Article

2020-12-14 Cyber

BREAKING BIG: CISA Emergency Directive Calls on ALL Federal Civilian Agencies to Review Compromise and Disconnect or Power Down SolarWinds Orion Products Immediately

Archived material is restricted to Rantburg regulars and members. If you need access email fred.pruitt=at=gmail.com with your nick to be added to the members list. There is no charge to join Rantburg as a member.

Posted by JohnQC 2020-12-14 10:04|| || Front Page|| [11 views ] Top

#1 Wonder who is compromising our systems? China?

Many agencies in our government use Solar Winds. Not sure what to make of this at this time.

https://www.solarwinds.com/company/customers

Posted by JohnQC 2020-12-14 10:09|| 2020-12-14 10:09|| Front Page Top

#2 Epoch Times is reporting: US Cybersecurity Agency Issues Emergency Directive Over SolarWinds Hack.

https://www.theepochtimes.com/dominion-voting-systems-uses-firm-that-was-hacked_3617507.html
Being reported at Clarion News as well.

A company that provides voting systems in 28 states uses an Internet technology firm that was hacked.

Posted by JohnQC 2020-12-14 10:24|| 2020-12-14 10:24|| Front Page Top

#3 Dominion Voting Systems uses Solar Winds which was hacked.

Posted by JohnQC 2020-12-14 10:26|| 2020-12-14 10:26|| Front Page Top

#4 BREAKING: Michigan judge orders RELEASE of audit report on Dominion voting machines

Dec 14 - Moments ago, Michigan state judge Kevin Elensheimer ordered the release of a redacted report on the results of an examination of the Dominion voting machines in Antrim County, Michigan.

The results had been shielded by a protective order, but this morning, Judge Elensheimer removed that order, clearing the way for the audit results to go public.

The judge further ordered that the case move to the discovery phase and mentioned the case could go to trial by April of 2021.

Posted by Frank G 2020-12-14 10:27|| 2020-12-14 10:27|| Front Page Top

#5 Fire-eye hints at Russian actors due to the sophistication of the attack.

Posted by DarthVader 2020-12-14 10:29|| 2020-12-14 10:29|| Front Page Top

#6 We [Solar Winds] are a leading provider of powerful and affordable IT infrastructure management software. Our products give organizations worldwide, regardless of type, size or IT infrastructure complexity, the power to monitor and manage the performance of their IT environments, whether on-premises, in the cloud, or in hybrid models.

You'd think a wide-ranging, multi-tentacled outfit like that would be really hard to hack. And it's not a NASA project, either!

Posted by Bobby 2020-12-14 10:58|| 2020-12-14 10:58|| Front Page Top

#7 Same topic at GreatGameIndia

SolarWinds Hacked Orion Platform Used In Dominion Voting Systems

Somebody knows something.

Posted by Besoeker 2020-12-14 12:13|| 2020-12-14 12:13|| Front Page Top

#8 Hacked or did somebody open a back door? Got any Chinamen working for that company?

Posted by Abu Uluque 2020-12-14 12:31|| 2020-12-14 12:31|| Front Page Top

#9 I mean, most breaches involve physical access obtained by people who are allowed inside the facilities.

Posted by Abu Uluque 2020-12-14 12:32|| 2020-12-14 12:32|| Front Page Top

#10 That is what I am thinking Abu. The main cert used to authenticate the malware was made 3/20 and inserted into the update/patch. That screams inside job. The weakest link in security is always the people.

Posted by DarthVader 2020-12-14 12:37|| 2020-12-14 12:37|| Front Page Top

#11 Future CNN Headline
(Humor)

Today, Rep. Adam Schiff (LSD-CA), the Chairman of the House Permanent Select Committee on Intelligence, sent a letter to AG Hillary Clinton strongly requesting she close the meaningless Dominion/DNC/China Special Council investigation that was appointed by Trump. Since all the files were burned up with a 747 crash into the evidence file storage location. Which prompted the former Special Council suddenly to hang himself after being shot stabbed and run-over on the SCOTUS steps at 2am.

AG Clinton was directed to use all available resources including the Media to look into the Trump / SolarWinds Orion / Russian connection.

Acting President K. Harris at the CHINA/IRAN/USSA summit agreed with this recommendation. "Stating that we must explore all means of convicting Trump before the 2024 Election roll around to avoid a repeat of Voters nearly actually picking their Congressional electors."

Posted by NN2N1 2020-12-14 13:13|| 2020-12-14 13:13|| Front Page Top

#12 Was on a call with CISA where they gave info. Top points if any administrative ranters need them:

Orion Platform software versions 2019.4 through 2020.2.1 HF 1

Full admin rights from these systems allowed attackers to move laterally through the network

APT is installed throughout the infected networks
Very widespread

If your network used the Orion version, reformat of all systems to be expected
Change administrator or service accounts that SolarWinds used

Assume breach if you don’t see the listed dlls in the blog post. Malicious actors have been known to clean up behind them.

Block all C&C IPs listed in blogpost

Posted by DarthVader 2020-12-14 16:39|| 2020-12-14 16:39|| Front Page Top

#13 "I wonder who is compromising our systems? China?"

No, you don't wonder, #1 John; I suspect you know, just like the rest of us.

I have no doubt the DemoncRats are involved, helping their masters. >:-(

Posted by Barbara 2020-12-14 19:03|| 2020-12-14 19:03|| Front Page Top

#14 Best way to tell if the Democrats are involved? See if the press buries this, and the House refuses to hold any hearings.

Posted by Deadeye Jaiting7534 2020-12-14 21:56|| 2020-12-14 21:56|| Front Page Top

22:17 Bangkok Billy
22:03 Deadeye Jaiting7534
21:56 Deadeye Jaiting7534
21:56 Glolung Protector of the Weak3901
21:47 Deadeye Jaiting7534
21:46 Fester Prince of the Antelope5376
21:43 Besoeker
21:41 Anomalous Sources
21:04 Ebbomoger Speaking for Boskone4589
21:00 trailing wife
20:42 Lemuel Stalin6118
19:54 Seeking Cure For Ignorance
19:48 Airandee
19:32 Zorba Bourbon3763
19:26 NoMoreBS
19:03 Barbara
19:01 Cesare
19:01 Blackbeard Barnsmell6454
18:39 Abu Uluque
18:35 rjschwarz
18:13 swksvolFF
18:11 Punky Oppressor of the Leprechauns7037
18:04 Angomosh Unusoling8987
18:02 3dc