Discover and read the best of Twitter Threads about #SolarWindsHack

Most recents (6)

#SolarWindsHack - @FBI focused on more precise attribution

"Understanding who conducted this activity, why & how so that we can create the widest possible range of responses for our policymakers to consider" #Cyber Division's Tonya Ugoretz tells lawmakers
"We find it is most powerful when we are able to say, w/detail & as transparently as possible, how exactly adversaries conducted this activity, & ultimately who was behind it" per @FBI's Ugoretz

"The effort to develop that information, investigatively continues"
"The majority of the activity appears to have been directed at the #UnitedStates" per @FBI's Ugoretz re #SolarWinds hack

"However, we are aware of instances & information shared with us from foreign partners where some of their networks were affected as well"
Read 7 tweets
Finishing up this session at #enigma2021 is from Trey Herr speaking about "BREAKING TRUST – SHADES OF CRISIS ACROSS AN INSECURE SOFTWARE SUPPLY CHAIN"

[ *cough* #SolarWinds #SolarWindsHack *cough* ]

usenix.org/conference/eni…
The software supply chain is huge and reaches everywhere.

In the US and elsewhere there's a lot of COTS (commercial off the shelf) software being used.

We don't build most of the software that we use, from mobile phones to container architechture.
Our mental models around supply chain (and regulatory architecture) are built around the hardware supply chain
Read 17 tweets
I've said from day one that the injection of the non-malicious code back in 2019 was a dry run to see if the dll would build and not throw any red flags. What I didn't know is that the dll was also inflated in size to allow for additional code to be inserted at a later date.
The immediate attribution to RU especially APT29 was always questionable IMHO. Especially when you see the same exact players in the media parroting it from the rooftops in record time...
Read 5 tweets
Siege of #USCapitol caused feelings of "Shock...a little bit of embarrassment" the top US Counterintelligence official, William Evanina, tells #postlive

"This is the closest I got to that feeling of emptiness inside" that he felt on 9/11 Image
#USCapitol and foreign adversaries - "We are watching them watching us" NCSC Director Evanina tells #postlive, warning adversaries they will not be able to take advantage of the situation
"This is clearly homegrown & it is extremism" per NCSC Dir Evanina

"The mindset to storm the #USCapitol because of a belief is something I never thought I would see...a paradigm shift "
Read 10 tweets
It strikes me that how we respond to the #SolarWindsHack strategically, in public messaging, and in some ways, even tactically, would be vastly difference had we believed it was GRU, and not SVR intelligence service who was behind it 1/
The reason being that SVR, unlike GRU, has no post Soviet history of conductive destructive attacks or attacks that violate established norms (in cyber or physical worlds).

Another reason probably being that SVR is a civilian intelligence agency, not a military one 2/
This yet again highlights the critical importance of attribution for both strategic and tactical decision making in government and private sector alike.

And the importance of specificity of attribution on multiple levels. Nation State vs Criminal, RU vs CN, GRU vs SVR 3/
Read 5 tweets
Good piece by @jacklgoldsmith on #SolarWindsHack

I agree with his main points.

But I disagree with some of his analysis, which conflates espionage with far more malicious cyber operations. Vital distinctions in thinking about reciprocity and deterrence in cyberspace.

<thread>
2. My agreement with Jack:

a) It's wrong to suggest this hack is like an act of war.

b) It's wrong to suggest USG could lawfully use military force in response.

c) Public officials/commentators should react with awareness that USG hacks foreign govts' networks on a huge scale.
3. On reciprocity: Jack argues that USG's aggressive disruption of Russia’s Internet Research Agency (IRA) in 2018 opens door to other countries' engaging in similar disruptive actions against US for espionage.👇

But that erroneously conflates IRA’s actions with espionage.
Read 8 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!