By compromising the IT management platform SolarWinds, Russian hackers have hit departments in the United States government and the security firm FireEye.
We’ll be lucky if that's the end of it. The situation could get so much worse 1/ wired.trib.al/QcCaWFV
As far back as March, the hackers compromised a network monitoring tool called Orion, distributing tainted software potentially to thousands of organizations and giving them a backdoor into the victim’s networks 2/
From there, the hackers fanned out within target systems, often by stealing administrative access tokens. Finally, with the keys to the kingdom—or large portions of each kingdom—they were free to conduct reconnaissance and exfiltrate data 3/
So far, the attack appears to have focused on targeted reconnaissance rather than destruction, but the extent of the damage is difficult to assess in part because Orion itself is a monitoring tool. Identifying potential infections and tracing their source is going to take time 4/
Even though the attack has been discovered, it’s still ongoing. Once hackers have embedded themselves in target networks, simply updating the compromised software isn't enough to flush them out.
They could be exfiltrating data right now 5/
The scope of the hack could be massive. Solarwinds’ products are used across the US government, by many defense contractors, and by most Fortune 500 companies.
It disclosed on Monday that as many as 18,000 clients were potentially vulnerable to the attack 6/
The extent of the exposure at US government agencies is also unknown. The US Commerce, Treasury, and Homeland Security departments have been identified so far, but that may be just the beginning.
In April 2017, a hiker going by the name “Mostly Harmless” started hiking south from New York. He carried no ID and no phone.
He made it to Florida, where, in 2018, he was found dead in his tent. No one’s been able to figure out who he was. 1/ wired.trib.al/4s2CpNg
Mostly Harmless’ fingerprints didn’t show up in any law enforcement database; his DNA didn’t match any in the Department of Justice’s missing person database; a picture of his face didn’t turn up anything in a facial recognition database. Investigators couldn’t find a thing. 2/
They don’t even understand how or why he died. There were no indications of foul play and, despite the fact that he had food nearby, he weighed just 83 pounds at the time of his death. The only substances Mostly Harmless tested positive for were ibuprofen and an antihistamine. 3/
While high turnout is a good thing for democracy, long lines at polling places lines are not. They’re a cunning form of voter suppression, with election-changing consequences. Why do they still exist?
Long lines at a polling place are the same as long lines anywhere else. Fundamentally, the movement of the line is limited by how many resources are available to process the elements in the queue. Those include poll workers, voting machines, polling stations, and voters 2/
Several variables go into the velocity of the processing and therefore the length of the line of voters waiting to get processed. How many people show up at once? How many agents are there to process them? How long does processing take? 3/
Keyboard shortcuts can shave seconds off each task, but throughout the course of a workday, it can add up to minutes or even hours. Here are some of the best ones you should know: wired.trib.al/bGkmqDK 1/
The Windows key: If you need to launch a new app, don't go clicking through your Start menu or Applications folder. Just press the Windows key—or hit Command+Space on a Mac—and start typing the name of the app in question. When its icon appears, just press Enter. 2/
Ctrl+F: Ever needed to search for a specific phrase in a 5,000-word article? It's hell. But press Ctrl+F and you'll get a search bar in the corner of your screen that helps you find any word or phrase on a page. (Apple Tip: Use the Command key instead of Control) 3/
Back in March, a study on how long the coronavirus lasts on surfaces fueled what one author called “the great fomite freakout.” People scrubbed everything from mail to groceries.
It's time to reassess. Here’s what we now know about surface spread 1/ wired.trib.al/mDdeApF
The March study found the virus was present after a few hours on cardboard, and after several days on plastic and steel. But researchers were careful to say that they only tested how quickly the virus decayed in a laboratory setting, not whether it could still infect a person 2/
Since then, additional studies have painted a picture that is much more subtle and less scary. One clear takeaway is that, given an adequate initial dose, the virus can linger for days or even weeks on some surfaces—like glass and plastic—in controlled lab conditions 3/
In 2016, 33 million people voted by mail. This fall, that figure could exceed 80 million. The pandemic presents a historic challenge for the American voting system, but the risk of mass voter fraud is still extremely low.
Stealing a presidential election would require an enormous conspiracy—a coordinated mailbox-to-mailbox operation with access to the perfect database of stolen voter signatures and Social Security numbers. It's an impractical attack and the chances of it happening are VERY low 2/
A mail-in ballot’s journey to the voter and back is tightly choreographed and controlled. Most states use special US Postal Inspection Service barcodes to monitor ballots in transit. Once they're returned, they're validated with personal info like Social Security numbers 3/
The Kremlin has meddled in so many elections around the world that by now, the immune system of global democracy has a few defenses lined up.
Here are some lessons that other countries can teach us in the age of Russian mayhem: 1/ wired.trib.al/MobKWA5
When in doubt, go analog:
In 2017, Dutch TV broadcaster RTL investigated the Netherlands' software system for counting ballots and found it full of security flaws. The country decided to count all votes manually—a slower but far more secure option. 2/ wired.trib.al/MobKWA5
Get physical authentication:
Estonia has kept the Kremlin from corrupting its digital democracy in part by giving every citizen a smart ID card that physically authenticates their identity for banking, paying taxes, and voting. 3/ wired.trib.al/MobKWA5