[Hidden-tech] Maybe some one can help - at least locally
Daniel Nachbar
daniel.nachbar at gmail.com
Mon Dec 28 21:59:06 UTC 2020
As a follow-up, here is a link to Bruce Schneier's more authoritative
assessment of the issue.
He concurs with my friends' conclusion that rebuilding from scratch,
aka "burning the network to the ground" is the most appropriate response.
https://www.theguardian.com/commentisfree/2020/dec/23/cyber-attack-us-security-protocols
On Mon, Dec 21, 2020 at 3:07 PM Alan Frank <alan at 8wheels.org> wrote:
> I was listening to the radio yesterday and some prominent former member
> of the DT administration was saying that the affected organizations
> "would have to build new networks from the ground up." So it is not
> just the engineers who will be pushing for that.
>
>
> -------- Original Message --------
> Subject: Re: [Hidden-tech] Maybe some one can help - at least locally
> Date: 20.12.2020 15:39
> From: Daniel Nachbar via Hidden-discuss
> <hidden-discuss at lists.hidden-tech.net>
> To: HT-discuss <hidden-discuss at lists.hidden-tech.net>
>
> I'm not a network security expert but I have discussed this topic with
> some.
>
> Their consensus view is that there is essentially no way to
> effectively scrub the compromised networks/machines. These are very
> sophisticated attackers who had far too much access for far too long.
> Rebuilding from scratch is likely the only effective response.
>
> However such drastic remediation is almost impossible to sell to upper
> management when there is no immediate evidence of compromise. Worse
> yet, making the pitch to rebuild requires one to explain to upper
> management how one totally screwed up in the first place.
>
> So most victims will likely instead do some half-measure "security
> scans", which will of course find nothing (because these are extremely
> sophisticated attackers), and then just move on. Months or years from
> now previously unidentified dormant worms will activate and the whole
> compromise cycle will begin anew.
>
> There is going to be a very, very long tail on this thing.
>
> On Sun, Dec 20, 2020 at 12:39 PM Rich at tnr via Hidden-discuss
> <hidden-discuss at lists.hidden-tech.net> wrote:
>
> > Should like a job for a super-techie -- any takers ??
> >
> > It’s going to take months to kick elite hackers widely believed to
> > be Russian out of the U.S. government networks they have been
> > quietly rifling through since as far back as March in Washington’s
> > worst cyberespionage failure on record.
> >
> > ... “We have a serious problem. We don’t know what networks they
> > are in, how deep they are, what access they have, what tools they
> > left,” said Bruce Schneier, a prominent security expert and
> > Harvard fellow. ...
> >
> >
>
> https://apnews.com/article/hacking-russia-bafff5557a8941aa1a5ef239d36c4e28?fbclid=IwAR1MvOIpHUL8GrS2IE-g_hd6BY336St-00rQ-C4FRsngagVEDg9zmh6trhM
> >
> > --
> > Rich Roth
> > CEO TnR Global
> >
> > Bio and personal blog: http://rizbang.com
> > Building the really big sites: http://www.tnrglobal.com
> > Small/Soho business in the PV: http://www.hidden-tech.net
> > Places to meet for business: http://www.meetmewhere.com
> > And for Arts and relaxation:
> > http://TarotMuertos.com - Artistic Tarot Deck
> > http://www.welovemuseums.com
> > http://www.artonmytv.com/
> > Helping move the world: http://www.earththrives.com
> > _______________________________________________
> > Hidden-discuss mailing list - home page: http://www.hidden-tech.net
> > Hidden-discuss at lists.hidden-tech.net
> >
> > You are receiving this because you are on the Hidden-Tech Discussion
> > list.
> > If you would like to change your list preferences, Go to the Members
> > page on the Hidden Tech Web site.
> > http://www.hidden-tech.net/members
> _______________________________________________
> Hidden-discuss mailing list - home page: http://www.hidden-tech.net
> Hidden-discuss at lists.hidden-tech.net
>
> You are receiving this because you are on the Hidden-Tech Discussion
> list.
> If you would like to change your list preferences, Go to the Members
> page on the Hidden Tech Web site.
> http://www.hidden-tech.net/members
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20201228/dd3cf5c0/attachment.html>
More information about the Hidden-discuss
mailing list