The Post has now (unironically and unapologetically) had to publish this article:
Christ. How does any malware get on anyone's laptop? Absolutely commonplace on insufficiently protected computers, and sometimes on highly protected ones. I'd like to see figures on what percent of computers in this country get infected by malware.An employee at Burlington Electric Department was checking his Yahoo email account Friday and triggered an alert indicating that his computer had connected to a suspicious IP address associated by authorities with the Russian hacking operation that infiltrated the Democratic Party. Officials told the company that traffic with this particular address is found elsewhere in the country and is not unique to Burlington Electric, suggesting the company wasn’t being targeted by the Russians. Indeed, officials say it is possible that the traffic is benign, since this particular IP address is not always connected to malicious activity.
[...]
The Post initially reported incorrectly that the country’s electric grid had been penetrated through a Vermont utility. After Burlington Electric released its statement saying that the potentially compromised laptop had not been connected to the grid, The Post immediately corrected its article and later added an editor’s note explaining the change.
U.S. officials are continuing to investigate the laptop. In the course of their investigation, though, they have found on the device a package of software tools commonly used by online criminals to deliver malware. The package, known as Neutrino, does not appear to be connected with Grizzly Steppe, which U.S. officials have identified as the Russian hacking operation. The FBI, which declined to comment, is continuing to investigate how the malware got onto the laptop.
WaPo
But, that doesn't even appear to be the case here. The computer in question simply connected to an IP address. For what duration, we aren't told, but from this latest information, it didn't necessarily download any malware during the connection.
That can happen to anyone on any computer anywhere every single day. If your anti-virus software is good enough, it won't let your computer be infected. And by good enough, I mean able to keep up with the constant barrage of new code created by hackers round the clock. No mean feat.Initially, company officials publicly said they had detected code that had been linked by the Department of Homeland Security to Grizzly Steppe.
Over the weekend, the company issued a statement, saying only that it had “detected suspicious Internet traffic” on the computer in question.
Bingo. The USG, rushing to react to the growing rabble of voices declaring Russia a bad actor in our election, and to appear to be doing something about it, sent out a report to companies like the Vermont utility provider listing a number of IP addresses to look for in their computer logs without any detail about what it meant or what they should do if they found any of them other than report it to the DHS. How could anything go wrong with that?Experts also said that because Yahoo’s mail servers are visited by millions of people each day, the fact that a Burlington Electric employee checking email touched off an alert is not an indication that the Russian government was targeting the utility.
[...]
Authorities also were leaking information about the utility without having all the facts and before law enforcement officials were able to investigate further.
[...]
“Federal officials have indicated that the specific type of Internet traffic, related to recent malicious cyber activity that was reported by us [on Friday], also has been observed elsewhere in the country and is not unique to Burlington Electric,” company spokesman Mike Kanarick said in a statement.
[...]
“It’s not descriptive of anything in particular,” said Robert M. Lee, chief executive of Dragos, a cybersecurity firm.
Or, the same year. At the same exact time.At least 30 percent of the IP addresses listed were commonly used sites such as public proxy servers used to mask a user’s location, and servers run by Amazon.com and Yahoo.
[...]
The IP address information alone is not useful, experts noted. Moreover, a server that is used by Russian spies one year might be used by “granny’s bake shop” the next, Lee said.
And, you know what's especially ironic?
He needs to have a talk with them.Amazon’s founder and chief executive, Jeffrey P. Bezos, owns The Washington Post.
Nice talk from someone who provided the questionable information that started the jumbled mess.“No one should be making any attribution conclusions purely from the indicators in the [government] report,” tweeted Dmitri Alperovitch, chief technology officer of CrowdStrike, which investigated the DNC hack and attributed it to the Russian government. “It was all a jumbled mess.’’
And here's the key: the Russians are quite capable of doing just that. Hiding it. Not having it out there where you can simply run down a list of IP addresses and find it. But hey, thanks for reflexively doing the government's bidding by reporting to it information that you have no freaking idea what it really means, without any kind of court order or legal assurance. You'll be very useful to Big Brother.A senior DHS official, speaking on the condition of anonymity to discuss a sensitive security matter, defended the report.
“We know the Russians are a highly capable adversary who conduct technical operations in a manner intended to blend into legitimate traffic,” the official said. The indicators of compromise contained in the report, he said, “are indicative of that. That’s why it’s so important for net defenders to leverage the recommended mitigations contained in the [report], implement best practices, and analyze their logs for traffic emanating from those IPs, because the Russians are going to try and hide evidence of their intrusion and presence in the network.”
...but hey, do what you want...you will anyway.
No comments:
Post a Comment