On Monday, SolarWinds ( SWI ) confirmed that Orion - its flagship network management software - had served as the unwitting conduit for a sprawling international cyberespionage operation. The hackers inserted malicious code into Orion software updates pushed out to nearly 18,000 customers.
Cybersecurity experts are still struggling to understand the scope of the damage.
The malicious updates - sent between March and June, when America was hunkering down to weather the first wave of coronavirus infections - was "perfect timing for a perfect storm," said Kim Peretti, who co-chairs Atlanta-based law firm Alston & Bird's cybersecurity preparedness and response team.
"We may not know the true impact for many months, if not more – if not ever," she said.
The impact on SolarWinds ( SWI ) was more immediate. U.S. officials ordered anyone running Orion to immediately disconnect it. The company's stock has tumbled more than 23% from $23.50 on Friday - before Reuters broke the news of the breach - to $18.06 on Tuesday.
Security researcher Vinoth Kumar told Reuters that, last year, he alerted the company that anyone could access SolarWinds' ( SWI ) update server by using the password "solarwinds123"
SolarWinds Hack Compromises Gov and Corporate Servers
- Joe Shlabotnik
- Hall Of Famer
- Posts: 23103
- Joined: October 12 06, 2:21 pm
- Location: Baseball Ref Bullpen
- Contact:
SolarWinds Hack Compromises Gov and Corporate Servers
I'm surprised this hasn't got more legs. I guess we are all distracted by the election and the virus. And while we were, Russia compromised government and corporate servers and taking who-knows-what for months. Check out this quote from another article on this breach. Especially the bold. Talk about stupid, SolarWinds deserves all the blowback they may get.
- mikechamp
- Hall Of Famer
- Posts: 10132
- Joined: April 17 06, 5:05 pm
- Location: Southwestern Illinois
Re: SolarWinds Hack Compromises Gov and Corporate Servers
I posted about it approximately 2 hours before this thread... but in a different forum.
viewtopic.php?f=30&t=60121&p=1976382#p1976382
viewtopic.php?f=30&t=60121&p=1976382#p1976382
- heyzeus
- Everday Unicorn
- Posts: 41333
- Joined: April 21 06, 10:14 am
- Location: Austin, TX
- Contact:
Re: SolarWinds Hack Compromises Gov and Corporate Servers
Until a few years ago, Solar Winds was HQ'd in the same building I work in. Some of their employees didn't wear shoes in the office. It was weird and gross. Based on this kind of behavior, I'm not surprised they compromised the entire federal government.
- sighyoung
- Mayor of GRB
- Posts: 37618
- Joined: April 17 06, 7:42 pm
- Location: Louisville
Re: SolarWinds Hack Compromises Gov and Corporate Servers
THE HACKER WAS CHRIS CORREA, I TELL YOU!
- mikechamp
- Hall Of Famer
- Posts: 10132
- Joined: April 17 06, 5:05 pm
- Location: Southwestern Illinois
Re: SolarWinds Hack Compromises Gov and Corporate Servers
More on this incredibly pervasive breach:
US cybersecurity agency warns of 'grave' threat from hack
Federal authorities expressed increased alarm Thursday about an intrusion into U.S. and other computer systems around the globe that officials suspect was carried out by Russian hackers. The nation's cybersecurity agency warned of a “grave” risk to government and private networks.
The Cybersecurity and Infrastructure Security Agency said in its most detailed comments yet that the intrusion had compromised federal agencies as well as “critical infrastructure” in a sophisticated attack that was hard to detect and will be difficult to undo.
Another U.S. official, speaking Thursday on condition of anonymity to discuss a matter that is under investigation, said the hack was severe and extremely damaging although the administration was not yet ready to publicly blame anyone for it.
“This is looking like it’s the worst hacking case in the history of America,” the official said. “They got into everything.”
https://www.yahoo.com/news/us-cybersecu ... 29432.html
- Joe Shlabotnik
- Hall Of Famer
- Posts: 23103
- Joined: October 12 06, 2:21 pm
- Location: Baseball Ref Bullpen
- Contact:
Re: SolarWinds Hack Compromises Gov and Corporate Servers
Bad guys having months of free rein on systems? There's no telling how deep they got.
Imagine hackers getting into the update servers for software development tool vendors. They could reengineer compililers and interpreters to always add machine code backdoors into literally EVERY piece of software produced!
Months is plenty of time to do it.
And, for all we know, the US or Israel has been successful in the same way.
One thing we can probably count on is one day we'll wake up to our computers and phones being turned into paper weights.
Imagine hackers getting into the update servers for software development tool vendors. They could reengineer compililers and interpreters to always add machine code backdoors into literally EVERY piece of software produced!
Months is plenty of time to do it.
And, for all we know, the US or Israel has been successful in the same way.
One thing we can probably count on is one day we'll wake up to our computers and phones being turned into paper weights.
- Radbird
- There's someone in my head but it's not me
- Posts: 57428
- Joined: April 18 06, 5:08 pm
- Location: LF Bleachers @ Busch II
Re: SolarWinds Hack Compromises Gov and Corporate Servers
Damn Chinese...
- GeddyWrox
- Caught you a delicious bass
- Posts: 12944
- Joined: April 20 06, 8:43 pm
- Location: Please use blue font for the sarcasm impaired.
- IMADreamer
- Has an anecdote about a townie he overheard.
- Posts: 12654
- Joined: December 6 10, 1:09 am
- Location: Illinois
Re: SolarWinds Hack Compromises Gov and Corporate Servers
Why can't one of these hackers really do some damage like wipe out everyone's mortgage or credit card debt? It would help the people, but it would absolutely crush the US banking system which would cause an epic economic melt down.
It looks like it will be another month before the US govt has any chance of actually doing anything about this. I fully expect after Biden takes office for the hackers to crash the power grid or something massive like that so that the Republicans can blame Biden and more fighting can happen here. I know we can't go to war with Russia because of nukes and such but America has to find a way to destroy them. Whether it's massive sanctions, hacking, etc. Russia has to be punished out of existence. It needs to be a global effort but America will have to lead. Of course it won't happen because so many in our govt is compromised and now afraid of the Maga morons who vote for them.
and yes Trump needs to hang. His whole organization does.
It's some really bad times ahead for the country.
It looks like it will be another month before the US govt has any chance of actually doing anything about this. I fully expect after Biden takes office for the hackers to crash the power grid or something massive like that so that the Republicans can blame Biden and more fighting can happen here. I know we can't go to war with Russia because of nukes and such but America has to find a way to destroy them. Whether it's massive sanctions, hacking, etc. Russia has to be punished out of existence. It needs to be a global effort but America will have to lead. Of course it won't happen because so many in our govt is compromised and now afraid of the Maga morons who vote for them.
and yes Trump needs to hang. His whole organization does.
It's some really bad times ahead for the country.
- Jocephus
- 99% conan clips
- Posts: 63643
- Joined: April 18 06, 5:14 pm