Someone asked me to provide a simple description of what this SolarWinds hack is all about. So for anyone who is confused by the technical details, here's a thread with a simplified explanation of what happened and what it means.
The maker of software that is used in the highest echelons of gov, including the White House and NSA, was compromised by attackers who slipped malicious code into the software maker's trusted code without the software maker knowing it. The code got distributed to its customers
That malicious code, once it infected customer systems, opened a backdoor into those systems and contacted the hackers to let them know the door was open for them to surreptitiously enter those systems and begin stealing sensitive data on those networks.
The hackers did this back in March and their activity was only recently discovered - this means they have been inside gov systems all these months stealing data and spying on gov workers without anyone knowing until now. They also infected telecoms and other company networks.
Here is a list of some of the customers who use the software made by the software maker (their name is SolarWinds). All of these were potentially compromised. Image
What does this mean for average person and their data? This is a national security hack conducted by a nation-state (Russia) and focused on high-value targets/data. While it's possible yr personal data could have been compromised, it's more likely not what the hackers were after.
But there's a lot that's still unknown about the operation -- who all was compromised and what data or secrets were stolen.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Kim Zetter

Kim Zetter Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @KimZetter

Jan 26
"To people unfamiliar with the American criminal justice system, Baldwin’s decision sounds reasonable: Something terrible happened, and he wanted to help. But...if you are involved in a serious incident, it’s best not to talk to the police unless you have an attorney present."
"despite the ritualistic incantation of the Miranda warning on every TV police procedural, silence is a right that people can find hard to accept....Refusing to talk to the police seems like something people do only when they’ve got something to hide."
"courts have given the police wide leeway to lie to people being interrogated. 'They will lie...about what crime they are actually investigating, whether they regard you as a suspect,...what evidence they have against you...even about what [other] witnesses have or have not said"
Read 5 tweets
Dec 21, 2022
During press call discussing Zelensky visit tomorrow, WH said US consulted closely with him “on the security parameters of him being able to depart” Ukraine. “He concluded that those security parameters were met. What he needed, we agreed with...and..we are executing accordingly"
Biden/Zelensky discussed visit to US in phone call Dec. 11 then WH extended formal invite to come Dec 21st. Visit was only confirmed Sunday. Zelensky “indicated he was very keen” that his first visit outside of Ukraine be to the US to thank the US public for support given Ukraine
Tomorrw marks 300th day since Russian invasion. Zelensky will have extended sitdown w/Biden, meet key natsec team members/cabinet, address public at press conf then joint session of Congress late aftrnoon/eve, before returning to Ukraine after “just a few short hrs” in US
Read 7 tweets
Dec 17, 2022
Director James Cameron commissioned a scientific study to see if Jack in Titanic would have survived if Rose had just shoved over and made room for him on the raft. Conclusion: "There was no way they both could have survived." torontosun.com/entertainment/…
“We took two stunt people..the same body mass of Kate and Leo and we put sensors all over them and inside them and we put them in ice water and..tested to see whether they could have survived..the answer was, there was no way they both could have survived. Only one could survive”
But then he adds that Jack had to die one way or another or film would not have had the tragic ending it needed to have. If they had to make the raft smaller to ensure that Jack would never fit on it, that's what he would have done, he says, so determined he was to kill Jack off.
Read 4 tweets
Dec 13, 2022
Twitter has stopped paying rent on offices and is considering not paying severance packages to former employees, among other measures aimed at cutting costs. Also refused to pay $197,725 bill for private charter flights made the week of Musk’s takeover nytimes.com/2022/12/13/tec…
Musk's personal attorney who he appointed head of legal is also no longer at Twitter. Musk was "unhappy with...decisions made by Mr. Spiro, a noted criminal defense lawyer who successfully defended the billionaire in a high-profile defamation case in late 2019"
Apropos of news that Musk has stopped paying rent on Twitter offices: Shorenstein Properties, which owns SF building where Twitter HQ resides, couldn’t refinance its $400 million loan in Sept and now has until Jan to refinance or negotiate with lenders. therealdeal.com/sanfrancisco/2…
Read 4 tweets
Dec 12, 2022
Hm. Ghost says Substack has switched to using its code. Substack has lost a lot of writers to Ghost because Substack's code/design is rigid/lacks features. "So we clicked 'view source' to look at what was going on and that’s when we discovered Ghost code is now powering Substack"
Substack didn't credit Ghost for the code it's using. Substack knows its code is inferior to Ghost's (which is why so many writers have left Substack to go to Ghost) but instead of working on its own code, it took Ghost's open-source code without crediting Ghost. Image
Ghost founder @JohnONolan: "@Ghost is a bootstrapped nonprofit...with only 6 product engineers. So it’s a big compliment that a for-profit Silicon Valley startup with $82.4million in funding from @a16z and ~100 staff has decided our code is better than any they can write"
Read 5 tweets
Nov 23, 2022
Semafor has obtained internal Slack messages among AP reporters/editors discussing how to treat claim by anonymous intel official that Russian missiles attacked Poland. It's messy, and it also raises questions about why reporter was fired for the error semafor.com/article/11/22/…
"the slack messages on which the incident played out tell a different story, of honest mistakes, internal confusion, and a lack of a clear process that led to a disaster for one of the few news organizations whose Twitter presence is an authoritative account of world affairs"
The slack messages show what happens when a media outlet moves too quickly to publish info and when they let shorthand conversations in a chatroom suffice as vetting. It's unclear why AP fired the reporter when it was an editor that decided to run with the incorrect info
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(