I was listening to the radio yesterday and some prominent former member of the DT administration was saying that the affected organizations "would have to build new networks from the ground up." So it is not just the engineers who will be pushing for that. -------- Original Message -------- Subject: Re: [Hidden-tech] Maybe some one can help - at least locally Date: 20.12.2020 15:39 From: Daniel Nachbar via Hidden-discuss <hidden-discuss at lists.hidden-tech.net> To: HT-discuss <hidden-discuss at lists.hidden-tech.net> I'm not a network security expert but I have discussed this topic with some. Their consensus view is that there is essentially no way to effectively scrub the compromised networks/machines. These are very sophisticated attackers who had far too much access for far too long. Rebuilding from scratch is likely the only effective response. However such drastic remediation is almost impossible to sell to upper management when there is no immediate evidence of compromise. Worse yet, making the pitch to rebuild requires one to explain to upper management how one totally screwed up in the first place. So most victims will likely instead do some half-measure "security scans", which will of course find nothing (because these are extremely sophisticated attackers), and then just move on. Months or years from now previously unidentified dormant worms will activate and the whole compromise cycle will begin anew. There is going to be a very, very long tail on this thing. On Sun, Dec 20, 2020 at 12:39 PM Rich at tnr via Hidden-discuss <hidden-discuss at lists.hidden-tech.net> wrote: > Should like a job for a super-techie -- any takers ?? > > It’s going to take months to kick elite hackers widely believed to > be Russian out of the U.S. government networks they have been > quietly rifling through since as far back as March in Washington’s > worst cyberespionage failure on record. > > ... “We have a serious problem. We don’t know what networks they > are in, how deep they are, what access they have, what tools they > left,” said Bruce Schneier, a prominent security expert and > Harvard fellow. ... > > https://apnews.com/article/hacking-russia-bafff5557a8941aa1a5ef239d36c4e28?fbclid=IwAR1MvOIpHUL8GrS2IE-g_hd6BY336St-00rQ-C4FRsngagVEDg9zmh6trhM > > -- > Rich Roth > CEO TnR Global > > Bio and personal blog: http://rizbang.com > Building the really big sites: http://www.tnrglobal.com > Small/Soho business in the PV: http://www.hidden-tech.net > Places to meet for business: http://www.meetmewhere.com > And for Arts and relaxation: > http://TarotMuertos.com - Artistic Tarot Deck > http://www.welovemuseums.com > http://www.artonmytv.com/ > Helping move the world: http://www.earththrives.com > _______________________________________________ > Hidden-discuss mailing list - home page: http://www.hidden-tech.net > Hidden-discuss at lists.hidden-tech.net > > You are receiving this because you are on the Hidden-Tech Discussion > list. > If you would like to change your list preferences, Go to the Members > page on the Hidden Tech Web site. > http://www.hidden-tech.net/members _______________________________________________ Hidden-discuss mailing list - home page: http://www.hidden-tech.net Hidden-discuss at lists.hidden-tech.net You are receiving this because you are on the Hidden-Tech Discussion list. If you would like to change your list preferences, Go to the Members page on the Hidden Tech Web site. http://www.hidden-tech.net/members