a Cisco manual, the text “When You Add A Hard Disk To A Virtual Machine(VM), you can create a new virtual disk, add an existing virtual disk, or add a mapped Storage Area Network (SAN) Logical UnitNumber (LUN). In most cases, you can accept the default device node. For a hard-disk, a non default device node is useful to control the boot order or have different Small Computer System Interface (SCSI) controller types. For example, you might want to boot from an LSI Logic controller and use a Bus-logic Controller With bus sharing turned onto share a data disk with another VM.” You see that small text indicates that there is a nice workaround in Cisco CMX and it opens up a lot more than they bargained for, that in conjunction with the share issues thy were already facing gives out a whole new meaning to the phrase ‘Copy me I want to travel’, n’est pas? (for the French victims)

It is a much larger stage, most laws aren’t ready for this, prosecuting the guilty parties is close to impossible and any quick fix they make will only make things harder, the setting was and has for always been the makers of software, time constraints and lack of deep testing makes for a lousy solution and in most cases these players have a pushy marketing department (example: Ubisoft), and yes ‘You be soft!’ because the small tidbit that AP gives us with “Attackers are finding it harder and harder to gain access via traditional methods, as vendors like Microsoft and Apple have hardened the security of the operating systems considerably over the last years” yet it is a small stage and not a correct one. Weaknesses in Azure, issues with advertising in apps and a larger stage of programming, we see it clearest in .NET, but it goes way beyond that, for example “The problem of memory leaks is not uncommon in any technology. Simply put, the framework doesn’t release the memory that it no longer needs. .NET is frequently criticised for memory leaks and memory-related issues. Although .NET has a garbage collector for this sort of problem, engineers still have to invest additional efforts into proper resource management. And the leaks keep on growing as the application scales.” (source: Altexsoft) and it shows the smallest part, if there is a leak in one place, there will be in other places too and the leaks are not the real problem, getting it to semi-crash and taking over its right on a network are a quick way into any system, I saw the example with an accounting program (censored name), I got the program to crash (took about 20 seconds) and I ended up with the administrator rights to the entire mainframe from ANY location running that software. I get it, there will always be a bug in any place and the makers were quick to fix it, but for a few weeks there was an entrance point that took minimum efforts and that setting is only increasing with routers and cloud systems, these companies rely on marketeers that are ready to push for the investors sake and leave the client swimming in a swamp, I have seen it more than once and it will happen again, and this setting has been going on since 1989 and over the next 3-4 years it will grow to 150%, the push to billions and to quickly get to billions will be overwhelming for too many players all whilst the law will not be able to protect the victims, they will merely point at torts law, even though that you are the victim, most contracts are offered as an ‘as is’ solution and for the most software makers can avoid prosecution for the longest time, long enough for the hackers to get away with your data and sell it, what a lovely system you bought. Oh and before I forget, organised crime is way ahead of me, so for some it will already be too late.

Leave a comment

Filed under IT, Law, Media, Science

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.