Posted on 12/19/2020 10:13:01 AM PST by linMcHlp
UPDATED: The seized domain has been turned into a killswitch to prevent the SolarWinds hackers to escalate infections and make new victims.
Microsoft and a coalition of tech companies have intervened today to seize and sinkhole a domain that played a central role in the SolarWinds hack, ZDNet has learned from sources familiar with the matter.
The domain in question is avsvmcloud[.]com, which served as command and control (C&C) server for malware delivered to around 18,000 SolarWinds customers via a trojanized update for the company's Orion app.
SolarWinds Orion updates versions 2019.4 through 2020.2.1, released between March 2020 and June 2020, contained a strain of malware named SUNBURST (also known as Solorigate).
“I thought there was an international governing body that controlled domain names? How does a private company like Microsoft seize the name?”
A group of companies did it. If hackers can do it, a consortium of software companies would have no problem.
DNS servers direct the name to the IP address. An address may look like 151.101.129.121. Much easier to remember MyWebSite.com.
‘Seems like Bill Gates and friends could loan us their best people or form a work group and protect the United States from world class hackers.”
You can’t protect from stupidity.
I understand how IP Addresses work. My question is what legal authority do private companies have to do this?
Don't think that's the case. Over a year ago Solarwinds was warned about lax securirty on their dev system and they ignored the warning. Someone went in and simply added the backdoor to their software as part of the normal dev and distribution process.
They placed code in memory that used the actual admin credentials to traverse servers
Yes, once they were in, their actions and movements were very sophisticated incliuding stealing passwords (not difficutl) and bypassing second factor authentication (difficult). It shows how truly worthless all the security theatre is like "complex" passwords, constantly updating passwords, second factor, etc. It's all unscientific crap.
“Did Gina Haspel” honestly tell President Trump who the actual hacker is?
Not “honestly” as she would define it.
Not “actual” as she would define it.
Not “hacker” as she would define it.
Or the left and John Brennan would define words (and John Roberts, and Chris Christie, and Mitt Romney, and the MSDNC).
p
“What legal authority do private companies have to” seize some domain?
I have the same question.
Especially Microsoft and Unknown-Company-B, and Unknown-Company-C, and . . . Unknown-Company-Z. None of which company names seem to be available, but the liberals are so urgent that Russia must be the hacker.
Despite the hacker being the definite unknown at this time.
“I understand how IP Addresses work. My question is what legal authority do private companies have to do this?”
Private ompanies sinkhole their domain all the time. I am sure the involved were more than have to sink their domain to Microsoft to clean up and hopefully catch the bad actors.
Didn’t Microsoft give China it’s source code a while back.🤔
There are processes in place for legal seizure, such as what they've done. Microsoft's legal army likely fast tracked the documentation to the IANA.
Kinda gives you warm fuzzies to know that our corporate lords and masters can seize any domain they find problematic doesn't it?
I would also point out that MS-Windows itself is a virus that is constant contact with its Borg masters.
1. How was the bad actor able to bundle the DLL as part of a SolarWinds / Orion update?
2. How was the bad actor able to get a valid certificate to sign the DLL?
3. The bad actor seemed to know a lot about the inner workings of SolarWinds / Orion.
Am I the only person that suspects an insider agent was or is working for SolarWinds?
Microsoft strives to be the sole issuer of malware while making holes for other malware.
Anybody that can do this is an expert at exploiting Microsoft’s core. Could this be an insider hack that is supporting a foreign agency?
xxxxxxxxxxxxxxxxxxxxxx
will be waiting for the answer
I bet this was the start of the plan to rig elections and block critics.
obama turned over internet control to the icann company.
https://www.bbc.com/news/technology-37527719
It’s a move being breathlessly described by some as the US “giving up the internet” to the likes of China, Russia and the Middle East.”
“As of Saturday 1 October 2016, Icann will no longer be under US government oversight.
Instead, it’s now a fully “multi-stakeholder” non-profit that will take on board the views of companies, experts, academics and, yes, nation states, in how the naming system of the web is run.”
“Opponents of the plan, the likes of which include presidential candidate Donald Trump and his former rival Ted Cruz, say giving up the power amounts to handing it over to countries like China and Russia.”
In one hearing, Senator Cruz asked if Icann - an international organisation - was bound by the First Amendment to the US constitution defending freedom of speech.
No, came the reply from Icann’s chief executive, Goran Marby.
Senator Ted Cruz has spoken out strongly against the handover plan.
Evidence enough, the senator argued, that by giving Icann complete control over the internet’s naming system, it could use that power to disrupt and censor communications online.
Has Gina H. received a blood transfusion?
But if I just own a computer, not a company or organization, that may not really help me. It might indirectly help by protecting my ISP.
Assuming for the moment, the existance - IF ANY - of the SolarWinds package installed, unbeknownst to you . . .
To get a detailed report of what is installed on your Windows OS based machine, in the command line, type:
msinfo32 /report %USERPROFILE%\Desktop\sys_info_bkup.txt
After the reporting completes, locate the file (sys_info_bkup.txt) on your Desktop and change that file’s name to:
20201219_Saturday_System_Information_bkup_computername.txt
for your convenience.
The report should show SolarWinds installed - IF IT IS INSTALLED.
If not installed, worry less, and continue to keep an eye on your machine’s security.
IF INSTALLED, then try the following webpage that provides the SolarWinds steps for detecting the “SolarWinds.Orion.Core.BusinessLayer.dll” library file:
https://lifars.com/2020/12/guide-to-check-for-sunburst-vulnerability-in-solarwinds/
Or, you might start there, first.
Ping
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.