Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Group Behind Alleged Russia Hack Broke Into Microsoft's Internal Systems
NPR ^ | December 31, 2020·4:49 PM ET | Bobby Allyn

Posted on 12/31/2020 3:51:54 PM PST by BenLurkin

The group behind the suspected Russian attack into U.S. government agencies and private companies was able to hack into Microsoft's internal systems and access some of the company's source code, the tech giant said in a blog post on Thursday.

Microsoft had previously said it was among thousands of companies that discovered malware on its systems after downloading a routine software update from the company SolarWinds containing a possible "backdoor" for hackers to gain access to sensitive company data.

But the admission on Thursday is the first time Microsoft acknowledged that the attackers had successfully broken into the company's systems and had viewed source code, the carefully guarded DNA of the company's software products.

"We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories," the company said. "The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated."

Dmitri Alperovitch, a cybersecurity expert and chairman of Silverado Policy Accelerator, a Washington-based think tank, said while the breach appears to be a "serious issue" and can potentially make it easier for attackers to uncover additional vulnerabilities at Microsoft, the company's worst fears were not realized.

"This attack was not as bad as it could have been for Microsoft," Alperovitch said. "If they had modified the source code, or used it to introduce new backdoors, since Microsoft has billions of users out there in pretty much every organizations all around the planet, that would've been a very severe, very grave concern," he said. "But that doesn't appear to be the case."

Many facts remain unknown about how the cyber attackers targeted Microsoft. It did not say what products the viewed source code was tied to, or how long the hackers were able to stay within the company's systems.

"Is it Microsoft Cloud Services? Is it their Windows operating system? Is it Microsoft Office? That would be very helpful to know to understand what source code was accessed and what vulnerabilities may be in that source code now," Alperovitch said.

David Kennedy, who runs the Ohio-based company TrustedSec LLC, which investigated the hack, offered additional questions.

"Does this impact authentication mechanisms and how usernames and passwords are protected? Are they in the operating system side of the house or future projects? These are key things we need to understand to know how deep this goes," Kennedy said. "The more access they had, the greater potential damage there is in the future." In its blog post, Microsoft downplayed the significance of the attackers reading its source code, saying, unlike other tech companies, employees at the company have an "open source-like culture" to viewing source code within the firm. "So viewing source code isn't tied to elevation of risk," the company said.

That may be true, said security expert Kennedy, but having a group of malicious hackers from a foreign country reading a company's source code is a completely different matter.

"Those are typically trusted employees within an organization that have access to source code and aren't looking at it from an adversary's perspective, " he said. "This can be used by adversaries later on to launch additional attacks."

Investigators are still probing the far-reaching attack, which has been traced back to October and compromised 18,000 private and government users who inadvertently downloaded a tainted software update from the Texas firm SolarWinds.

U.S. agencies including the Departments of State, Treasury, Commerce, Energy and Homeland Security were compromised.

But, as expert Alperovitch notes, what exactly the suspected Russian agents stole is still a mystery.

"This is just one more shoe to drop," he said. "There will be many more in the coming months. We'll learn about more victims, more data that was taken. So we're just in the very early innings of this investigation."


TOPICS: Computers/Internet
KEYWORDS: alperovitch; crowdstrike; davidkennedy; dmitrialperovitch; microsoft; obama; solarwinds; sourcecode; speedwaybomber; texas; trustedsec
Navigation: use the links below to view more comments.
first 1-2021-23 next last

1 posted on 12/31/2020 3:51:54 PM PST by BenLurkin
[ Post Reply | Private Reply | View Replies]

To: BenLurkin

In other news, Russian Hackers are now being sent offers for discounted apps and Office 365 subscriptions that they cannot seem to get rid of... ;-/


2 posted on 12/31/2020 3:56:18 PM PST by ThunderSleeps (Biden/Harris - illegitimate and everyone knows it.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ThunderSleeps

same old Deep Staters being quoted by FakeNewsMSM:

Dmitri Alperovitch: Co-founder & former CTO, CrowdStrike Inc; Senior Fellow, Atlantic Council...
In February 2020, Alperovitch left CrowdStrike to launch a nonprofit focused on cybersecurity in a geopolitical context...


3 posted on 12/31/2020 4:18:45 PM PST by MAGAthon
[ Post Reply | Private Reply | To 2 | View Replies]

To: BenLurkin

The group behind the suspected Russian attack into U.S. government agencies and private companies was able to hack into Microsoft’s internal systems and access some of the company’s source code...

Sorry, not buying this. How would anyone know who hacked in? Hackers can look like they’re coming from anywhere. It could even be our own CIA hacking in and making it look like it is a Russian hack.

No article can be taken at face value any longer.

https://theintercept.com/2017/03/08/wikileaks-files-show-the-cia-repurposing-foreign-hacking-code-to-save-time-not-to-frame-russia/


4 posted on 12/31/2020 4:20:03 PM PST by Flick Lives (#resist)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BenLurkin

ping


5 posted on 12/31/2020 4:26:04 PM PST by zeestephen
[ Post Reply | Private Reply | To 1 | View Replies]

To: Flick Lives

New One World Government.


6 posted on 12/31/2020 4:26:45 PM PST by kaehurowing
[ Post Reply | Private Reply | To 4 | View Replies]

To: Flick Lives

Anyone notice how everything is running perceptibly slower now?

Check your smartphone settings. What is the largest consumer of your battery power now? “Exposure Notifications.”


7 posted on 12/31/2020 4:28:41 PM PST by kaehurowing
[ Post Reply | Private Reply | To 4 | View Replies]

To: ThunderSleeps

Endless updates requiring constant restarts.


8 posted on 12/31/2020 4:30:23 PM PST by wally_bert (I cannot be sure for certain, but in my personal opinion I am certain that I am not sure.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Flick Lives
"The group behind the suspected Russian attack "

We've yet to see a single technical and/or coherent (non-political) explanation that indicts Russia and exonerates China.

The term for this kind of attack is Advanced Persistent Threat (APT) and it was originally coined by an Air Force Colonel.

Although several countries have been identified as APT actors, China is known and demonstrated to have been the chief APT actors for the last decade.

So where's even one single iota of evidence that makes the Russia vs. China case.

Of course one would expect the stenographic press sluts of the USA to repeat verbatim whatever their hidden "sources" want them to believe, and of course 99 percent of the stenographers are incompetent to decipher or question even basic technical information.

So the simple answer to yet another "Russia, Russia, Russia" (and NOT China) is "Prove it. Where's your evidence, and where'd you get it?"

9 posted on 12/31/2020 4:49:20 PM PST by Jeepers43
[ Post Reply | Private Reply | To 4 | View Replies]

To: MAGAthon; bitt; little jeremiah; Liz

Thanx for adding the background on dimitri alperovitch.

Connects to hildabeast emails Ukraine .....

Are they trying to clean him up now as an expert??

^^^^^^^^^^^^^^^^^^^^

Dmitri Alperovitch, a cybersecurity expert and chairman of Silverado Policy Accelerator, a Washington-based think tank, said while the breach appears to be a “serious issue” and can potentially make it easier for attackers to uncover additional vulnerabilities at Microsoft, the company’s worst fears were not realized.


10 posted on 12/31/2020 4:58:51 PM PST by thinden
[ Post Reply | Private Reply | To 3 | View Replies]

To: dayglored

Ping.


11 posted on 12/31/2020 5:01:31 PM PST by Army Air Corps (Four Fried Chickens and a Coke)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BenLurkin

More Russia/Russia/Russia,Russia/Russia/Russia B$ from NPR.

This Russia/Russia/Russia,Russia/Russia/Russia B$, paid for by the ChiComs.


12 posted on 12/31/2020 5:20:56 PM PST by Grampa Dave (If voting could change anything, they would not let us do it...!!! Posted by glasseye, 12/19/2020!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: thinden
How the Obama White House engaged Ukraine to give Russia collusion narrative an early boost
The Hill ^ | 04/25/19 | John Solomon / FR Posted by McGruff

As Donald Trump began his meteoric rise to the presidency, the Obama White House summoned Ukrainian authorities to Washington to coordinate ongoing anti-corruption efforts inside Russia’s most critical neighbor. The January 2016 gathering, confirmed by multiple participants and contemporaneous memos, brought some of Ukraine’s top corruption prosecutors and investigators face to face with members of President Obama’s National Security Council (NSC), the FBI, State Department and Department of Justice (DOJ).

The agenda suggested the purpose was training and coordination. But Ukrainian participants said it didn’t take long — during the meetings and afterwards — to realize the Americans’ objectives included two politically hot investigations: one that touched Vice President Joe Biden’s family, and one that involved a lobbying firm.......

http://observer.com/2017/01/ukraine-hillary-clinton-donald-trump-election/http://observer.com/2017/01/ukraine-hillary-clinton-donald-trump-election/

================================================

OPINION Ukraine Tried to Tip the Election in Clinton’s Favor
Evidence reveals that Ukraine intervened to tilt the election in favor of its national interests

By Michael Sainato • 01/12/17

Politico reported that the Ukrainian founder and CTO of Crowdstrike, the cyber security firm that the DNC hired to investigate the alleged Ukrainian Prime Minister Arseniy Yatsenyuk, who took over after pro-Russian President Viktor Yanukovych was removed in early 2014. In August, Politico reported that, Dmitri Alperovitch, also serves as a senior fellow to the Washington-based think tank Atlantic Council, which is openly anti-Russian . The Atlantic Council is funded by Ukrainian oligarch Victor Pinchuk, who also happens to be one of the most prolific donors to the Clinton Foundation. The DNC denied multiple requests from the FBI to access their servers, effectively forcing the FBI to rely on CrowdStrike’s assessment of the hacks.

The Atlantic Council has propagated anti-Russian sentiment and advocated for bolstering NATO forces in anticipation of a military conflict between with Russia long before Wikileaks released emails from the DNC and Clinton Campaign Manager John Podesta. In 2013, the Atlantic Council awarded Hillary Clinton its Distinguished International Leadership Award. In 2014, the Atlantic Council hosted one of several events.

Trump’s favorable rhetoric to Russia was concerning Ukraine. The article stated, “Russia wants Trump for U.S. president; Ukraine is terrified by Trump and prefers Hillary Clinton.”

<><> Victor Pinchuk, a former Ukrainian parliamentarian and businessman whose father-in-law is a former president of Ukraine is a connected Ukrainian who served two terms as an elected member of the Ukrainian Parliament and is a proponent of closer ties between Ukraine and the European Union.

<><> The Clinton Foundation publicly reports, and its foundation spokesman confirmed, that other foreign entities have given more than the Pinchuk Foundation (which is listed as having given between $10 million and $25 million).

<><> Between 2009 and 2013, including when Mrs. Clinton was secretary of state, the Clinton Foundation received at least $8.6 million from the Victor Pinchuk Foundation based in Kiev, Ukraine, the Journal reported.

<><> In 2008, “Mr. Pinchuk made a five-year, $29 million commitment to the Clinton Global Initiative (a wing of the foundation that coordinates charitable projects) "to train future Ukrainian leaders and professionals to modernize Ukraine," according to the Clinton Foundation.
<><> Several alumni of the Clinton program are current members of the Ukrainian Parliament.

<><> Ukranian Pinchuk was especially generous---not only blanketing the Clinton Foundation with money, he hired Hillary for a $300,00 speech to help him boost Ukraine's creds; even Chelsea got into the act.

CIRCA 2013----Ukranian billionaire Viktor Pinchuk hires Hillary to give a speech at a Ukraine forum discussing regime change, exiting Russia....and hitting up the US for more foreign aid.

In response to their preferred candidate Hillary losing the election, Ukrainian officials are now scrambling to revert from their lobbying for Hillary Clinton and the DNC. Ukrainian President Petro Poroshenko recently signed a $50,000-a-month contract with a lobbying firm to set up meetings with U.S. officials in the new administration. Ukrainian billionaire Victor Pinchuk wrote an op-ed on December 29 in the Wall Street Journal in which he argued that Ukraine needs make compromises to establish peace with Russia. After the election, reports surfaced that Pinchuk donated to Trump’s charity to try to gain the same favor and access that his donations to the Clinton Foundation afforded him.

“The sole reason the Victor Pinchuk Foundation has reached out to President-elect Trump—as well as other world leaders—has been to promote strengthened and enduring ties between Ukraine and the West,” a spokeswoman for the Pinchuk foundation told ABC News.

While past elections in Ukraine have been viewed as proxy battles between the U.S. and Russia, it appears that the 2016 presidential election in the U.S. faced similar influence from two foreign countries attempting to influence an election outcome preferable to their own national interests.

Chelsea Clinton and Viktor Pinchuk who donated $29 million to Clinton Foundation in Kiev, Ukraine 8/21/16.

13 posted on 12/31/2020 5:23:41 PM PST by Liz ( Our side has 8 trillion bullets; the other side doesn't know which bathroom to use. )
[ Post Reply | Private Reply | To 10 | View Replies]

To: MAGAthon

What they don’t understand is the cyber platforms these guys sell are not working, but they continue to consult them as experts.


14 posted on 12/31/2020 5:26:54 PM PST by HonkyTonkMan ( )
[ Post Reply | Private Reply | To 3 | View Replies]

To: Whenifhow; null and void; aragorn; EnigmaticAnomaly; kalee; Kale; AZ .44 MAG; Baynative; bgill; ...

crowsstrike - spit!


15 posted on 12/31/2020 6:32:20 PM PST by bitt (Anton Chekov: “Any idiot can face a crisis; it's this day-to-day living that wears you out.”)
[ Post Reply | Private Reply | To 3 | View Replies]

To: BenLurkin

Nobody Expects the Russian Hack!


16 posted on 12/31/2020 6:32:57 PM PST by dfwgator (Endut! Hoch Hech!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BenLurkin; piasa
Dmitri Alperovitch, a cybersecurity expert and chairman of Silverado Policy Accelerator, a Washington-based think tank

CrowdStrike's phony "expert" Dmitri Alperovitch has moved on to a new front group with the same racket.

17 posted on 12/31/2020 7:38:04 PM PST by Fedora
[ Post Reply | Private Reply | To 1 | View Replies]

To: Fedora
David Kennedy, who runs the Ohio-based company TrustedSec LLC, which investigated the hack, offered additional questions.

And who's this joker?

18 posted on 12/31/2020 7:40:58 PM PST by Fedora
[ Post Reply | Private Reply | To 17 | View Replies]

To: Army Air Corps

Thanks for the ping. I pinged the windows list earlier on a prior thread of the same topic, and I try not to spam the list. But I do appreciate the heads up.

https://freerepublic.com/focus/f-news/3920439/posts?page=11#11


19 posted on 12/31/2020 8:38:10 PM PST by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government."`)
[ Post Reply | Private Reply | To 11 | View Replies]

To: Flick Lives

hack into Microsoft’s internal systems and access some of the company’s source code,
= = =

I think MS would not have its internal systems, especially source code, connected to the internet.


20 posted on 12/31/2020 8:47:46 PM PST by Scrambler Bob (This is not /s. It is just as viable as any MSM 'information', maybe more so!)
[ Post Reply | Private Reply | To 4 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-23 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson