Hackers and Ransomware

Bump-n-Grind

Get off my lawn.
14,755
3,538
Chesapeake Bay/Vail
People get lazy with Cyber=security. We had briefings frequently when I worked at DoD. All it takes for penetration is a work email address slipping into the wrong hands and an innocent or familiar looking email to pop up. MS Exchange was extremely vulnurable to this sorta shit for way too long. 

to the point where the IT directorate at our offices put filters in place that would block all incoming email from non .mil or .gov addresses that were not in an "allowed" list.

most of our issues stemmed from folks using the preview pane in Outlook that automatically opened part of the email in a smaller window. poof - hacked. After that happened 3 or 4 times they eliminated the preview pane as an option. I guess the bad guys are getting sophisticated enough now to gain entry into system via other means than email.

been out of the biz for a while now, so not up to speed on most of this shit anymore.

 
Last edited by a moderator:

Lark

Supper Anarchist
9,474
1,687
Ohio
Acer got hit in March.    It seems a matter of time before Intuit, MS, or another other cloud based data firm is compromised at the expense of its entire clientele.  

 

burndoc

Super Anarchist
1,268
314
South Jersey
Spoke with someone today who does security. He stated some of these may go back years to get around back ups. That way can't "go back to the system a few days ago" and get back to normal. Plus some systems are very old. Scary

 

Lark

Supper Anarchist
9,474
1,687
Ohio
Spoke with someone today who does security. He stated some of these may go back years to get around back ups. That way can't "go back to the system a few days ago" and get back to normal. Plus some systems are very old. Scary
That’s discouraging,   My IT company is of the belief most cases are greedy and strike as soon as they can, so back ups beyond a few days are unnecessary.   I should do some manual back ups tomorrow on a portable drive and stick it in my safe, just in case your guy is smarter then mine.   An old school monthly or quarterly back up on media I own might be something when one of the big data storage companies is compromised.    I do back up financial records on a different cloud service from the one IT uses to mirror the server.

 

Foreverslow

Super Anarchist
I expect the government will be kicking down some bedroom doors and hauling the hackers off to the who-scow to make a statement.

US Chamber of Commerce to High Tech in Silicon Valley will be calling the Treasury Secretary and Homeland Security head out of a dinner party and demanding they do something. May not get the true puppet masters, but the word will get out this is not the time to be fucking around cause the giant only needs to glance off you and you are still squashed..

The Colonial pipeline hack was some serious shit.  You can grind the economy of the East Coast to a halt if those pipes are not moving product.

Sightly off topic, changes to stop robocalls is underway.  ATT, Verizon and T-Moble are stalling saying they agree in principal, but what if someone who is traveling in India needs to call mom in the states.  It could get blocked depending upon the telephone company in India.  Legislators are balking saying what are number of such occurrences vs the billions of bogus calls a day.

 

Foreverslow

Super Anarchist
should be all kinds of fun by this evening..

https://www.zerohedge.com/commodities/gas-run-has-begun-fuel-stations-run-dry-amid-hacked-pipeline

Of course this investigation falls under the cybersecurity quizkids at DHS who were sleeping at the wheel when all the other sites were attacked by the same group.

Most useless department in the US Government.  From the TSA body gropers at the airport who miss 90% of the test bombs to these lazy SOBs who should have put a stop to the shenanigans weeks ago.  Nothing but a US version of the Stazi to spy on US citizens.

But DHS says they know who did it.  Well Sherlock, the fact they put there name on the ransom email was quite the clue eh?

Fire the whole lot and we would be better off.

Would also be a great time to put the CEO of Colonial Pipelines in lockup due to Sarbanes Oxley violations as they did not have a properly documented and and executing  operating system.  You toss one fat cat in stir and all the other CEOs/board members will be all over their CIOs like a hair jacket by the next day.

Thank God they did not go after the power grid.  Total FUBAR..

 

MisterMoon

Super Anarchist
2,649
368
We're supposed to drive from Atlanta to west Texas on Thursday. I'm sure gas will be expensive, but worrying about whether or not we'll even be able to buy gas along the way is another thing altogether. 

 

Foreverslow

Super Anarchist
I hear you Moon.  Need to do a round trip to DC tonight/tomorrow.

Have enough plus 30 miles if everything is tapped out.

Guy from Long Island who bought a buddy's Sabre is heading home tomorrow in his pickup after working on it for a week.  I do believe he will be screwed.

The US can release all the reserves they want. If there is no way to move them up the coast, it is useless.

Thank Goodness additional capacity has been built over the past 10 years which hopefully can pick up a bit of the slack. But there is damn little excessive capacity due to the costs and lead times of pipelines.  Used to invest in the companies that actually build/own the pipelines (colonial only leases them) and the margins were very nice due to the inability of competitors to just jump into the business.  That Wide Moat as Warren Buffet likes to say about great companies to invest in is about to bite us in the backside.

 

Lark

Supper Anarchist
9,474
1,687
Ohio
If the news isn’t missing a huge story, it sounds like price disruption has been minimal and shortages rare.    Supplies might hold out until today’s commuter rush all decide to top off their tanks, just in case.    

 
Last edited by a moderator:

Steam Flyer

Sophisticated Yet Humble
44,269
9,611
Eastern NC
should be all kinds of fun by this evening..

https://www.zerohedge.com/commodities/gas-run-has-begun-fuel-stations-run-dry-amid-hacked-pipeline

Of course this investigation falls under the cybersecurity quizkids at DHS who were sleeping at the wheel when all the other sites were attacked by the same group.

Most useless department in the US Government.  From the TSA body gropers at the airport who miss 90% of the test bombs to these lazy SOBs who should have put a stop to the shenanigans weeks ago.  Nothing but a US version of the Stazi to spy on US citizens.

But DHS says they know who did it.  Well Sherlock, the fact they put there name on the ransom email was quite the clue eh?

Fire the whole lot and we would be better off.

Would also be a great time to put the CEO of Colonial Pipelines in lockup due to Sarbanes Oxley violations as they did not have a properly documented and and executing  operating system.  You toss one fat cat in stir and all the other CEOs/board members will be all over their CIOs like a hair jacket by the next day.

Thank God they did not go after the power grid.  Total FUBAR..
Yeah, but.... that's kind of like training a horse to high jump by shooting the ones that don't make it over.

Cyber security is really important, and it's obvious now (if it wasn't before) that it is a BIG part of infrastructure, when "the internet of things" include our electricity, our water, our transport & our transport's fuel supply.

A practical and forward-looking national policy to make sure that as companies get bigger and take over a bigger share of these markets, they are NOT doing so by cutting corners. That's been the default business mode since Reagan, the race to the bottom. We need a race to the top!

- DSK

 

MisterMoon

Super Anarchist
2,649
368
I hear you Moon.  Need to do a round trip to DC tonight/tomorrow.

Have enough plus 30 miles if everything is tapped out.

Guy from Long Island who bought a buddy's Sabre is heading home tomorrow in his pickup after working on it for a week.  I do believe he will be screwed.

The US can release all the reserves they want. If there is no way to move them up the coast, it is useless.

Thank Goodness additional capacity has been built over the past 10 years which hopefully can pick up a bit of the slack. But there is damn little excessive capacity due to the costs and lead times of pipelines.  Used to invest in the companies that actually build/own the pipelines (colonial only leases them) and the margins were very nice due to the inability of competitors to just jump into the business.  That Wide Moat as Warren Buffet likes to say about great companies to invest in is about to bite us in the backside.
The pipeline was shut down for a couple of weeks following a hurricane (Rita I think?) in 2008-2010 period. Gas got really short here in ATL and up and down the SE. Panic buying was the real culprit for many of the shortages at that time. Prices went nuts too. 

 
Last edited by a moderator:

Bump-n-Grind

Get off my lawn.
14,755
3,538
Chesapeake Bay/Vail
That’s discouraging,   My IT company is of the belief most cases are greedy and strike as soon as they can, so back ups beyond a few days are unnecessary.   I should do some manual back ups tomorrow on a portable drive and stick it in my safe, just in case your guy is smarter then mine.   An old school monthly or quarterly back up on media I own might be something when one of the big data storage companies is compromised.    I do back up financial records on a different cloud service from the one IT uses to mirror the server.
if they're greedy and smart enough to do this shit in the first place, they're also smart enough to know about the existence of backups. 

so there's no need to fire all your bullets the minute you get in... the goal is disruption and frustration to make them pay. the minor annoyance of having to restore a couple day old system wont do that. 

 




Top