Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Kim Zetter Profile picture
@KimZetter
Dec 14, 2020 7 tweets 2 min read Read on X
Someone asked me to provide a simple description of what this SolarWinds hack is all about. So for anyone who is confused by the technical details, here's a thread with a simplified explanation of what happened and what it means.
The maker of software that is used in the highest echelons of gov, including the White House and NSA, was compromised by attackers who slipped malicious code into the software maker's trusted code without the software maker knowing it. The code got distributed to its customers
That malicious code, once it infected customer systems, opened a backdoor into those systems and contacted the hackers to let them know the door was open for them to surreptitiously enter those systems and begin stealing sensitive data on those networks.
The hackers did this back in March and their activity was only recently discovered - this means they have been inside gov systems all these months stealing data and spying on gov workers without anyone knowing until now. They also infected telecoms and other company networks.
Here is a list of some of the customers who use the software made by the software maker (their name is SolarWinds). All of these were potentially compromised. Image
What does this mean for average person and their data? This is a national security hack conducted by a nation-state (Russia) and focused on high-value targets/data. While it's possible yr personal data could have been compromised, it's more likely not what the hackers were after.
But there's a lot that's still unknown about the operation -- who all was compromised and what data or secrets were stolen.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Kim Zetter

Kim Zetter Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @KimZetter

Kim Zetter Profile picture
Dec 23, 2024
Mossad's exploding pager op began 10 yrs ago with explosives in walkie-talkies. Hezbollah bought 16,000+ of these, but Mossad didn't detonate them until this yr. In 2022 Mossad began booby-trapping pagers too. Unlike walkie-talkies, which only got worn in battle, Hezbollah wore pagers all the time cbsnews.com/news/israeli-m…
To embed explosives, Mossad created pagers identical to model Hezbollah was using, but slightly larger to hold explosive. A Mossad agent claims they ran tests to determine how much explosive would injure the person carrying the pager without harming anyone next to them.
"If you push the button the only one that will get injured is the terrorist himself. Even if his wife or his daughter will be just next to him he's the only one that's going to be harmed. We test everything...multiple times in order to make sure there's minimum damage" - former Mossad agent
Read 11 tweets
Kim Zetter Profile picture
Jul 14, 2024
AT&T paid hackers $370,000 to delete call records stolen from its Snowflake account. They provided video to AT&T showing deletion. It's believed to be the only complete set of the data stolen, though the hackers shared small snippets with a few people wired.com/story/atandt-p…
AT&T learned about breach mid-April and paid the hackers on May 17, but didn't report the breach publicly until this last Friday when the published a blog post and a filed a regulatory disclosure with the SEC. AT&T had received a reporting exemption to withhold public reporting.
When AT&T paid the hackers in May, the one allegedly directly responsible for stealing it - John Erin Binns - is believed to have already been arrested in Turkey where he was living. The arrest was not for the AT&T breach, however, but for the breach of T-Mobile back in 2021.
Read 4 tweets
Kim Zetter Profile picture
Oct 23, 2023
Car bomb that killed daughter of Putin ally Alexander Dugin was smuggled into Russia in hidden compartment of a cat crate. The op was part of a raging shadow war being conducted by Ukraine's SBU spy agency, which has forged deep bonds with CIA since 2014
washingtonpost.com/world/2023/10/…
"The cluttered car carrying a mother and her 12-year-old daughter seemed barely worth the attention of Russian security officials as it approached a border checkpoint. But the least conspicuous piece of luggage — a crate for a cat — was part of an elaborate, lethal plot."
Since 2015, CIA has spent millions to transform Ukraine’s intel services into allies against Putin. It's provided advanced surveillance systems, trained recruits in Ukraine/US, built a new headquarters for Ukraine's military intel agency, and shared unprecedented amounts of intel
Read 8 tweets
Kim Zetter Profile picture
Oct 19, 2023
Thousands of IT workers contracting with US companies have for years secretly sent millions of dollars of their wages to North Korea to fund its weapons programs. They worked remotely with companies around US and used false identities to get jobs, per FBI apnews.com/article/north-…
According to DoJ, North Korea dispatched thousands of skilled IT workers to live in China and Russia with the goal of getting hired by companies in the US and elsewhere as freelance remote employees. In some cases the workers infiltrated company networks and stole info from them
"the workers used various techniques to make it look like they were working in the US, including paying Americans to use their home Wi-Fi connections"
Read 5 tweets
Kim Zetter Profile picture
Jul 17, 2023
Millions of emails intended for US military - including highly sensitive info - have been misdirected to Mali instead, due to people typing .ml in address instead of .mil. This, despite repeated warnings for a decade to double-check address before sending ft.com/content/ab62af…
One misdirected email contained the travel itinerary for General James McConville, army's chief of staff, upcoming trip to Indonesia. It included a full list of hotel room #s for the general and 20 others, as well as details on how to collect his key at Grand Hyatt in Jakarta
A Dutch internet entrepreneur named Johannes Zuurbier reported the problem to US military 10 years ago. Zuurbier has a contract to manage Mali's country domain and has collected misdirected emails - nearly 117,00 of them - since Jan to show the gov how bad the problem is
Read 13 tweets
Kim Zetter Profile picture
Jan 26, 2023
"To people unfamiliar with the American criminal justice system, Baldwin’s decision sounds reasonable: Something terrible happened, and he wanted to help. But...if you are involved in a serious incident, it’s best not to talk to the police unless you have an attorney present."
"despite the ritualistic incantation of the Miranda warning on every TV police procedural, silence is a right that people can find hard to accept....Refusing to talk to the police seems like something people do only when they’ve got something to hide."
"courts have given the police wide leeway to lie to people being interrogated. 'They will lie...about what crime they are actually investigating, whether they regard you as a suspect,...what evidence they have against you...even about what [other] witnesses have or have not said"
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(