Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Government EU Security United States

Will America Confront the Kremlin Over SolarWinds' Latest Massive Phishing Attack? (apnews.com) 64

In the latest SolarWinds mass-phishing attack, "The highest percentage of emails went to the United States, but [incident response firm] Volexity also saw a significant number of victims in Europe..." according to Security Week.

In an article shared by Slashdot reader wiredmikey, they note that the attackers apparently compromised the Constant Contact account of USAID, an independent agency of the United States federal government that is primarily responsible for administering civilian foreign aid and development assistance — and then impersonated it in emails "to roughly 3,000 accounts across over 150 organizations in 24 countries."

So what happens next?

The Associated Press reports: The White House says it believes U.S. government agencies largely fended off the latest cyberespionage onslaught blamed on Russian intelligence operatives, saying the spear-phishing campaign should not further damage relations with Moscow ahead of next month's planned presidential summit. Officials downplayed the cyber assault as "basic phishing" in which hackers used malware-laden emails to target the computer systems of U.S. and foreign government agencies, think tanks and humanitarian groups.

Microsoft, which disclosed the effort late Thursday, said it believed most of the emails were blocked by automated systems that marked them as spam. As of Friday afternoon, the company said it was "not seeing evidence of any significant number of compromised organizations at this time."

Even so, the revelation of a new spy campaign so close to the June 16 summit between President Joe Biden and Russian counterpart Vladimir Putin adds to the urgency of White House efforts to confront the Kremlin over aggressive cyber activity that criminal indictments and diplomatic sanctions have done little to deter. "I don't think it'll create a new point of tension because the point of tension is already so big," said James Lewis, a senior vice president at the Center for Strategic and International Studies. "This clearly has to be on the summit agenda. The president has to lay down some markers" to make clear "that the days when you people could do whatever you want are over."

There's a famous story about Vladimir Putin meeting Joe Biden back in 2011. A decade earlier former U.S. president George W. Bush had said when he'd looked Putin in the eye, "I was able to get a sense of his soul." But as Biden tells it, when he'd met Putin (who was then Russia Prime Minister), "I said, 'Mr. Prime Minister, I'm looking into your eyes, and I don't think you have a soul.'"

"He looked back at me, and he smiled, and he said, 'We understand one another.'"
This discussion has been archived. No new comments can be posted.

Will America Confront the Kremlin Over SolarWinds' Latest Massive Phishing Attack?

Comments Filter:
  • by Snard ( 61584 ) <<moc.liamg> <ta> <kulawahs.ekim>> on Sunday May 30, 2021 @08:40PM (#61438370) Homepage
    Nothing to add, really.
  • Succinctly put.
  • if the USA gov mandated use of DNSSEC and DANE then I would have more sympathy

    frankly, they don't so anyone can MITM (Monster in the Middle)

    Europeans do, maybe they could improve things and you could as well...

    https://github.com/baknu/DANE-for-SMTP/wiki/4.-Adoption-statistics [github.com]

  • Traffic tends to point towards China.
  • by backslashdot ( 95548 ) on Sunday May 30, 2021 @09:25PM (#61438444)

    Yeah, let's start World War 3 .. no big deal right? What could possibly go wrong? I mean we handled the pandemic just fine .. how bad can a nuclear war be?

    • Nukem til they glow and shootem in the dark!

    • How do you define the word "start"?

    • by Luthair ( 847766 )

      I think the trouble is that for the last 20-years Putin has been acting as if the cold war has been ongoing with spying, cyber attacks on civil & public targets, assassinations, etc.

      Unfortunately we have not responded in kind (that we know of) with reprisals on their network targets, but more importantly with broader economic sanctions (currently we only sanction some Russian officials and oligarchs) or embargos.

      • This hot take is dumb. The US spent $15 billion on the CIA last year. Russia's entire defense budget was only $40 billion USD. So, unless you think Russia is spending over a third of its defense budget on spies, the numbers don't add up in a way that is compatible with your world view.

        • by robi5 ( 1261542 )

          1. PPP - a dollar goes a longer way in russia than in the us, could well be an order of magnitude
          2. us official numbers are more trusted than russian ones
          3. asymmetric warfare: creating havoc, division and attacks is way less work than defending from the same, see the hundreds of breaches reported all the time

          So i think your nominal dollar offense to nominal dollar defense is the dumb thing.

          Also, no country is threatening russia, while, for better or worse, the us maintains a role of global police, so all t

      • Don't forget the US/Israel attacks on Iranian centrifuges. Intended to cause permanent physical damage.

        If you condemn one country's hackattacks, you condemn every country's.

        • by robi5 ( 1261542 )

          Why? It is in Iran’s constitution to destroy Israel, and Iran is already exercising active warfare through its proxies, and esp. with its nuke program, poses a clear existential threat to Israel. So, yes, the measure is the same, I think cyberattacks are attacks, and cyberwarfare is warfare. Yet an attack or war activity isn’t identical to all other attacks or war activities. Surely, the US going to war against the Nazis was a good thing. I think that preventing Iran from having nukes and destab

    • by Luckyo ( 1726890 )

      Funniest part is that this is the war that Russians are far more likely to win. They have a larger country by surface (more chance to have survivable areas after fallout), far lower population density (strikes are less efficient) and they have more nukes than US.

      Sure, it's going to be Metro Exodus level of survival, but that's still slightly better than Metro 2033 that is going to what US will look like.

    • I prefer World War Free. Just saying..
  • ... over rank incompetence?

    Hey, give us 40% of your wages OR ELSE and we'll put critical infrastructure online, unprotected, and not train the workers. Oh, yeah, and Microsoft Windows everywhere. No room in a $6T budget to create a secure desktop when corporate welfare is at stake.

    Pro-tip: see if the NSA is on the affected agencies list.

    • by gtall ( 79522 )

      Ah, the usual post-modern drivel attempting to pass itself off as insightful. Obviously it is all one giant conspiracy all designed to take your money, inflict Windoze on us, put critical infrastructure on line, and keep the NSA off the affected agencies because they are clearly behind it all.

      Anyone can generate the same kind of analysis by a mere light reading of news sites and pulling items randomly and out of context, and then connecting them together with sentences. You must be very proud of your abilit

  • by cjonslashdot ( 904508 ) on Monday May 31, 2021 @07:52AM (#61439312)
    I hope so, but it needs to be a discussion about the activities of our respective governments. The US Cyber Command is not there for no reason. And it goes way back - even before the Internet we have been interfering in other governments. E.g., Operation Ajax in 1952, undertaken by MI6 and the CIA, arranged for a purportedly "domestic" revolt against the newly elected government of Iran. This is all part of the global struggle for dominance. So it is not an issue of the US being a victim: it is an issue of creating trust between the leaders of the US, Russia,, and China, and agreeing mutually to scale back this stuff.
  • by schwit1 ( 797399 ) on Monday May 31, 2021 @10:01AM (#61439626)

    How many people have died from the SW hack? Fentanyl kills tens of thousands in the US every year. This is war that the US fails to acknowledge.

  • But as Biden tells it, when he'd met Putin (who was then Russia Prime Minister), "I said, 'Mr. Prime Minister, I'm looking into your eyes, and I don't think you have a soul.'"

    But as Biden tells it ... the steely toughness he developed working as a coal miner served him well, as he stared Putin down, lol

  • but I do know that poking the bear has ramifications. Some ramifications are worth the poking and some are not. It's easy to spout opinions from our couches, but I would hope that the security and political experts would know when it is best to do that. Not to mention who knows what has already been said to them behind closed doors. Not every confrontation occurs in in front of the public eye.
  • Hey, you can't take my lunch money! Give it back!

  • Biden is only interested in enriching himself and his family, so he might say some words that he's doing something, but he has never done much of anything in the past except sell influence.
    • Well Moscow Mitch and Donald Fuck would never
      confront their paymaster: Czar Putin.

      • Well Moscow Mitch and Donald Fuck would never confront their paymaster: Czar Putin.

        Typical Democrat response. Insult those who disagree with you. What I said is true and what you said is merely an insult.

  • I sincerely doubt it. However these attacks do remind us that corporate accounting departments are reluctant to spend money on upgrading security rather than paying ransoms. What I wonder is whether we have the guts to retaliate in kind to all of these attacks. That means disabling Russia's infrastructure and spreading viruses in China. I think all major countries have bioweapons labs and hacking experts which we did use against Iran. This is the new battlefield and it is so much easier and cheaper tha
  • This is a lot like Privateers in the 17th and 18th centuries. How about giving a presidential pardon and citizenship so anyone who can prove they stole at least $1 million from Vladimir Putin?

    I started a petition to that effect here: Petition

    Maybe he will pay attention :-)

No man is an island if he's on at least one mailing list.

Working...