<div dir="ltr"><div>I'm not a network security expert but I have discussed this topic with some.</div><div><br></div><div>Their consensus view is that there is essentially no way to effectively scrub the compromised networks/machines. These are very sophisticated attackers who had far too much access for far too long. Rebuilding from scratch is likely the only effective response. <br></div><div><br></div><div>However such drastic remediation is almost impossible to sell to upper management when there is no immediate evidence of compromise. Worse yet, making the pitch to rebuild requires one to explain to upper management how one totally screwed up in the first place.</div><div><br></div><div>So most victims will likely instead do some half-measure "security scans", which will of course find nothing (because these are extremely sophisticated attackers), and then just move on. Months or years from now previously unidentified dormant worms will activate and the whole compromise cycle will begin anew.<br></div><div><br></div><div>There is going to be a very, very long tail on this thing.<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Dec 20, 2020 at 12:39 PM Rich@tnr via Hidden-discuss <<a href="mailto:hidden-discuss@lists.hidden-tech.net">hidden-discuss@lists.hidden-tech.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Should like a job for a super-techie -- any takers ??<br>
<br>
<span style="color:rgb(44,44,44);font-family:FreightText,Georgia,serif;font-size:18px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:300;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(245,245,245);text-decoration-style:initial;text-decoration-color:initial;display:inline;float:none">It’s going to take months to kick
elite hackers widely believed to be Russian out of the U.S.
government networks they have been quietly rifling through since
as far back as March in Washington’s worst cyberespionage
failure on record. <br>
</span></p>
<p>... <span style="color:rgb(44,44,44);font-family:FreightText,Georgia,serif;font-size:18px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:300;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(245,245,245);text-decoration-style:initial;text-decoration-color:initial;display:inline;float:none">“We have a serious problem. We don’t
know what networks they are in, how deep they are, what access
they have, what tools they left,” said Bruce Schneier, a
prominent security expert and Harvard fellow. ...<br>
</span></p>
<p><br>
<a href="https://apnews.com/article/hacking-russia-bafff5557a8941aa1a5ef239d36c4e28?fbclid=IwAR1MvOIpHUL8GrS2IE-g_hd6BY336St-00rQ-C4FRsngagVEDg9zmh6trhM" target="_blank">https://apnews.com/article/hacking-russia-bafff5557a8941aa1a5ef239d36c4e28?fbclid=IwAR1MvOIpHUL8GrS2IE-g_hd6BY336St-00rQ-C4FRsngagVEDg9zmh6trhM</a><br>
<br>
</p>
<pre cols="72">--
Rich Roth
CEO TnR Global
Bio and personal blog: <a href="http://rizbang.com" target="_blank">http://rizbang.com</a>
Building the really big sites: <a href="http://www.tnrglobal.com" target="_blank">http://www.tnrglobal.com</a>
Small/Soho business in the PV: <a href="http://www.hidden-tech.net" target="_blank">http://www.hidden-tech.net</a>
Places to meet for business: <a href="http://www.meetmewhere.com" target="_blank">http://www.meetmewhere.com</a>
And for Arts and relaxation:
<a href="http://TarotMuertos.com" target="_blank">http://TarotMuertos.com</a> - Artistic Tarot Deck
<a href="http://www.welovemuseums.com" target="_blank">http://www.welovemuseums.com</a>
<a href="http://www.artonmytv.com/" target="_blank">http://www.artonmytv.com/</a>
Helping move the world: <a href="http://www.earththrives.com" target="_blank">http://www.earththrives.com</a></pre>
</div>
_______________________________________________<br>
Hidden-discuss mailing list - home page: <a href="http://www.hidden-tech.net" rel="noreferrer" target="_blank">http://www.hidden-tech.net</a><br>
<a href="mailto:Hidden-discuss@lists.hidden-tech.net" target="_blank">Hidden-discuss@lists.hidden-tech.net</a><br>
<br>
You are receiving this because you are on the Hidden-Tech Discussion list.<br>
If you would like to change your list preferences, Go to the Members<br>
page on the Hidden Tech Web site.<br>
<a href="http://www.hidden-tech.net/members" rel="noreferrer" target="_blank">http://www.hidden-tech.net/members</a><br>
</blockquote></div>