Wednesday, May 12, 2021

Why the SolarWinds hack is even worse than you might think

Must read


This is the web version ofTechnical sheet, a daily newsletter on the technology business. Sign up to receive it for free in your inbox.

Most of the time when we hear about cybersecurity crimes we hear the major players, companies like Crowdstrike nailed the Russians for stealing DNC emails in 2016. Or Microsoft warn that the Russians were trying to hack 2018 election campaigns. Or FireEye revealing last month that he himself had been penetrated by nation-state hackers (who turned out to be Russians).

But, as we learn from this latest incident, we cannot guarantee cybersecurity by simply relying on the big names.

FireEye had uncovered the tip of what is now considered the largest and most damaging hack in cybersecurity history, a hack that breached the computer networks of hundreds of major corporations and government agencies, including the US Treasury. , the State Department and the Fatherland Department. Security. The attack is named SolarWinds after an obscure software developer in Austin, Texas who was the starting point for the whole disaster.

As Robert Hackett of Data Sheet and our technical colleague David Z. Morris explain in their new report on the SolarWinds attackRussian hackers were able to gain access to so many networks by simply inserting a backdoor into security software the company produced and distributed to its many customers across the country.

Their deep dive explains not only how it happened, but why. In particular, note David and Robert, the SolarWinds hackers did not go for the usual credit card numbers and email addresses most cybercriminals seek. Instead, hackers have opted for much more valuable inside information: emails containing corporate and government secrets, the underlying source code of Microsoft software, and more.

The attack also undermines not only dependence on a single company, SolarWinds, but possibly the entire structure of cybersecurity in the United States, with its patchwork of government agencies, large security companies, thousands of small external vendors and internal IT security. efforts.

“Most industry experts see the decentralized, market-driven structure of US cybersecurity as a source of agility and innovation,” write David and Robert. “But in the SolarWinds debacle, they also see the weaknesses of the system in full screen. In this mega-breach, the sector’s imperfect financial incentives, lack of transparency, underinvestment in training, and old-fashioned cost cutting all played a role.

Aaron Pressman
@ampressman
aaron.pressman@fortune.com

***

We all know the sci-fi trope of a computer so smart it takes on a mind of its own. This fantasy nowadays seems too realistic, thanks to advances in natural language processing (NLP). In this week’s Brainstorm podcast, hosts Michal Lev-Ram and Brian O’Keefe take a look at what it means to teach a computer to understand and even “think” like a human. What are the innovative possibilities that this opens up? What are the dangers? Listen to the episode here.



- Advertisement -spot_img

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisement -spot_img

Latest article