SolarWinds hack

**ötzi** · 12-22-2020, 11:30 AM

It was probably Facebook.

**The Suit** · 12-22-2020, 11:49 AM

Originally Posted by ötzi

It was probably Facebook.

Nah. They write sloppy code.

**k2skier112** · 12-22-2020, 11:50 AM

Originally Posted by Skidog

Cause they've all been full of shit before? Remember trump collusion?

Sent from my Pixel 4a (5G) using TGR Forums mobile app

you mean the investigation that led to 26 indictments and 7 jail sentences, that nothingburger?

**schuss** · 12-22-2020, 11:51 AM

This was my favorite part, at one point their update server pw was solarwinds123
https://www.google.com/amp/s/mobile..../idINKBN28Q07P

**MontuckyFried** · 12-22-2020, 11:55 AM

Originally Posted by schuss

This was my favorite part, at one point their update server pw was solarwinds123
https://www.google.com/amp/s/mobile..../idINKBN28Q07P

https://youtu.be/a6iW-8xPw3k

Sent from my Pixel 3 using TGR Forums mobile app

**The Suit** · 12-22-2020, 11:57 AM

Originally Posted by schuss

This was my favorite part, at one point their update server pw was solarwinds123
https://www.google.com/amp/s/mobile..../idINKBN28Q07P

Leaked through a public GitHub repo. Doh!

To be fair, that probably wasn't the actual attack vector.

**Skidog** · 12-22-2020, 11:59 AM

Originally Posted by k2skier112

you mean the investigation that led to 26 indictments and 7 jail sentences, that nothingburger?

None tied to the man that prompted the investigation. It was always Trump directly colluded. I bet you believe the NSA has your best interests in mind too eh? You should have a chat with Snowden.

**schuss** · 12-22-2020, 12:07 PM

Originally Posted by Skidog

None tied to the man that prompted the investigation. It was always Trump directly colluded. I bet you believe the NSA has your best interests in mind too eh? You should have a chat with Snowden.

He was impeached and Mueller made it clear he could not indict, only the AG, who was a Trump lapdog.

**Dantheman** · 12-22-2020, 12:21 PM

Originally Posted by Skidog

None tied to the man that prompted the investigation. It was always Trump directly colluded. I bet you believe the NSA has your best interests in mind too eh? You should have a chat with Snowden.

So top Trump campaign officials didn't meet with Russian operatives at Trump Tower in 2016 to discuss the Russians providing dirt on Hilary Clinton, then didn't publicly lie about the reason for the meeting, and it wasn't later confirmed by the president's attorneys that President Trump himself drafted Don Jr.'s initial misleading statement? OK then.

If the Obama/Clinton/Biden campaigns had pulled that stunt right-wing media would be apoplectic.

Originally Posted by MontuckyFried

https://youtu.be/a6iW-8xPw3k

Man really did hack Trump’s Twitter account by guessing password, ‘maga2020!,’ Dutch prosecutors say
https://www.washingtonpost.com/world...password-hack/

**riser4** · 12-22-2020, 12:25 PM

Originally Posted by Skidog

None tied to the man that prompted the investigation. It was always Trump directly colluded. I bet you believe the NSA has your best interests in mind too eh? You should have a chat with Snowden.

Fuck off.

**My Pet Powder Goat** · 12-22-2020, 12:38 PM

Bet you thought the meeting in trump tower was actually about russian adoption too, huh?

You've been infected by right wing talking points. slam your dick in a door a couple of times and turn off Fox News, or RT, or whatever other sespool you've been dabbling in

Sent from my SM-N986U using TGR Forums mobile app

**riser4** · 12-22-2020, 12:42 PM

Originally Posted by My Pet Powder Goat

Bet you thought the meeting in trump tower was actually about adoption too, huh?

You've been infected by right wing talking points slam your dick in a door a couple times and shut off Fox News, or RT, or whatever other sespool you've been dabbling in

Sent from my SM-N986U using TGR Forums mobile app

Heh. Slam your dick. Heh. That was one of the funnier running gags in Weeds. Kevin Nealon rocks.

**heckacali** · 12-22-2020, 01:36 PM

Do you really need to even 'slam' the door?

**RShea** · 12-22-2020, 01:55 PM

For those not in the business Solarwinds was a company that grew by mergers and actually over their years:
Neon Software and ipMonitor Corp in 2007
Kiwi Enterprises in 2009
Hyper9 Inc and TriGeo in 2011
EminentWare and RhinoSoft in 2012
N'Able Technologies and Confio Software in 2013.

Between 2014 and 2015, the company acquired and a monitoring company Librato and company called Papertrail

Between 2016 and 2020, SolarWinds had Capzure Technology (an MSP Manager software to N-able which SolarWinds had previously acquired), LogicNow (a remote monitoring software company), SpamExperts (an email security company), Loggly (a log management and analytics company), Trusted Metrics (a provider of threat monitoring and management software),[ Samanage (a service desk and IT asset management provider), VividCortex (a database performance monitor), and SentryOne (a provider of database performance monitoring)

They have products in the monitoring, remote access and management, and tools for many different IT and Network management and monitoring functions. Yet, they had a password exposed on a general web site (Github), were notified of that a year before the announcement of the software breach and did not increase their password security.

On December 15, 2020, SolarWinds reported the breach to the Securities and Exchange Commission. However, SolarWinds continued to distribute malware-infected updates, and did not immediately revoke the compromised digital certificate used to sign them.
SolarWinds's share price fell 25% in the days following the breach. Insiders at the company traded $280 million in stock after the attack was revealed internally but prior to it being announced to the public. A spokesperson said that those who sold the stock were not aware of the breach.

Probably time for some investigations and possible criminal charges if the investigations substantiate some of the above moves and lack of action on the warnings of security issues.

**Buster Highmen** · 12-22-2020, 09:57 PM

Originally Posted by The Suit

My interpretation from what I've read is that the hackers got access to a SolarWinds source code repository and inserted their own obfuscated code.

edit to add: SunBurst: the next level of stealth

Wow, that's dirty. Hacked at source level. Adding the interface months before the implementation, that shows some planning. Obfuscating resource strings, very clever.

**RShea** · 12-22-2020, 10:11 PM

Originally Posted by Buster Highmen

Wow, that's dirty. Hacked at source level. Adding the interface months before the implementation, that shows some planning. Obfuscating resource strings, very clever.

Yes, inserted their code and then it was included as part of the new releases including the trust certificates thinking that there was no issues with the changes.

**The Suit** · 12-22-2020, 10:25 PM

They studied the SolarWinds coding style and then copied it so their code wouldn't stick out. I wish my new hires would do that.

**MTT** · 12-23-2020, 12:24 AM

Your never going to get the real story.

So long as our own government insist on have access to eveyones everything and software/ hardware companies accommodate them. Nothing is secure. The access is so overly used that half the planet has knowledge of and access to the holes and the tools.
I think you only hear of a very small percentage of the breaches sabatage ECT. That takes place.

**Skidog** · 12-23-2020, 05:29 AM

Originally Posted by My Pet Powder Goat

Bet you thought the meeting in trump tower was actually about russian adoption too, huh?

You've been infected by right wing talking points. slam your dick in a door a couple of times and turn off Fox News, or RT, or whatever other sespool you've been dabbling in

Sent from my SM-N986U using TGR Forums mobile app

Never watched fox and he was acquitted..guess you all forgot the actual outcome. I know many don't like that here but it's reality.

Sent from my Pixel 4a (5G) using TGR Forums mobile app

**Skidog** · 12-23-2020, 05:31 AM

Originally Posted by Buster Highmen

Wow, that's dirty. Hacked at source level. Adding the interface months before the implementation, that shows some planning. Obfuscating resource strings, very clever.

I say inside job. Maybe an ex dev..I mean we are talking about like 9 months of access. I doubt they were able to reverse engineer all that code and find one specific dll to change. Hell could even be the NSA. Wouldn't put it past them.

Sent from my Pixel 4a (5G) using TGR Forums mobile app

**schuss** · 12-23-2020, 08:50 AM

Originally Posted by Skidog

Never watched fox and he was acquitted..guess you all forgot the actual outcome. I know many don't like that here but it's reality.

Sent from my Pixel 4a (5G) using TGR Forums mobile app

LOL, as if the Republican side of that vote wasn't pure party hackery. He was impeached, the Senate chose not to remove, but even Romney voted to remove.

**ötzi** · 12-23-2020, 08:56 AM

"but he was acquitted!" pfft.

That Sunburst article The Suit linked is kind of amazing to me. The amount of work they did tracking that all down, and the speed with which they did it, is just crazy. I can't even imagine.

**Buster Highmen** · 12-23-2020, 10:23 AM

Originally Posted by The Suit

They studied the SolarWinds coding style and then copied it so their code wouldn't stick out. I wish my new hires would do that.

I worked for a well known Japanese gaming company recently, where the code style/format standards were beyond anything I'd ever seen.
I got bitched at multiple times for leaving a space character at the end of a line.

Assuming that the hackers had access to the code, it's not that inconceivable that they mimicked the coding style and leveraged existing code. All it takes is determination.

Encoding the resource strings is something the original source code should have done and protected access to those keys.

NSA ? As delusional as ignoring Manafort.