Cause a war over hacking.

[renocat]

First beaware of this new ransomware worm.taking over computers around the world.
Source is from leaked information stolen from NSA.
Putin is blaming U.S.
It.is called Web World.War

[LickNeckey]

https://twitter.com/wikileaks/status/822213093065367553

RIP HERO

You have to admire in a rogues gallery sort of way, what stone cold killers the UnderClintons were/are.

 

[sonofdaxjones]

Major terminal and interconnection right down the road from my house.

[CNS]

If it’s not already the case, the lions share of our defense budget needs to move from ships, guns, and tanks to cyber warfare. Physical crap is getting pretty worthless these days.

This isn’t even the future, this is the recent past. I mean, a couple of guys from India claiming to be from Microsoft calling to make sure your Google Biz listing is claimed on your Apple account shouldn’t be shutting down the east coast.

[wiley]

If it’s not already the case, the lions share of our defense budget needs to move from ships, guns, and tanks to cyber warfare. Physical crap is getting pretty worthless these days.

This isn’t even the future, this is the recent past. I mean, a couple of guys from India claiming to be from Microsoft calling to make sure your Google Biz listing is claimed on your Apple account shouldn’t be shutting down the east coast.

I'm not sure all the money in the world will defend companies, when employees blindly click on links in emails and install ransomware.

Or (the big one now), random phone calls from the IT dept asking for you password to some system because you are working remotely.  People give away a ton of information on fb and LinkedIn, that could be used in a social engineering attack.  Ransome attacks are becoming popular, pretty sure this is similar to Garmin last year.  If systems aren't restored by midweek, i expect the ransom to be paid (if it hasn't already).

[sonofdaxjones]

I'd like to know about how this happened, likely a spearfishing attack.

I'd like to think that they had great internal and external network surveillance, and I'd like to think that they were back up in near real time to a offsite 3rd party data center so they could just roll back in time if need be, that doesn't always work, tho.

[wiley]

I'd like to know about how this happened, likely a spearfishing attack.

I'd like to think that they had great internal and external network surveillance, and I'd like to think that they were back up in near real time to a offsite 3rd party data center so they could just roll back in time if need be, that doesn't always work, tho.

My understanding is they are still not back online.

[sonofdaxjones]

What does Darkside have on Joe Biden?

[cfbandyman]

The water treatment plant instances recently are more worrisome then this pipeline, but NERC CIP (or at least it's goals) is going to apply to a lot more things pretty soon

[sonofdaxjones]

It's a good thing we spent the last 4 years with an entire side of a Congressional delegation completely consumed by a parade of #blueanon conspiracies. 

[wiley]

The water treatment plant instances recently are more worrisome then this pipeline, but NERC CIP (or at least it's goals) is going to apply to a lot more things pretty soon

Ill be interested to see how well the regulations are deployed.  I can see companies doing enough to pass audits and then essentially doing no more.  That is until something like this happens.  The sysadmin reddit has some interesting post when ransome ware incidents popup.  There's one about the purchase of a pipeline, and the security that was setup by the original owner was comical at best.

[CNS]

The water treatment plant instances recently are more worrisome then this pipeline, but NERC CIP (or at least it's goals) is going to apply to a lot more things pretty soon

Ill be interested to see how well the regulations are deployed.  I can see companies doing enough to pass audits and then essentially doing no more.  That is until something like this happens.  The sysadmin reddit has some interesting post when ransome ware incidents popup.  There's one about the purchase of a pipeline, and the security that was setup by the original owner was comical at best.

Banks, accountants, etc have some regs on how they can electronically send and receive financial or personal info.  Why can't we impose security regulations in a similar manner for certain industries that are super important for the basic function of society?  This is what we should do. 

This wouldn't be all biz, it would be water, power, gas, etc

[cfbandyman]

lol @dax trying to fob that off (like he always does) when 0 was done by the ones in charge to even know wtf was going on or had the heft to understand what was needed.

typical

[sonofdaxjones]

lol @dax trying to fob that off (like he always does) when 0 was done by the ones in charge to even know wtf was going on or had the heft to understand what was needed.

typical

Actually it was brought up quite frequently by Republicans. 

In fact, the Trump administration attempted to place CyberCommand under its own leadership structure and break it away from the NSA because the job was simply too large for one leadership structure covering both.  Dems of course melted down.   Dems as usual wanted to kick the can down the the road in hopes that they could make the split using their politically dogmatic influence.  Hiding behind such amazing bullshit as a lack of resources to support two separate entities.  A trillion dollars a year, but lacking resources. Pfft.

LOL at the typically uninformed candy man

[wiley]

The water treatment plant instances recently are more worrisome then this pipeline, but NERC CIP (or at least it's goals) is going to apply to a lot more things pretty soon

Ill be interested to see how well the regulations are deployed.  I can see companies doing enough to pass audits and then essentially doing no more.  That is until something like this happens.  The sysadmin reddit has some interesting post when ransome ware incidents popup.  There's one about the purchase of a pipeline, and the security that was setup by the original owner was comical at best.

Banks, accountants, etc have some regs on how they can electronically send and receive financial or personal info.  Why can't we impose security regulations in a similar manner for certain industries that are super important for the basic function of society?  This is what we should do. 

This wouldn't be all biz, it would be water, power, gas, etc

My assumption when the dust settles is that someone opened an email that pulled down an executable.  That executable probably just inventoried all the installed applications on that computer and any machine that user had access to.  Sent a diagnostic to the hackers.  Once they knew what exploits were available they had a fair amount of access to start causing chaos.  (This is just 1 theory out there, could be someone with a lot of access opened a link they shouldn't have and that's all it took).

And that's where the real concerns come from, employees not being diligent on what they open in emails on company machines.  And then third party applications like chrome.  You have to keep these updated at a ridiculous pace.  And when it's a mission critical app/device they get pushed for as long as humanly possible.

Dax's point about bringing up a 3rd party DC is valid, but if you have a tunnel replicating data to it, you better be damn quick about shutting it off so you don't destroy the all the data in the DR.  I highly doubt that this would be the case if the hackers were able to download/retrieve 100 gb of data and nothing sounded alarm bells when that amount of data was leaving the network.

I wouldn't expect the govt to put in stringent regulations on this, and if they do it'll probably have leniency for a decade.

[Dugout DickStone]

everyone come look at the huge nerd

[sonofdaxjones]

I'm completely clueless but feel the need to chime in and prove it (once again)

[Dugout DickStone]

it's a joke boomer.  Stop whining for an hour.  You just make yourself miserable with all this crying

[sonofdaxjones]

it's a joke boomer.  Stop whining for an hour.  You just make yourself miserable with all this crying

Um-hmm

It's rage Tuesday with SlowDug

[Dugout DickStone]

 

BMI <700 trumpers

[sonofdaxjones]

 . . . and extremely weird poster.

#rageTuesday #SlowDug

[sonofdaxjones]

What do the Russians have on Joe Biden?

[wiley]

Pipeline paid 5 million in crypto for the key to decrypt data (per Bloomberg)

[sonofdaxjones]

Did Joe really answer "No" when asked if the U.S. would mount counter cyberwarfare against hackers?

Interesting if so.

[MadCat]

Pipeline paid 5 million in crypto for the key to decrypt data (per Bloomberg)