WIRED Profile picture
14 Dec, 7 tweets, 2 min read
By compromising the IT management platform SolarWinds, Russian hackers have hit departments in the United States government and the security firm FireEye.

We’ll be lucky if that's the end of it. The situation could get so much worse 1/ wired.trib.al/QcCaWFV
As far back as March, the hackers compromised a network monitoring tool called Orion, distributing tainted software potentially to thousands of organizations and giving them a backdoor into the victim’s networks 2/
From there, the hackers fanned out within target systems, often by stealing administrative access tokens. Finally, with the keys to the kingdom—or large portions of each kingdom—they were free to conduct reconnaissance and exfiltrate data 3/
So far, the attack appears to have focused on targeted reconnaissance rather than destruction, but the extent of the damage is difficult to assess in part because Orion itself is a monitoring tool. Identifying potential infections and tracing their source is going to take time 4/
Even though the attack has been discovered, it’s still ongoing. Once hackers have embedded themselves in target networks, simply updating the compromised software isn't enough to flush them out.

They could be exfiltrating data right now 5/
The scope of the hack could be massive. Solarwinds’ products are used across the US government, by many defense contractors, and by most Fortune 500 companies.

It disclosed on Monday that as many as 18,000 clients were potentially vulnerable to the attack 6/
The extent of the exposure at US government agencies is also unknown. The US Commerce, Treasury, and Homeland Security departments have been identified so far, but that may be just the beginning.

In truth, no one knows where the damage ends 7/ wired.trib.al/QcCaWFV

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with WIRED

WIRED Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @WIRED

8 Nov
In April 2017, a hiker going by the name “Mostly Harmless” started hiking south from New York. He carried no ID and no phone.

He made it to Florida, where, in 2018, he was found dead in his tent. No one’s been able to figure out who he was. 1/ wired.trib.al/4s2CpNg
Mostly Harmless’ fingerprints didn’t show up in any law enforcement database; his DNA didn’t match any in the Department of Justice’s missing person database; a picture of his face didn’t turn up anything in a facial recognition database. Investigators couldn’t find a thing. 2/
They don’t even understand how or why he died. There were no indications of foul play and, despite the fact that he had food nearby, he weighed just 83 pounds at the time of his death. The only substances Mostly Harmless tested positive for were ibuprofen and an antihistamine. 3/
Read 8 tweets
3 Nov
While high turnout is a good thing for democracy, long lines at polling places lines are not. They’re a cunning form of voter suppression, with election-changing consequences. Why do they still exist?

Math. And racism. 1/ wired.trib.al/n1FINrM
Long lines at a polling place are the same as long lines anywhere else. Fundamentally, the movement of the line is limited by how many resources are available to process the elements in the queue. Those include poll workers, voting machines, polling stations, and voters 2/
Several variables go into the velocity of the processing and therefore the length of the line of voters waiting to get processed. How many people show up at once? How many agents are there to process them? How long does processing take? 3/
Read 12 tweets
28 Oct
Keyboard shortcuts can shave seconds off each task, but throughout the course of a workday, it can add up to minutes or even hours. Here are some of the best ones you should know: wired.trib.al/bGkmqDK 1/
The Windows key: If you need to launch a new app, don't go clicking through your Start menu or Applications folder. Just press the Windows key—or hit Command+Space on a Mac—and start typing the name of the app in question. When its icon appears, just press Enter. 2/
Ctrl+F: Ever needed to search for a specific phrase in a 5,000-word article? It's hell. But press Ctrl+F and you'll get a search bar in the corner of your screen that helps you find any word or phrase on a page. (Apple Tip: Use the Command key instead of Control) 3/
Read 10 tweets
22 Oct
Back in March, a study on how long the coronavirus lasts on surfaces fueled what one author called “the great fomite freakout.” People scrubbed everything from mail to groceries.

It's time to reassess. Here’s what we now know about surface spread 1/ wired.trib.al/mDdeApF
The March study found the virus was present after a few hours on cardboard, and after several days on plastic and steel. But researchers were careful to say that they only tested how quickly the virus decayed in a laboratory setting, not whether it could still infect a person 2/
Since then, additional studies have painted a picture that is much more subtle and less scary. One clear takeaway is that, given an adequate initial dose, the virus can linger for days or even weeks on some surfaces—like glass and plastic—in controlled lab conditions 3/
Read 12 tweets
11 Oct
In 2016, 33 million people voted by mail. This fall, that figure could exceed 80 million. The pandemic presents a historic challenge for the American voting system, but the risk of mass voter fraud is still extremely low.

Pay attention, Mr. President 1/ wired.trib.al/EsE2DXB
Stealing a presidential election would require an enormous conspiracy—a coordinated mailbox-to-mailbox operation with access to the perfect database of stolen voter signatures and Social Security numbers. It's an impractical attack and the chances of it happening are VERY low 2/
A mail-in ballot’s journey to the voter and back is tightly choreographed and controlled. Most states use special US Postal Inspection Service barcodes to monitor ballots in transit. Once they're returned, they're validated with personal info like Social Security numbers 3/
Read 10 tweets
10 Oct
The Kremlin has meddled in so many elections around the world that by now, the immune system of global democracy has a few defenses lined up.

Here are some lessons that other countries can teach us in the age of Russian mayhem: 1/ wired.trib.al/MobKWA5
When in doubt, go analog:

In 2017, Dutch TV broadcaster RTL investigated the Netherlands' software system for counting ballots and found it full of security flaws. The country decided to count all votes manually—a slower but far more secure option. 2/ wired.trib.al/MobKWA5
Get physical authentication:

Estonia has kept the Kremlin from corrupting its digital democracy in part by giving every citizen a smart ID card that physically authenticates their identity for banking, paying taxes, and voting. 3/ wired.trib.al/MobKWA5
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!