SolarWinds: What Are the Characteristics of a Buttoned Up Outfit? One Guess Only, Please

March 2, 2021

I read an allegedly accurate “real” news story called “SolarWinds Told Congress That an Intern Was Responsible for the SolarWinds123 Password Security Breach, but Experts and Documents Suggest a Bigger Issue” asserts:

Two SolarWinds CEOs told the US Congress on Friday that the now-infamous exposure of the password solarwinds123 was the result of an intern’s mistake in 2017.

Those darned interns, and they are paid well, treated with respect, and are the anchors of high technology outfits.

One former CEO and one current CEO pinned the blame on the intern. The write up says:

The username solarwinds.net and password solarwinds123 were viewable in a project on the code-sharing site GitHub, according to the researcher who found the issue and screenshots reviewed by
Insider. The researcher said those credentials would give access to a SolarWinds server handling updates to the company’s software, the process at the heart of the SolarWinds supply chain attacks.

How many bad actors did it take to locate the useful data? Probably one or two people. How did the high value information get passed around? Probably on discussion groups, via email, and on Dark Web hacker forums. How many people would it take to turn the credentials into an intelligence operation? According to a Microsoftie, around a 1,000 people. Sure enough. That sounds like a typical Microsoft team, doesn’t it?

Okay, what are the characteristics of a buttoned up outfit?

How about MBAism combined with indifference to security? This is just one possible answer to my question but a pretty good one I think.

Stephen E Arnold, March 2, 2021

Comments

Comments are closed.

  • Archives

  • Recent Posts

  • Meta