SolarWinds Are Gusting and Blowing Hard

January 5, 2021

Many pundits have reacted to the New York Times’ story “As Understanding of Russian Hacking Grows, So Does Alarm.” Work through those analyses. What’s missing? Quite a lot, but in this short blog post I want to address one issue that has mostly ignored.

At one time, there was a list on the SolarWinds’ Web site of the outfits which had been compromised. That list disappeared. I posted “Sun Spotting in the Solar Wind” on December 23, 2020. In that post, I reported three outfits which had been allegedly compromised by the SolarWinds’ misstep (and some of the information I used as a source remains online):

City of Barrie (Canada)

Newton Public Schools (US)

Regina Public Schools (Canada).

The question is, “Why are outfits like a municipality known as part of the Greater Golden Horseshoe, Newton’s public schools, and the Regina public schools? (I’ve been to Regina in the winter. Unforgettable is it.)

My research team and I discussed the alleged exploits taking up residence in these organizations; that is, allegedly, of course, of course.

Here’s what my team offered:

A launch pad for secondary attacks. The idea is that the original compromise was like a rat carrying fleas infected with the bubonic plague (arguably more problematic than the Rona)
A mechanism for placing malicious code on the computing devices of administrators, instructors, and students. As these individuals thumb typed away, these high trust individuals were infecting others in their social circle. If the infections were activated, downloads of tertiary malware could take place.
Institutions like these would connect to other networks. Malware could be placed in server nodes serving other institutions; for example, big outfits like Rogers Communications, a government ministry or two, and possibly the cloud customers of the beloved Rogers as well as BCE (Bell Canada’s parent) and Telus.

The odd ducks in the list of compromised organization, just might not be so odd after all.

That’s the problem, isn’t it? No one knows exactly when the misstep took place, what primary and downstream actions were triggered, and where subsequent rats with fleas infected with bubonic plague have go to.

Net net: It’s great to read so many words about a misstep and not have signals that the issue is understood, not even by the Gray Lady herself.

Stephen E Arnold, January 6, 2020

Written by Stephen E. Arnold · Filed Under cybercrime, cybersecurity, News, Security

Comments

One Response to “SolarWinds Are Gusting and Blowing Hard”

SolarWinds: Woulda, Coulda, Shoulda? : Stephen E. Arnold @ Beyond Search on February 17th, 2021 5:06 am

[…] SolarWinds security breach had consequences worldwide. The bad actors, supposed to be Russian operatives, […]

Search the site
Subscribe to Beyond Search
Feature archive
News archive

Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.