User Panel
User Panel
User Panel
|
Posted: 12/18/2020 9:36:29 PM EST
Catherine Herridge (@CBS_Herridge) Tweeted:Microsoft's president tells @CBSNews "this attack is still taking place, the industry is scrambling, people in government are scrambling to get it under control, but it's not under control yet"
Link Apparently this has been going on for over a month. Yeah, most secure election ever!  Here is a list so far of what agencies have been attacked  Attached File |
|
|
|
Posted: 12/18/2020 9:37:16 PM EST
[#1]
|
|
|
|
Posted: 12/18/2020 9:38:13 PM EST
[#2]
What department is responsible for sounding the purge siren?
|
|
|
|
Posted: 12/18/2020 9:39:05 PM EST
[#3]
Quote HistoryQuoted: What department is responsible for sounding the purge siren? CCP |
|
|
|
Posted: 12/18/2020 9:39:21 PM EST
[#4]
Quote HistoryQuoted: What department is responsible for sounding the purge siren? |
|
|
|
Posted: 12/18/2020 9:39:44 PM EST
[#5]
Quoted: Catherine Herridge (@CBS_Herridge) Tweeted:Microsoft's president tells @CBSNews "this attack is still taking place, the industry is scrambling, people in government are scrambling to get it under control, but it's not under control yet" Link Apparently this has been going on for over a month. Yeah, most secure election ever! Here is a list so far of what agencies have been attacked https://www.AR15.Com/media/mediaFiles/288245/a632ed55-e779-4482-aea3-c100b8589aa6_jpg-1737681.JPG This is the tip of the iceberg. |
|
|
|
Posted: 12/18/2020 9:40:02 PM EST
[#6]
|
|
|
|
Posted: 12/18/2020 9:40:12 PM EST
[#7]
Which 3 states?
|
|
|
|
Posted: 12/18/2020 9:40:57 PM EST
[#8]
i wonder what the actual fallout from this will wind up looking like.
it's incredible. |
|
|
|
Posted: 12/18/2020 9:41:51 PM EST
[#9]
Could the “tools” recently stolen from that cyber security company be aiding “these” hackers?
|
|
|
|
Posted: 12/18/2020 9:43:04 PM EST
[#10]
I thought I’d read somewhere today that the attack has been going on for 8-9 months and it’s just in the last month that it was discovered.
|
|
|
|
Posted: 12/18/2020 9:43:30 PM EST
[#11]
|
|
|
|
Posted: 12/18/2020 9:43:37 PM EST
[#12]
Quoted: Catherine Herridge (@CBS_Herridge) Tweeted:Microsoft's president tells @CBSNews "this attack is still taking place, the industry is scrambling, people in government are scrambling to get it under control, but it's not under control yet" Link Apparently this has been going on for over a month. Yeah, most secure election ever! Here is a list so far of what agencies have been attacked https://www.AR15.Com/media/mediaFiles/288245/a632ed55-e779-4482-aea3-c100b8589aa6_jpg-1737681.JPG A great many security programs are "security theater" to pad the pockets of executives and nothing more. |
|
|
|
Posted: 12/18/2020 9:43:46 PM EST
[#13]
Quote HistoryQuoted: Which 3 states? Not sure, I'm seeing where is just wasn't the US but several countries as well. TBH, I starting to think that German Server story may have some validity! How the hell was this kept from the American Public and how is Republican's/Mitch saying Biden was elected fairly!
|
|
|
|
Posted: 12/18/2020 9:44:32 PM EST
[#14]
Quote HistoryQuoted: I thought I'd read somewhere today that the attack has been going on for 8-9 months and it's just in the last month that it was discovered. |
|
|
|
Posted: 12/18/2020 9:46:21 PM EST
[#15]
The voting machines were probably hacked too.
|
|
|
|
Posted: 12/18/2020 9:46:35 PM EST
[#16]
Quote HistoryQuoted: You read that right. It's been underway since roughly March. do we have any idea what the implications of something like that would be? I've been having a hard time following this one. |
|
|
|
Posted: 12/18/2020 9:46:56 PM EST
[#17]
Whoever os responsible be it China or Russia we should cripple them
|
|
|
|
Posted: 12/18/2020 9:47:32 PM EST
[#18]
Quote HistoryQuoted: I just want to say that having almost 20 years in as a "security professional", with most of it centered around cyber crime, incident response, threat intelligence and a good bit of exposure to Corporate America and the Government, I'm not surprised at all they got butt fucked. A great many security programs are "security theater" to pad the pockets of executives and nothing more. My exposure to .gov IT is much more limited than yours (3 years here), but I'm utterly fucking astounded and how much 'zero fucks given' is taken to IT security where I work. It wasn't until we got hit with a virus that my boss went "how did this happen?!" like it was some fucking surprise. I won't list the details, but guessable passwords, deprecated unpatched OS's running in the LE side of things, passwords written on post it notes, you name it were abound. Hell we still have an ASA running code from 10 years ago that has never been patched, and that's our primary firewall. |
|
|
|
Posted: 12/18/2020 9:48:22 PM EST
[#19]
That heritage gal is an CBS, lol...
|
|
|
|
Posted: 12/18/2020 9:48:41 PM EST
[#20]
Quote HistoryQuoted: do we have any idea what the implications of something like that would be? I've been having a hard time following this one. |
|
|
|
Posted: 12/18/2020 9:49:10 PM EST
[#21]
Well, at least the dominion voting machines were secure.
|
|
|
|
Posted: 12/18/2020 9:50:03 PM EST
[#22]
Quote HistoryQuoted: That heritage gal is an CBS, lol... Yeah, I was kinda shocked CBS is reporting this. Heritage has been pretty solid on her reporting considering. |
|
|
|
Posted: 12/18/2020 9:50:23 PM EST
[#23]
Sorry citizens we are going to have to shut down the power grid for 2 weeks.... You know, too slow the curve.
|
|
|
|
Posted: 12/18/2020 9:50:31 PM EST
[#24]
The UHS attack was a nice test run.
|
|
|
|
Posted: 12/18/2020 9:50:50 PM EST
[#25]
|
|
|
|
Posted: 12/18/2020 9:50:59 PM EST
[#26]
World War 3 will start with computer hacks. The Chicoms could probably take down our power grid at anytime
Completely fuck our nationwide commerce network |
|
|
|
Posted: 12/18/2020 9:52:06 PM EST
[#27]
Quote HistoryQuoted: @navvet89 My exposure to .gov IT is much more limited than yours (3 years here), but I'm utterly fucking astounded and how much 'zero fucks given' is taken to IT security where I work. It wasn't until we got hit with a virus that my boss went "how did this happen?!" like it was some fucking surprise. I won't list the details, but guessable passwords, deprecated unpatched OS's running in the LE side of things, passwords written on post it notes, you name it were abound. Hell we still have an ASA running code from 10 years ago that has never been patched, and that's our primary firewall. Quote HistoryQuoted: Quoted: I just want to say that having almost 20 years in as a "security professional", with most of it centered around cyber crime, incident response, threat intelligence and a good bit of exposure to Corporate America and the Government, I'm not surprised at all they got butt fucked. A great many security programs are "security theater" to pad the pockets of executives and nothing more. My exposure to .gov IT is much more limited than yours (3 years here), but I'm utterly fucking astounded and how much 'zero fucks given' is taken to IT security where I work. It wasn't until we got hit with a virus that my boss went "how did this happen?!" like it was some fucking surprise. I won't list the details, but guessable passwords, deprecated unpatched OS's running in the LE side of things, passwords written on post it notes, you name it were abound. Hell we still have an ASA running code from 10 years ago that has never been patched, and that's our primary firewall. it's like that just about everywhere. In my experience executive leaderships concerns center around looking good, keeping audit and regulators off their ass and setting themselves up for the next gig. Very very rarely do they actually have the skill sets, wherewithal and fucks to give to do the right thing. My current employer only has about 3 people that have any real experience, the rest of the organizations leadership and worker bees have a complete lack of understanding of basic information security concepts. This is a Fortune 100 mind you. |
|
|
|
Posted: 12/18/2020 9:54:51 PM EST
[#28]
I think this is less an attack and more someone keeps leaving doors open or outright uplinking shit to sites to allow access. Is it no wonder they can’t stop it if people are actively allowing it?
ETA Covid restrictions in fed buildings has allowed people to have access to things without a lot of eyes around. It’s been way easier to deploy this shit. |
|
|
|
Posted: 12/18/2020 9:55:34 PM EST
[#29]
Quote HistoryQuoted: Whoever os responsible be it China or Russia we should cripple them  Funny Dancing Puppet Show for Kids  Edwin Starr - War (Original Video - 1969) |
|
|
|
Posted: 12/18/2020 9:55:57 PM EST
[#30]
Did the Chinese not get their passwords from the transition team yet?
Kharn |
|
|
|
Posted: 12/18/2020 9:56:37 PM EST
[#31]
Quote HistoryQuoted: it's like that just about everywhere. In my experience executive leaderships concerns center around looking good, keeping audit and regulators off their ass and setting themselves up for the next gig. Very very rarely do they actually have the skill sets, wherewithal and fucks to give to do the right thing. My current employer only has about 3 people that have any real experience, the rest of the organizations leadership and worker bees have a complete lack of understanding of basic information security concepts. This is a Fortune 100 mind you. +1 |
|
|
|
Posted: 12/18/2020 9:57:02 PM EST
[#32]
Quote HistoryQuoted: do we have any idea what the implications of something like that would be? I've been having a hard time following this one. It’s getting to the point that anything that didn’t have an air gap has to be physically removed and thrown out. It’s that bad. |
|
|
|
Posted: 12/18/2020 9:59:21 PM EST
[#33]
Quote HistoryQuoted: I think this is less an attack and more someone keeps leaving doors open or outright uplinking shit to sites to allow access. Is it no wonder they can't stop it if people are actively allowing it? What it is though could allow someone to severely fuck with our country at the core. I'm talking Defensive, Power, Commerce, Comms, you name it. We go tossing a nuke at this perp, and they might be able turn off the power. I'm not saying they can do it, I'm saying whoever did this knows what the fuck they're doing, and they spent a shit ton of time and capital to make it happen. The payload however, nobody knows. |
|
|
|
Posted: 12/18/2020 10:00:36 PM EST
[#34]
Quote HistoryQuoted: It's possible whoever did this, STILL has ADMIN level access to just about everything .gov well that would be bad. |
|
|
|
Posted: 12/18/2020 10:01:48 PM EST
[#35]
... Joe Biden may not agree
|
|
|
|
Posted: 12/18/2020 10:01:50 PM EST
[#36]
Quote HistoryQuoted: Hell we still have an ASA running code from 10 years ago that has never been patched, and that's our primary firewall.  |
|
|
|
Posted: 12/18/2020 10:03:00 PM EST
[#37]
Quote HistoryQuoted: I thought I’d read somewhere today that the attack has been going on for 8-9 months and it’s just in the last month that it was discovered. That's why Trump shitcanned the cyber security chief. This attack is just a culmination of all those smaller information gathering hacks. |
|
|
|
Posted: 12/18/2020 10:03:38 PM EST
[#38]
Quote HistoryQuoted: Whoever os responsible be it China or Russia we should cripple them Canned sunshine is crippling... |
|
|
|
Posted: 12/18/2020 10:04:54 PM EST
[#39]
|
|
|
|
Posted: 12/18/2020 10:05:50 PM EST
[#40]
Sofa-king
|
|
|
|
Posted: 12/18/2020 10:05:51 PM EST
[#41]
Quote HistoryQuoted: I discovered the last reboot was 2012. I brought it up to my supervisor. He said "yeah, I know. I'm afraid if we reboot it, it won't come back up." My response "Why the fuck is it in production then?!" It's still in production. Still unpatched and still not rebooted since 12. |
|
|
|
Posted: 12/18/2020 10:06:37 PM EST
[#42]
Quote HistoryQuoted: I thought I’d read somewhere today that the attack has been going on for 8-9 months and it’s just in the last month that it was discovered. I believe you're correct. |
|
|
|
Posted: 12/18/2020 10:06:41 PM EST
[#43]
M$ has been attacking their customer since Win '95.
|
|
|
|
Posted: 12/18/2020 10:07:42 PM EST
[#44]
Why doesn't Congress declare war?
|
|
|
|
Posted: 12/18/2020 10:09:10 PM EST
[#45]
Quote HistoryQuoted: The one I think where President Trump fired the guy. Quote HistoryQuoted: Quoted: What department is responsible for sounding the purge siren? That would be number 5 on the list in OP. |
|
|
|
Posted: 12/18/2020 10:10:18 PM EST
[#46]
I do a lot of contract work with an international Fortune 500 company.
I would routinely find things like Windows servers with domain admin users left logged in indefinitely. VNC (and there's part of the problem) into a server expecting to log in, get someone else's open session. Or log into a server and see it's waiting to install cumulative security updates from 6+ months ago. Someone should have seen this in SCCM, received an alert or anything.. Nope, ignored. Passwords on almost every account never changed. So when they got hacked this year, almost lost all their DCs and infra to ransomware, and had passwords reset on almost all domain admin users, I was not surprised. Then all of their data went up for sale on the dark web. They even wiped all tape backups that were inserted into backup servers worldwide. Backups to NAS? Stored on public shares, now all encrypted and worthless Tip off that something was coming... All of the infosec team members had unpronouncable Indian names and accents to match. Those guys don't give a fuck. |
|
|
|
Posted: 12/18/2020 10:14:04 PM EST
[#47]
Quote HistoryQuoted: Yeah, I was kinda shocked CBS is reporting this. Heritage has been pretty solid on her reporting considering. Catherine Herridge has always seemed to me to be a no nonsense,no bullshit reporter..... I wonder why she left Fox? |
|
|
|
Posted: 12/18/2020 10:14:06 PM EST
[#48]
Quote HistoryQuoted: Why doesn't Congress declare war? |
|
|
|
Posted: 12/18/2020 10:14:42 PM EST
[#49]
Quote HistoryQuoted: Did the Chinese not get their passwords from the transition team yet? Kharn well aktually  funny you mention that... RedDrip a Chinese state security firm had some information. I wouldn't trust shit from them |
|
|
|
Posted: 12/18/2020 10:17:11 PM EST
[#50]
Something to put in context. There were confirmed around 20,000 customers affected.
Government regulations require you monitor certain controls in certain ways. In the DoD space (most other agencies have a similar process) for approved products list. DISA posts the APL. The APL says what products can be used to perform certain functions. Overall it is a good thing. Until a thing like this happens. Now if the OTHER controls are PROPERLY implemented there is a greatly limited scope. It is kinda like saying there is a problem with the brass in military supply and someone starts a thread asking why it is all Lake City. |
|
|
Win a FREE Membership!
Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!
You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.
AR15.COM is the world's largest firearm community and is a gathering place for firearm enthusiasts of all types.
From hunters and military members, to competition shooters and general firearm enthusiasts, we welcome anyone who values and respects the way of the firearm.
Subscribe to our monthly Newsletter to receive firearm news, product discounts from your favorite Industry Partners, and more.
Copyright © 1996-2024 AR15.COM LLC. All Rights Reserved.
Any use of this content without express written consent is prohibited.
AR15.Com reserves the right to overwrite or replace any affiliate, commercial, or monetizable links, posted by users, with our own.
Attached File
Attached File