Will America Confront the Kremlin Over SolarWinds' Latest Massive Phishing Attack? (apnews.com) 64
In the latest SolarWinds mass-phishing attack, "The highest percentage of emails went to the United States, but [incident response firm] Volexity also saw a significant number of victims in Europe..." according to Security Week.
In an article shared by Slashdot reader wiredmikey, they note that the attackers apparently compromised the Constant Contact account of USAID, an independent agency of the United States federal government that is primarily responsible for administering civilian foreign aid and development assistance — and then impersonated it in emails "to roughly 3,000 accounts across over 150 organizations in 24 countries."
So what happens next?
The Associated Press reports: The White House says it believes U.S. government agencies largely fended off the latest cyberespionage onslaught blamed on Russian intelligence operatives, saying the spear-phishing campaign should not further damage relations with Moscow ahead of next month's planned presidential summit. Officials downplayed the cyber assault as "basic phishing" in which hackers used malware-laden emails to target the computer systems of U.S. and foreign government agencies, think tanks and humanitarian groups.
Microsoft, which disclosed the effort late Thursday, said it believed most of the emails were blocked by automated systems that marked them as spam. As of Friday afternoon, the company said it was "not seeing evidence of any significant number of compromised organizations at this time."
Even so, the revelation of a new spy campaign so close to the June 16 summit between President Joe Biden and Russian counterpart Vladimir Putin adds to the urgency of White House efforts to confront the Kremlin over aggressive cyber activity that criminal indictments and diplomatic sanctions have done little to deter. "I don't think it'll create a new point of tension because the point of tension is already so big," said James Lewis, a senior vice president at the Center for Strategic and International Studies. "This clearly has to be on the summit agenda. The president has to lay down some markers" to make clear "that the days when you people could do whatever you want are over."
There's a famous story about Vladimir Putin meeting Joe Biden back in 2011. A decade earlier former U.S. president George W. Bush had said when he'd looked Putin in the eye, "I was able to get a sense of his soul." But as Biden tells it, when he'd met Putin (who was then Russia Prime Minister), "I said, 'Mr. Prime Minister, I'm looking into your eyes, and I don't think you have a soul.'"
"He looked back at me, and he smiled, and he said, 'We understand one another.'"
In an article shared by Slashdot reader wiredmikey, they note that the attackers apparently compromised the Constant Contact account of USAID, an independent agency of the United States federal government that is primarily responsible for administering civilian foreign aid and development assistance — and then impersonated it in emails "to roughly 3,000 accounts across over 150 organizations in 24 countries."
So what happens next?
The Associated Press reports: The White House says it believes U.S. government agencies largely fended off the latest cyberespionage onslaught blamed on Russian intelligence operatives, saying the spear-phishing campaign should not further damage relations with Moscow ahead of next month's planned presidential summit. Officials downplayed the cyber assault as "basic phishing" in which hackers used malware-laden emails to target the computer systems of U.S. and foreign government agencies, think tanks and humanitarian groups.
Microsoft, which disclosed the effort late Thursday, said it believed most of the emails were blocked by automated systems that marked them as spam. As of Friday afternoon, the company said it was "not seeing evidence of any significant number of compromised organizations at this time."
Even so, the revelation of a new spy campaign so close to the June 16 summit between President Joe Biden and Russian counterpart Vladimir Putin adds to the urgency of White House efforts to confront the Kremlin over aggressive cyber activity that criminal indictments and diplomatic sanctions have done little to deter. "I don't think it'll create a new point of tension because the point of tension is already so big," said James Lewis, a senior vice president at the Center for Strategic and International Studies. "This clearly has to be on the summit agenda. The president has to lay down some markers" to make clear "that the days when you people could do whatever you want are over."
There's a famous story about Vladimir Putin meeting Joe Biden back in 2011. A decade earlier former U.S. president George W. Bush had said when he'd looked Putin in the eye, "I was able to get a sense of his soul." But as Biden tells it, when he'd met Putin (who was then Russia Prime Minister), "I said, 'Mr. Prime Minister, I'm looking into your eyes, and I don't think you have a soul.'"
"He looked back at me, and he smiled, and he said, 'We understand one another.'"
Betteridge's Law says it all (Score:4, Insightful)
Re:Betteridge's Law says it all (Score:5, Funny)
Nothing to add, really.
If I add a wiki link to Betteridge's Law [wikipedia.org] will I get the karma I so dearly crave?
Re:Betteridge's Law says it all (Score:5, Funny)
Re: Betteridge's Law says it all (Score:2)
Penetration testing (Score:2)
Re: (Score:1)
Re: (Score:2, Offtopic)
Almost every faith has some sort of undead that sucks something from the living to sustain itself.
Re: (Score:1)
Re: (Score:2)
Are you sure it's outside of canon? Judaism, Christianity, and Muslims have the "Alukah" a blood-lusting monster, in their older documents. The Wikipedia article is at https://en.wikipedia.org/wiki/... [wikipedia.org] . It's not a huge part of their mythology, but it's there. It's quite common in other mythologies as well, though the details, such as fleeing crosses and turning into bats and being consumed by sunlight may not match.
Re: (Score:2)
Re: (Score:2)
Did "Father Pete" talk about all the different types of angels? Or discuss Lilith, Adam's first wife? Or go in detail through the dietary laws and slavery laws? All of this is "canon", it's in the original scripture and in occasional theological analysis by the various churches. But like Superman spanking Lois Lane in issue 15 of Lois Lane comics, it is a bit obscure.
Re: (Score:2)
Re: Souls? (Score:1)
It's actually absurd the number of people who believe in an immutable self. Simply ask them if there is anything they cannot change about themselves. If they say yes, then they believe in an immutable self. Note soul and immutable self are synonymous.
No (Score:2)
IF the USA actually signed their messages... (Score:3)
if the USA gov mandated use of DNSSEC and DANE then I would have more sympathy
frankly, they don't so anyone can MITM (Monster in the Middle)
Europeans do, maybe they could improve things and you could as well...
https://github.com/baknu/DANE-for-SMTP/wiki/4.-Adoption-statistics [github.com]
Russia? (Score:1)
Re: (Score:1)
Wait, why do you think that Biden the zombie will have different tastes than current Biden?
Everyone who ever watched clips of the man knows that he has a thing for hair of young maidens, not brains.
Re:Why would they? (Score:5, Interesting)
Victims of hacking attacks will often try to attribute the attack to state sponsored attackers, because blaming a supposedly well funded intelligence agency is less embarrassing than admitting you got owned by a 15 year old script kiddie operating from his parents basement.
If an attack appears to come from china or russia etc, that's usually because there are lots of easily compromised systems there which run pirated windows versions with no updates. The actual attacker could be anywhere, and is simply relaying their attack through far away compromised hosts to mask their true identity.
Re: (Score:3)
Exactly. If you can create the illusion that you were attacked by some "all-powerful" enemy, you look less pathetic than you are and you may even get sympathy instead of being rightfully seen as a fuck-up.
As to origin-attribution: Every expert knows that one is exceptionally difficult, and using other hacked systems to obscure the real origin of an attack is as old as hacking itself is. For example, 15 years back or so, I analyzed an attack on my university seemingly coming from Russia. Tuns out that a day
Re: (Score:1)
What's interesting to me is the first paragraph is correct and clearly marks you as someone who knows the truth. This is interesting because it shows exposes the obvious falsehood of the second paragraph as being something you were paid to write rather than terminally stupid error of moral judgement.
Re: (Score:2)
Re: Why would they? (Score:2)
The belief is that the state allows them to roam free.
Re: (Score:2)
Unlikely. The state may mostly look away or not invest too much effort into looking, but "allow" is something else entirely. If some US hacker attacks infrastructure elsewhere in the world and the FBI only cares if it gets asked for help from the country where the attack happened, is the FBI "allowing" that hacker to do as they please? Surely not.
World War III (Score:3)
Yeah, let's start World War 3 .. no big deal right? What could possibly go wrong? I mean we handled the pandemic just fine .. how bad can a nuclear war be?
Re: (Score:3)
Nukem til they glow and shootem in the dark!
Re: (Score:3)
How do you define the word "start"?
Re: (Score:3)
I think the trouble is that for the last 20-years Putin has been acting as if the cold war has been ongoing with spying, cyber attacks on civil & public targets, assassinations, etc.
Unfortunately we have not responded in kind (that we know of) with reprisals on their network targets, but more importantly with broader economic sanctions (currently we only sanction some Russian officials and oligarchs) or embargos.
Re: (Score:3)
This hot take is dumb. The US spent $15 billion on the CIA last year. Russia's entire defense budget was only $40 billion USD. So, unless you think Russia is spending over a third of its defense budget on spies, the numbers don't add up in a way that is compatible with your world view.
Re: (Score:2)
1. PPP - a dollar goes a longer way in russia than in the us, could well be an order of magnitude
2. us official numbers are more trusted than russian ones
3. asymmetric warfare: creating havoc, division and attacks is way less work than defending from the same, see the hundreds of breaches reported all the time
So i think your nominal dollar offense to nominal dollar defense is the dumb thing.
Also, no country is threatening russia, while, for better or worse, the us maintains a role of global police, so all t
Not just Putin (Score:2)
Don't forget the US/Israel attacks on Iranian centrifuges. Intended to cause permanent physical damage.
If you condemn one country's hackattacks, you condemn every country's.
Re: (Score:2)
Why? It is in Iran’s constitution to destroy Israel, and Iran is already exercising active warfare through its proxies, and esp. with its nuke program, poses a clear existential threat to Israel. So, yes, the measure is the same, I think cyberattacks are attacks, and cyberwarfare is warfare. Yet an attack or war activity isn’t identical to all other attacks or war activities. Surely, the US going to war against the Nazis was a good thing. I think that preventing Iran from having nukes and destab
Re: (Score:3)
Funniest part is that this is the war that Russians are far more likely to win. They have a larger country by surface (more chance to have survivable areas after fallout), far lower population density (strikes are less efficient) and they have more nukes than US.
Sure, it's going to be Metro Exodus level of survival, but that's still slightly better than Metro 2033 that is going to what US will look like.
Re: (Score:1)
Will Americans Confront Their Government ... (Score:1)
... over rank incompetence?
Hey, give us 40% of your wages OR ELSE and we'll put critical infrastructure online, unprotected, and not train the workers. Oh, yeah, and Microsoft Windows everywhere. No room in a $6T budget to create a secure desktop when corporate welfare is at stake.
Pro-tip: see if the NSA is on the affected agencies list.
Re: (Score:3)
Ah, the usual post-modern drivel attempting to pass itself off as insightful. Obviously it is all one giant conspiracy all designed to take your money, inflict Windoze on us, put critical infrastructure on line, and keep the NSA off the affected agencies because they are clearly behind it all.
Anyone can generate the same kind of analysis by a mere light reading of news sites and pulling items randomly and out of context, and then connecting them together with sentences. You must be very proud of your abilit
Needs to acknowledge our own activity (Score:3)
Confront China over Fentanyl (Score:3)
How many people have died from the SW hack? Fentanyl kills tens of thousands in the US every year. This is war that the US fails to acknowledge.
But as Biden tells it ... (Score:1, Offtopic)
But as Biden tells it, when he'd met Putin (who was then Russia Prime Minister), "I said, 'Mr. Prime Minister, I'm looking into your eyes, and I don't think you have a soul.'"
But as Biden tells it ... the steely toughness he developed working as a coal miner served him well, as he stared Putin down, lol
I'm not an expert (Score:2)
lunch money (Score:2)
Hey, you can't take my lunch money! Give it back!
Would "Traitor Joe" ever confront a foreign power? (Score:1)
Re: (Score:2)
Well Moscow Mitch and Donald Fuck would never
confront their paymaster: Czar Putin.
Re: (Score:1)
Well Moscow Mitch and Donald Fuck would never confront their paymaster: Czar Putin.
Typical Democrat response. Insult those who disagree with you. What I said is true and what you said is merely an insult.
What do you think? (Score:1)
Here's a Way to Fight Back (Score:2)
This is a lot like Privateers in the 17th and 18th centuries. How about giving a presidential pardon and citizenship so anyone who can prove they stole at least $1 million from Vladimir Putin?
I started a petition to that effect here: Petition
Maybe he will pay attention :-)