ancianita
ancianita's JournalAbout That Biggest Data Breach In U.S. History Discovered Back in December 2020
Notes here are from links below. I hope they make sense of this BFD.
What
-- U.S. Treasury Department ...
-- National Telecommunications and Information Administration (NTIA),
-- part of the U.S. Department of Commerce.[42] In the following days, more departments and private organizations reported breaches.
The cyberattack that led to the breaches began no later than March 2020. The attackers exploited software or credentials from at least three U.S. firms: Microsoft, SolarWinds, and VMware. A supply chain attack on Microsoft cloud services provided one way for the attackers to breach their victims, ... A supply chain attack on SolarWinds's Orion software, widely used in government [see Krebs on Security below] and industry ...
Flaws in Microsoft and VMware products allowed the attackers to access emails and other documents, and to perform federated authentication across victim resources via single sign-on infrastructure.
The government breach through the software Solar Winds...
SolarWinds said of its 300,000 customers, 33,000 use Orion.
Of these, around 18,000 government and private users downloaded compromised versions.
... Compromised versions were known to have been downloaded by the Centers for Disease Control and Prevention, the Justice Department, and some utility companies...
Impact
...future uses could include attacks on hard targets like the CIA and NSA,[how?] or using blackmail to recruit spies.
Cyberconflict professor Thomas Rid said the stolen data would have myriad uses. He added that
... if printed would form a stack far taller than the Washington Monument.
In addition to the theft of data, the attack caused costly inconvenience to tens of thousands of SolarWinds customers, who had to
-- check whether they had been breached ...
-- take systems offline and
-- begin months-long decontamination procedures as a precaution.
...it appeared that the attackers had deleted or altered records, and may have modified network or system settings in ways that could require manual review.
Former Homeland Security Advisor Thomas P. Bossert warned that it could take years to evict the attackers from US networks, leaving them able to continue to monitor, destroy or tamper with data in the meantime.
Harvard's Bruce Schneier, and NYU's Pano Yannakogeorgos, founding dean of the Air Force Cyber College, said that affected networks may need to be replaced completely.
Through a manipulation of software keys, Russian hackers were able to access the email systems used by the Treasury Department's highest-ranking officials. This system, although unclassified, is highly sensitive because of the Treasury Department's role in making decisions that move the market, as well as decisions on economic sanctions and interactions with the Federal Reserve.
U.S. Senator Richard J. Durbin described the cyberattack as tantamount to a declaration of war. President Donald Trump was silent for days after the attack, before suggesting that China, not Russia, might have been responsible for it, and that "everything is well under control".
Response -- a brief timeline
SolarWinds unpublished its featured customer list after the hack, although as of December 15, cybersecurity firm GreyNoise Intelligence said SolarWinds had not removed the infected software updates from its distribution server.
Around January 5, 2021, SolarWinds investors filed a class action lawsuit against the company in relation to its security failures and subsequent fall in share price.
Soon after, SolarWinds hired a new cybersecurity firm co-founded by Krebs.
The Linux Foundation pointed out that if Orion had been open source, users would have been able to audit it, including via reproducible builds, making it much more likely that the malware payload would have been spotted.
The Administrative Office of the United States Courts initiated an audit, with DHS, of the U.S. Judiciary's Case Management/Electronic Case Files (CM/ECF) system, then stopped accepting highly sensitive court documents to the CM/ECF, requiring those documents only in paper form or on airgapped devices.
The above notes are from this link, which contains charts of who was hit, and what the government and private sector response has been.
https://en.wikipedia.org/wiki/2020_United_States_federal_government_data_breach#Investigations_and_responses
My oldest son, who works for Palo Alto Securities, also hit, has said nothing.
I've always believed that this government's commitment to Microsoft's PC OS was unwise, made its data building no more solid than swiss cheese. I've always held that this government would do well to completely change its database networks to Apple -- or at least diversify its networks to include Apple.
No amount of replacement cost would be greater than the losses this nation has already suffered, in keeping its own developed information, in operational strength of our electrical grids, in enforcing rule of law through its justice system, in attacks on covid health care information and treatment systems. On one level, we've been laid wasted as a government and as a people. No, Apple's Mac OS is not a panacea, but a diversification that, in the long run, could just save the US from further hacks and theft, if not attacks. Just my opinion.
Notes from Slashdot:
... The report notes that Administrative Office (AO) of the U.S. Courts' document system "may contain highly sensitive information, including intellectual property and trade secrets, or even the identities of confidential informants...
..."the system is full of sensitive sealed filings -- such as subpoenas for email records and so-called 'trap and trace' requests that law enforcement officials use to determine with whom a suspect is communicating via phone, when and for how long...
https://yro.slashdot.org/story/21/01/08/0348247/sealed-us-court-records-exposed-in-solarwinds-breach
https://yro.slashdot.org/submission/13047042/sealed-us-court-records-exposed-in-solarwinds-breach?sdsrc=rel
notes from Chris Krebs' site
https://krebsonsecurity.com/2021/01/sealed-u-s-court-records-exposed-in-solarwinds-breach/
Final thoughts
Who would benefit from knowing what's in all those sealed docs but pendejo45.
Who could then, do his party 'a favor, though,' and from McCarthy to Brooks -- who now thinks he will get off long enough to win a senate seat in 2022 -- bend them to his goals, to a man.
The American public needs to know about this greatest breach in US history, who did it, who benefits and what Congress, the DOJ, Homeland, and the President (lookin' at his 3-letter agencies) are going to do about it.
Americans need to realize the depths of influence that go beyond
personal party politics, what influence this has had on congressional "bipartisan" politics and
the climate of Congress.
Americans should know that its very existence darkens any media fomenting of doubt and division about Democrats' ability to undo the damage of the last five years.
Trump In The Crosshairs by Jane Mayer
A clarifying examination of the history of Cy Vance, Jr., the Trump investigation and rule of law as the foundation of democracy.I highly recommend it. It's classic in-the-weeds Jane Mayer -- long and well worth the read.
Vances office could well be the only operable brake on Trumps remarkable record of impunity. He has survived two impeachments, the investigation by the special counsel Robert Mueller, half a dozen bankruptcies, twenty-six accusations of sexual misconduct, and an estimated four thousand lawsuits. And his successor, President Joe Biden, so far seems to prefer that the Department of Justice simply turn the page...
As a result, the contest between Vance and Trump is about much more than a financial investigation. Its a stress test of the American justice system. George Conway, a lawyer and a Trump critic, who is married to the former Presidents adviser Kellyanne Conway, said, Trump is a man who has gotten away with everything his entire life. Hes an affront to the rule of law, and to all law-abiding citizens. In office, Trump often treated the law as a political weapon, using the Justice Department as a tool for targeting enemies. Now he is pitted against a D.A. who regards the law as the politically blind foundation of democracy. As Conway put it, For Trump, the law is a cudgel. For Vance, its what holds us together as a civilization. And thats why people who thumb their noses at it have to be prosecuted. If they arent, youre taking a big step toward a world where that is acceptable....
As Vance faces an adversary whose character is in many ways the opposite of his own, some of his perceived weaknesses may become strengths. Trump has accused prosecutors investigating him of waging a political vendetta. After the Supreme Court upheld Vances tax-records subpoena, Trump denounced the probe as a continuation of the greatest political Witch Hunt in the history of our Country, and claimed that it was all Democrat-inspired in a totally Democrat location, New York City and State. Given Vances sober, methodical reputation, such attacks may fall flat. We dont operate politically, he told me. He mentioned that, whenever he goes to his office, he walks past the hulking courthouse complex at 60 Centre Street. Theres a stone inscription over this huge building. It says, The true administration of justice is the firmest pillar of good government. The quote, he noted, is attributed to George Washington. When you have all the power we have as prosecutors, it cant be levelled against people for political purposes. Weve prosecuted Republicans and Democrats, and weve investigated and not prosecuted Republicans and Democrats. Its got to be based on the facts.....
https://www.newyorker.com/magazine/2021/03/22/can-cyrus-vance-jr-nail-trump
Jen Psaki WH Press Conference March 22 2021
Celtic is on the move with the Help Is Here tour.
Robert Reich On What Dead Soul Cruz is Up To
Don't recall if this AP info might have been posted here last week, but thought we should keep this in mind when considering anything short of ending the filibuster which, as far as I know, can be reinstated anytime, say, near the end of this congressional session. In the meantime, polled bipartisan public support can get us to 51 votes on a number of bills.
The fact that Cruz is mobilizing against S1 shows that this is their hill to die on.
The choice is either allowing Republicans to enact an avalanche of state laws restricting voting rights, or passing the We The People Act, which would preempt all this (but has to get through the Senate filibuster).
According to the Associated Press, on an invitation-only call last week, Sen. Ted Cruz huddled with Republican state lawmakers to encourage them to escalate their movement against voting rights claiming Democrats are trying to expand voting rights to illegal aliens and child molesters, and that if they get the We the People Act through the Senate, the GOP wont win elections again for generations.
Asked if there was room to compromise, Cruz was blunt: No.
He added: H.R. 1′s only objective is to ensure that Democrats can never again lose another election, that they will win and maintain control of the House of Representatives and the Senate and of the state legislatures for the next century, Cruz said told the group organized by the American Legislative Exchange Council, a corporate-backed, conservative group that provides model legislation to state legislators.
For Republicans, voting restrictions are now viewed as a political life-or-death debate -- and the fight has all-but eclipsed traditional Republican issues like abortion, gun rights and tax cuts as an organizing tool.
Which gives added urgency to getting the We the People Act through the Senate and quickly. Any Democratic senator still supporting the filibuster is in reality supporting the Republican assault on voting rights.
Ari Melber's Special Report On The Pandemic Generation
Start 12:55"...Isolation, depression, anxiety, mental health crises, courtesy of a college experience stripped almost entirely of campus life, tradition and structure, on top of a pandemic..."
Please Consider: If We Want An Informed Citizenry, We'd Better Fix Broadband. It Sucks.
The U.S. is only #43 in the world in broadband access, use and speed, overall. Even most people with broadband access don't know that or don't pay attention to that.
We have thousands of ISP's in the U.S. but unlike people of other countries, ours don't get to choose which one serves them, or if they get broadband at all.
For lots of reasons, this sucky information infrastructure is still the general outcome of two generations of austerity economics hype, from boardroom to Congress to statehouses.
When at least 20 states hover at 70% broadband access, and most people with two minimum wage jobs can't afford even cheap levels of broadband that exist, while the more affordable talk radio and Fox fill the void with disinformation, who does that benefit?
Not us Democrats, and not the country that calls itself a democratic republic.
Now we face backward senators from those states who benefit, whose seats are relatively safe because of their citizens' lack of information access and affordability. They like to pretend it's because their citizens chose their politics. It their citizens had more information access, these senators would likely face serious voter pressure to do their jobs for their voters.
Our view about Americans' so-called American "anti" ignorance should be tempered by these facts and not the most common view that their information world is their choice. By significant numbers, it's not. All they know is what media that fill the broadband void tell them.
Not cool. Not good for the country.
Partly because our broadband sucks, so might our bipartisan citizens' lack of influence on their representatives. And who knows -- citizen bipartisanship might then pressure their so-called reps to be more bipartisan.
Thankfully, the American Rescue Plan put aside around $7-8 billion for broadband improvement. We might also keep up with who applies for and gets that money, along with who monitors its spending.
While the fund can be used for everything from mortgage relief to flood insurance, it can also be used for "internet service, including broadband internet access service."
https://www.nexttv.com/news/broadband-billions-to-flow-from-just-passed-american-rescue-plan
People can niggle about rankings (mapped below), but the overall attitude should be that our infrastructure sucks and doesn't have to. That we need to check our statehouses' negligence, since even the richest states lag behind the world in broadband. That we need to stop blaming Americans who have lower information than we, which has resulted from negligence by design.
Most credible, positive map
https://www.pewresearch.org/internet/fact-sheet/internet-broadband/
Most credible, negative map
https://in.pcmag.com/news/131706/npd-31-percent-of-us-households-lack-broadband
Roll Call Vote For H.R. 1620, the Violence Against Women Act, Deserves A Good Look
No matter what excuses the Nays gave, they are enemies of 51% of the people.
https://clerk.house.gov/evs/2021/roll086.xml
FINAL VOTE RESULTS FOR ROLL CALL 86
At the link, Democrats are shown in roman; Republicans shown in italics; Independents underlined.
---- NAYS 172 ---
Aderholt
Allen
Amodei
Armstrong
Arrington
Babin
Bacon
Baird
Banks
Barr
Bentz
Bergman
Biggs
Bilirakis
Bishop (NC)
Boebert
Brooks
Buchanan
Buck
Bucshon
Budd
Burchett
Burgess
Calvert
Cammack
Carl
Cawthorn
Chabot
Cheney
Cline
Cloud
Clyde
Comer
Crawford
Curtis
Davidson
DesJarlais
Donalds
Duncan
Dunn
Emmer
Estes
Fallon
Feenstra
Ferguson
Fischbach
Fitzgerald
Fleischmann
Fortenberry
Foxx
Franklin, C. Scott
Fulcher
Gaetz
Gallagher
Garbarino
Garcia (CA)
Gibbs
Gohmert
Gonzales, Tony
Good (VA)
Gooden (TX)
Gosar
Granger
Graves (LA)
Graves (MO)
Green (TN)
Greene (GA)
Griffith
Grothman
Guthrie
Hagedorn
Harris
Harshbarger
Hartzler
Hern
Herrell
Herrera Beutler
Hice (GA)
Higgins (LA)
Hill
Hinson
Hollingsworth
Hudson
Huizenga
Jackson
Johnson (LA)
Johnson (OH)
Johnson (SD)
Jordan
Joyce (PA)
Keller
Kelly (MS)
Kelly (PA)
Kustoff
LaHood
LaMalfa
Lamborn
Latta
LaTurner
Lesko
Long
Lucas
Luetkemeyer
Mace
Mann
Massie
Mast
McCarthy
McClain
McClintock
McHenry
McKinley
Meuser
Miller (IL)
Miller (WV)
Moolenaar
Mooney
Moore (AL)
Moore (UT)
Murphy (NC)
Nehls
Newhouse
Norman
Nunes
Obernolte
Owens
Palazzo
Palmer
Pence
Perry
Pfluger
Posey
Reschenthaler
Rice (SC)
Rodgers (WA)
Rogers (AL)
Rogers (KY)
Rose
Rouzer
Roy
Rutherford
Scalise
Schweikert
Scott, Austin
Sessions
Smith (MO)
Smith (NE)
Smith (NJ)
Smucker
Spartz
Steel
Stefanik
Steube
Stewart
Taylor
Tenney
Thompson (PA)
Tiffany
Timmons
Turner
Van Duyne
Wagner
Walberg
Walorski
Waltz
Weber (TX)
Webster (FL)
Westerman
Williams (TX)
Wittman
Womack
Zeldin
---- NOT VOTING 14 ---
Brady
Cárdenas
Carter (GA)
Crenshaw
Gomez
Guest
Kinzinger
Loudermilk
Morelle
Norcross
Rosendale
Salazar
Wenstrup
Wilson (SC)
Lawrence O'Donnell -- The Violent Anti-Government Spirit of Timothy McVeigh Lives On
O'Donnell smashes the Ron Johnson-Republican media narrative that white people are patriotic law and order peaceniks.
" ... Mass murder, that's how far they can go.
Timothy McVeigh is the reason none of the threats against government officials can ever be taken lightly. Sen Ron Johnson has forgotten all about Timothy McVeigh because he believes if you look like Timothy McVeigh, there's nothing scary about you."
A Year Ago -- Neil DeGrasse Tyson On Covid And The Massive Experiment
Are we close enough to the finish line yet to say ... what. Did we win? lose? limp through? learn?
Bellingcat On Disinformation and Public Investigations
If Intelligence agencies are not "moving on," public vigilance is its and the public's help in keeping our future democratic.
Covers past examples of four kinds of disinformation.
Examples of investigating through publicly available open source internet tools (OSINT)
Online investigating tools
Profile Information
Gender: Do not displayHometown: New England, The South, Midwest
Home country: USA
Current location: Sarasota
Member since: Sat Mar 5, 2011, 12:32 PM
Number of posts: 36,162