![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
thewayneSolarWinds provides network security appliances to corporations. And governments. And universities. These organizations depend on companies like SolarWinds because security is VERY hard and it helps to get outside help. You can take my word for it to a degree - I worked in IT for over three decades, and while I did not specifically work in computer/network security, I had enough exposure to it to understand what a huge, tiresome, endless, and thankless job it was. It was truly neverending. You never had enough money or resources, and you were always outnumbered by the baddies.
Now what happens when a company like SolarWinds gets hacked?
I guess the first thing to talk about would be the nature of the hack. Let's suppose an update that SolarWinds pushes out to all of their customers was compromised. Now, ALL of your customers are vulnerable to being infiltrated by the people who compromised SolarWinds.
Perhaps it was a nation-state who did it.
Perhaps Russia.
Let's take a look at who makes up SolarWinds customer list. Here's a listing from SolarWinds' web site:
Notice any familiar names there?
I thought not.
So basically, Russian hackers, some of which are largely synonymous with the Russian government, compromised pretty much the entirety of the United States Government. And the U.S. Military. And effectively the entirety of the S&P 500.
Yeah, and our President has poo-poohed Russian election interference and sucked up to Putin for how long?
https://krebsonsecurity.com/2020/12/u-s-treasury-commerce-depts-hacked-through-solarwinds-compromise/
https://www.schneier.com/blog/archives/2020/12/another-massive-russian-hack-of-us-government-networks.html
Now what happens when a company like SolarWinds gets hacked?
I guess the first thing to talk about would be the nature of the hack. Let's suppose an update that SolarWinds pushes out to all of their customers was compromised. Now, ALL of your customers are vulnerable to being infiltrated by the people who compromised SolarWinds.
Perhaps it was a nation-state who did it.
Perhaps Russia.
Let's take a look at who makes up SolarWinds customer list. Here's a listing from SolarWinds' web site:
Notice any familiar names there?
I thought not.
So basically, Russian hackers, some of which are largely synonymous with the Russian government, compromised pretty much the entirety of the United States Government. And the U.S. Military. And effectively the entirety of the S&P 500.
Yeah, and our President has poo-poohed Russian election interference and sucked up to Putin for how long?
https://krebsonsecurity.com/2020/12/u-s-treasury-commerce-depts-hacked-through-solarwinds-compromise/
https://www.schneier.com/blog/archives/2020/12/another-massive-russian-hack-of-us-government-networks.html
