Skip to main content

What the Solar Winds Hack Tells Us About Intrusion Strategies

 Article:  Bushwick, Sophie. “Giant U.S. Computer Security Breach Exploited Very Common Software,” December 15, 2020. https://www.scientificamerican.com/article/giant-u-s-computer-security-breach-exploited-very-common-software/

This article provides an overview of the Solar Winds hack and explains what the software is and how infiltrating it allowed the hackers access to so many different computer systems.  In short, Solar Winds is a network management software used by many companies and government agencies to help keep their computer networks running.  Like most software providers, Solar Winds sends out periodic software updates to keep its subscribers up to date.  At some point last year, hackers were able to get into Solar Winds' system and create a corrupt software patch that was then dispatched to Solar Winds' subscribers as part of an update.  Once that corrupted update was installed on the subscribers' computers, the hackers were able to access the subscribers' systems without being detected.  In addition to numerous government agencies, the hack is believed to have impacted at least 18,000 subscribers.

Because it infiltrated multiple places at once verses focusing on one place at a time, this seems to be a slightly different intrusion tactic.  The best example of this tactic that comes to mind is the movie Ocean's 11.  In that movie, several casinos share the same vault so compromising one of their vaults compromises all of them.  Instead of robbing all of the individual casinos, the team focuses on one and then is able to take the proceeds of them all.  Likewise, in the case of this hack, by compromising just Solar Winds, the hackers were able to infiltrate its subscribers as well.  

The Solar Winds hack is also an example of how attacks don't have to be flashy and how support systems can be vulnerabilities as well.  To keep to the movie theme, an example of this is the different tactics for attacking the Death Star and Star Killer Base in Return of the Jedi and The Force Awakens, respectively.  The attack in Jedi is much more of a frontal assault with troops attacking the shield generator and ships attacking the station once the shields are down.  Conversely, in Force Awakens, the heroes infiltrate the station by using information Finn used by working as a janitor.  He had intricate knowledge of the base because he had to have access to it to do his job and was able to leverage that knowledge to help the rebels.  Similarly, because it is a support system that underpins networks, Solar Winds has access to basically everything and has intricate "knowledge" of networks - which explains why compromising it would be such a huge deal.

Hopefully, the lessons learned from the scale and impact of this hack will inspire network administrators and the companies behind software programs like Solar Winds to monitor these types of software more closely for intrusions so this kind of tactic doesn't work again.

Comments

Post a Comment

Popular posts from this blog

When Hacking is a Form of Statecraft

Article:   Johnson, Kevin. “'Criminal Syndicate with a Flag': North Korean Intel Operatives Charged in Hacking Campaign.” USA Today. Gannett Satellite Information Network, February 17, 2021. https://www.usatoday.com/story/news/politics/2021/02/17/us-charges-north-korean-intel-operatives-global-hacking-campaign/6781478002/. On February 17, 2021, the U.S. government charged three intelligence officials from the government of North Korea for participating in a global hacking campaign to steal $1.2 billion in crypto and regular currency.  According to the article, the investigation started after the 2014 Sony Pictures hack that led to the leaking of the movie The Interview but widened as investigators discovered what was described in the article as "a criminal syndicate with a flag representing the North Korean government."  The investigation also led to charges against a private citizen who was charged with organizing gangs of people using cloned ATM cards to steal mill...
Post a Comment
Read more

What else have we learned from the Solar Winds hack?

 Article:   “US imposes sanctions on Russia over cyber-attacks,” Yahoo! News . [Online]. Available: https://news.yahoo.com/us-poised-sanction-russia-cyber-041015589.html. [Accessed: 18-Apr-2021]. On April 18, 2021, the United States announced sanctions against Russia for its efforts to interfere in the 2020 election and for carrying out the Solar Winds hack.  In the announcement, the USA specifically blamed the Russian intelligence agency SVR for the hack. The sanctions target 32 Russian officials for trying to influence the 2020 election.  Additionally, 10 ambassadors were expelled and barred US financial institutions from doing business with Russian entities. This announcement harkens back to two previous entries of this blog on the Solar Winds Hack and Hacking as Statecraft .
Post a Comment
Read more

How Infrastructure Can Also be a Target for Cyber Terrorists

 Article: Evans, Jack. “Someone Tried to Poison Oldsmar's Water Supply during Hack, Sheriff Says.” Tampa Bay Times. Tampa Bay Times, February 10, 2021. https://www.tampabay.com/news/pinellas/2021/02/08/someone-tried-to-poison-oldsmars-water-supply-during-hack-sheriff-says/.  Businesses like Equifax aren’t the only entities vulnerable to hackers.  Water treatment plants can be too.  Case in point:  the hacking of the Oldsmar, FL water treatment plant.   On February 6, 2021, employees at the Oldsmar city water treatment plant noticed something strange:  the sodium hydroxide (lye) level had been changed in the computer managing the treatment plant into add 100 times more of the chemical to the water.  Lye is added to the water to control acidity but it is poisonous in higher levels.  Fortunately, the employees were able to change the lye level back to normal levels immediately before any damage was done.  Even if the employee hadn’t noticed...
Post a Comment
Read more