c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
Community Rules
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
This is light on one detail: who was running the compromised infrastructure?
Because the US military doesn't do its own IT anymore. It's all outsourced to Microsoft and other cloud providers to the tune of tens of billions of dollars. And here, the report conveniently doesn't mention who let the hackers in.
I'd like to know which sloppy cloud contractor is responsible.
It's a hell of a lot wider than one specific sloppy contractor. They basically compromised everybody (Verizon, AT&T, T-Mobile, Spectrum, Lumen, Consolidated Communications, Windstream, the system for CALEA requests, routers made by Cisco, phones belonging to Trump and Vance... basically, everything.) Viasat is on that list, but they're no more particularly sloppy than any other contractor in that space. Basically it would have been truly remarkable if some Guard agency had managed to hire a cloud contractor that was able to resist it.
who was running the compromised infrastructure?
The DoD report doesn't get into it. It repeatedly references "a US state’s Army National Guard network". Which, is probably not the same network as the US Army's network. It's also likely to be an Unclassified network; so, it's not quite as bad as it could be. But also not great.
the US military doesn’t do its own IT anymore. It’s all outsourced to Microsoft and other cloud providers to the tune of tens of billions of dollars.
While some of it is on Microsoft's and other cloud providers, there is also a lot which isn't. On top of that, much of the stuff "in the cloud" is all IaaS or PaaS. So, while MS, et al. run the hardware, the operating systems and software is often run by the IT departments for the various branches and programs. These IT departments will be some mix of US Civilian State or Federal employees and then a lot of IT contractors. Generally, the people doing the actual IT work are contractors working for companies like Boeing or Booz-Allen-Hamilton.
I’d like to know which sloppy cloud contractor is responsible.
If you want to find the people responsible, find the managers who have programs on the "state’s Army National Guard network" (as the report puts it) and figure out which one of them either authorized some sort of "shadow IT" project, or just threw a hissy-fit every time the IT folks tried to roll out patches. That's often how these things go. The report mentions multiple CVEs which were exploited, and I'd place a pretty large bet that they were unpatched in the environment because some manager whined loud enough to get his assets exempted from patching. All too often these types of vulnerabilities hang out there far too long because some department wants high availability on their stuff, but aren't willing to pay for high availability. So, they bitch and moan that they should be exempt from regular patching. And upper management isn't willing to back IT and say, "no you aren't special, you get patched like everyone else".
Guard? Yeah that shit doesn't even stay powered on for more than like a week a month lol
This was already the presumption. The rule of thumb is "assume you're always being watched."
skill issue
Didn't the Chinese exploit what is now known as a back door?
Now all these clowns doing pikachu face 🤡
Funny, they were handed a secure bootstrap thanks to gnu guix and stage0; yet choose not to just rebootstrap their shit from trusted source code.
Boots into secure bootstrap
npm install
I'm not sure that the Ken Thompson type of backdoor is even on the radar as an urgent enough threat to be worth worrying about at this point. I mean, it's fine, but the boot-i-est of bootstraps at this point is the network hardware that's running the network you are trying to secure, and most of it is riddled with holes which are likely to largely undo whatever you're trying to do sad to say.
It only takes one secure system to setup a secure network if one physically has control over the hardware, fiber optic cables need only be trusted to carry encrypted data and be monitored for physical tampering
Oh no. I'm sure all of America's friends really care deeply about this.
ಠ_ಠ
(Hint: they don't have any.)
They don't have friends but what they do have is strategic alliances with other nations to share data and this detrimentally affects those nations too. So there's that.
You mean those alliances that are fraying as fast as US credibility?
Edit: countries around the world including NATO are rearming because no one trusts the US anymore.
Also Agent Krasnov has already likely sold any info of value to Putin.
