patrick.net

It's smart of our enemies to attack America with Biden in office, as he is obviously corrupt and senile. Cumala will no doubt be even worse for American security after she pushes Joe down the stairs.

If there is any grim comfort in this, it's that American elites will also lose a lot from their undermining of US election integrity to keep the annual half-trillion dollars in Chinese imports flowing.

Joe Biden has sanctioned all hits.

Why do any of these major companies have exposed TCP/IP type networks anyway? How hard would it be to harden the datacenters, and only allow access through dedicated appliances that only talk to each other and use a proprietary protocol other than TCP/IP? No DNS, or any directory service at all. If you do not know the appliance's port/address, you ain't getting in.

Given I live and breathe cybersecurity, I wish it were that simple. Most companies have publicly facing systems exposed to the Internet, and appliances or IoT are rarely designed with security in mind. There's only so much a company can do to harden those types of devices, so you're stuck with network segmentation and tight ACLs which can be onerous to manage. There's no silver bullet and it takes years for a complex organization to tighten security because of all the ways in and the need to support the business.

porkchopexpress says

Most companies have publicly facing systems exposed to the Internet,

That's fine for companies like Amazon that rely on public access. There is no reason that pipelines and power stations need a "public facing system" through the common internet. If such entities need remote monitoring or control, use an old fashioned connection method (like a point to point modem) or if a series of connectionless protocols, use something other than TCP/IP.

HeadSet says

porkchopexpress says

Most companies have publicly facing systems exposed to the Internet,

That's fine for companies like Amazon that rely on public access. There is no reason that pipelines and power stations need a "public facing system" through the common internet. If such entities need remote monitoring or control, use an old fashioned connection method (like a point to point modem) or if a series of connectionless protocols, use something other than TCP/IP.

That's definitely true. For industrial control systems, etc., they should require VPN or Citrix to access. I'm just saying that most companies with Internet-facing systems will always be a potential point of entry to exploit and get inside the network.

In my industry, we don’t allow critical equipment control systems to be connected to the Internet or even for the wireless communications to be reachable by someone not on the terminal.

Shaman says

In my industry, we don’t allow critical equipment control systems to be connected to the Internet or even for the wireless communications to be reachable by someone not on the terminal.

And how is that not a standard practice for all critical infrastructure?

HeadSet says

Shaman says

In my industry, we don’t allow critical equipment control systems to be connected to the Internet or even for the wireless communications to be reachable by someone not on the terminal.

And how is that not a standard practice for all critical infrastructure?

And voting?

Onvacation says

HeadSet says

Shaman says

In my industry, we don’t allow critical equipment control systems to be connected to the Internet or even for the wireless communications to be reachable by someone not on the terminal.

And how is that not a standard practice for all critical infrastructure?

And voting?

Good point. Critical infrastructure can actually be shut down by hackers and the media reports it. Yet it's a pure impossibility voting could be hacked and doesn't get reported. Social media actually will ban you. Twilight Zone shit.

@porkchopexpress

porkchopexpress says

Given I live and breathe cybersecurity

I'm curious to know your opinion on the reality of all these hacks being done by individuals unaffiliated with the target companies by exposing exploits in the networking stack or via software malware?

My personal feeling is that hollywood type hacking of systems is almost impossible - and that this endeavor almost always requires the help of a target company employee with access to non-public information.

What say you?

So this is how to cover up an economic collapse, blame every shortage on a cyber attack!?

NuttBoxer says

So this is how to cover up an economic collapse, blame every shortage on a cyber attack!?

Yes, just as when a politician is caught saying something damning when he thought he was off camera, it will be called a "deep fake." We already have had politicos claim "hacking: when something bad was found on their personal computer or phone.

stfu says

@porkchopexpress

porkchopexpress says

Given I live and breathe cybersecurity

I'm curious to know your opinion on the reality of all these hacks being done by individuals unaffiliated with the target companies by exposing exploits in the networking stack or via software malware?

My personal feeling is that hollywood type hacking of systems is almost impossible - and that this endeavor almost always requires the help of a target company employee with access to non-public information.

What say you?

I think it could go either way. There's no question that it could be outsiders (or gov't) leveraging exploits in Exchange, Solar Winds, PulseVPN, etc. This is why the Solar Winds hack was so brutal...so many companies own the product and hackers have likely had persistence for ages in all these companies, and probably still do because the damage is done.

As far as Hollywood, it doesn't get more cringeworthy than the Swordfish hacking scene with Hugh Jackman...I literally cry every time I watch it. In over 90% of successful hacks, phishing is involved. All it takes is for some idiot sysadmin to click on an attachment and boom, the hacker has persistence on their machine. It's easy to escalate privilege to Domain Admin from there. Two-factor auth is huge for stopping presentation-layer-type hacks (logging into M365), but there are so many other vectors to exploit (i.e., software vulnerabilities). If an insider sysadmin is involved, there's little you can do and must have the absolute HIGHEST level of control in place to stop or detect it.

porkchopexpress says

There's no question that it could be outsiders (or gov't) leveraging exploits in Exchange, Solar Winds, PulseVPN, etc.

How about chips in the motherboards of PCs and Servers having a built in back door? A little present from friends in China where these products are made.

HeadSet says

How about chips in the motherboards of PCs and Servers having a built in back door? A little present from friends in China where these products are made.

That too. Lenovo-gate. Who knows what else lurks in hardware, firmware and software these days.

I think many of these hacks probably don't rely on a conventional internet facing entry point.

If you can compromise the computer / laptop of just a single employee, you can then setup an elaborate network tunnel through all kinds of layers, allowing you to remotely control things. It's very difficult to defend against that because they can make the connection originate from the laptop (which has internal network access, either physically, of via vpn), which connects out to the internet, and looks just like any other internet traffic. But, it establishes a tunnel, and network traffic then passes back and forth through the tunnel, likely invisible to most network security.

This is why outbound network traffic inspection (on ALL ports/protocols) is more critical than inbound, but a lot of companies forget that part because it's hard and expensive.