Wassup with Bill Barr? He’s mighty quiet, he seems to be allowing this indictments of Russian officials even though he said the mueller report was insufficient 
RUSSIA 🇷🇺 Thread: Wikileaks=FSB front, UKRAINE?, SNOWED LIED; NATO Aggression; Trump = Putins B!tch
- Thread starter ☑︎#VoteDemocrat
- Start date
Theodoresolderbreh
No Shorts No Malarkey
has anybody heard from him? His 4 cheeseburgers for breakfast ass might be deadWassup with Bill Barr? He’s mighty quiet, he seems to be allowing this indictments of Russian officials even though he said the mueller report was insufficient
FireEye, a Top Cybersecurity Firm, Says It Was Hacked by a Nation-State
FireEye, a Top Cybersecurity Firm, Says It Was Hacked by a Nation-State
The Silicon Valley company said hackers — almost certainly Russian — made off with tools that could be used to mount new attacks around the world.
Dec. 8, 2020Updated 4:59 p.m. ET
FireEye’s clients after huge breaches have included Sony and Equifax. Hackers targeted its “Red Team” tools.David Becker/Reuters
WASHINGTON — For years, the cybersecurity firm FireEye has been the first call for government agencies and companies around the world who have been hacked by the most sophisticated attackers, or fear they might be.
Now it looks like the hackers — in this case, evidence points to Russia’s intelligence agencies — may be exacting their revenge.
FireEye revealed on Tuesday that its own systems were pierced by what it called “a nation with top-tier offensive capabilities.” The company said hackers used “novel techniques” to make off with its own tool kit, which could be useful in mounting new attacks around the world.
It was a stunning theft, akin to bank robbers who, having cleaned out local vaults, then turned around and stole the F.B.I.’s investigative tools. In fact, FireEye said on Tuesday, moments after the stock market closed, that it had called in the F.B.I.
The $3.5 billion company, which partly makes a living by identifying the culprits in some of the world’s boldest breaches — its clients have included Sony and Equifax — declined to say explicitly who was responsible. But its description, and the fact that the F.B.I. has turned the case over to its Russia specialists, left little doubt who the lead suspects were and that they were after what the company calls “Red Team tools.”
These are essentially digital tools that replicate the most sophisticated hacking tools in the world. FireEye uses the tools — with the permission of a client company or government agency — to look for vulnerabilities in their systems. Most of the tools are based in a digital vault that FireEye closely guards.
The hack raises the possibility that Russian intelligence agencies saw an advantage in mounting the attack while American attention — including FireEye’s — was focused on securing the presidential election system. At a moment that the nation’s public and private intelligence systems were seeking out breaches of voter registration systems or voting machines, it may have a been a good time for those Russian agencies, which were involved in the 2016 election breaches, to turn their sights on other targets.
The hack was the biggest known theft of cybersecurity tools since those of the National Security Agency were purloined in 2016 by a still-unidentified group that calls itself the ShadowBrokers. That group dumped the N.S.A.’s hacking tools online over several months, handing nation-states and hackers the “keys to the digital kingdom,” as one former N.S.A. operator put it. North Korea and Russia ultimately used the N.S.A.’s stolen weaponry in destructive attacks on government agencies, hospitals and the world’s biggest conglomerates — at a cost of more than $10 billion.
The N.S.A.’s tools were most likely more useful than FireEye’s since the U.S. government builds purpose-made digital weapons. FireEye’s Red Team tools are essentially built from malware that the company has seen used in a wide range of attacks.
Still, the advantage of using stolen weapons is that nation-states can hide their own tracks when they launch attacks.
On Tech with Shira Ovide: Your guide to how technology is transforming our lives — in the time of coronavirus and beyond.
“Hackers could leverage FireEye’s tools to hack risky, high-profile targets with plausible deniability,” said Patrick Wardle, a former N.S.A. hacker who is now a principal security researcher at Jamf, a software company. “In risky environments, you don’t want to burn your best tools, so this gives advanced adversaries a way to use someone else’s tools without burning their best capabilities.”
A Chinese state-sponsored hacking group was previously caught using the N.S.A.’s hacking tools in attacks around the world, ostensibly after discovering the N.S.A.’s tools on its own systems. “It’s like a no-brainer,” said Mr. Wardle.
The breach is likely to be a black eye for FireEye. Its investigators worked with Sony after the devastating 2014 attack that the firm later attributed to North Korea. It was FireEye that was called in after the State Department and other American government agencies were breached by Russian hackers in 2015. And its major corporate clients include Equifax, the credit monitoring service that was hacked three years ago, affecting nearly half of the American population.
In the FireEye attack, the hackers went to extraordinary lengths to avoid being seen. They created several thousand internet protocol addresses — many inside the United States — that had never before been used in attacks. By using those addresses to stage their attack, it allowed the hackers to better conceal their whereabouts.
“This attack is different from the tens of thousands of incidents we have responded to throughout the years,” said Kevin Mandia, FireEye’s chief executive. (He was the founder of Mandiant, a firm that FireEye acquired in 2014.)
But FireEye said it was still investigating exactly how the hackers had breached its most protected systems. Details were thin.
Mr. Mandia, a former Air Force intelligence officer, said the attackers “tailored their world-class capabilities specifically to target and attack FireEye.” He said they appeared to be highly trained in “operational security” and exhibited “discipline and focus,” while moving clandestinely to escape the detection of security tools and forensic examination. Google, Microsoft and other firms that conduct cybersecurity investigations said they had never seen some of these techniques.
FireEye also published key elements of its “Red Team” tools so that others around the world would see attacks coming.
American investigators are trying to determine if the attack has any relationship to another sophisticated operation that the N.S.A. said Russia was behind in a warning issued on Monday. That gets into a type of software, called VM for virtual machines, which is used widely by defense companies and manufacturers. The N.S.A. declined to say what the targets of that attack were. It is unclear whether the Russians used their success in that breach to get into FireEye’s systems.
The attack on FireEye could be a retaliation of sorts. The company’s investigators have repeatedly called out units of the Russian military intelligence — the G.R.U., the S.V.R. and the F.S.B., the successor agency to the Soviet-era K.G.B. — for high-profile hacks on the power grid in Ukraine and on American municipalities. They were also the first to call out the Russian hackers behind an attack that successfully dismantled the industrial safety locks at a Saudi petrochemical plant, the very last step before triggering an explosion.
“The Russians believe in revenge,” said James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies in Washington. “Suddenly, FireEye’s customers are vulnerable.”
On Tuesday, Russia’s National Association for International Information Security held a forum with global security experts where Russian officials again claimed that there was no evidence its hackers were responsible for attacks that have resulted in American sanctions and indictments.
Security firms have been a frequent target for nation-states and hackers, in part because their tools maintain a deep level of access to corporate and government clients all over the world. By hacking into those tools and stealing source code, spies and hackers can gain a foothold to victims’ systems.
McAfee, Symantec and Trend Micro were among the list of major security companies whose code a Russian-speaking hacker group claimed to have stolen last year. Kaspersky, the Russian security firm, was hacked by Israeli hackers in 2017. And in 2012, Symantec confirmed that a segment of its antivirus source code was stolen by hackers.
David E. Sanger reported from Washington and Nicole Perlroth from San Francisco.
David E. Sanger is a national security correspondent. In a 36-year reporting career for The Times, he has been on three teams that have won Pulitzer Prizes, most recently in 2017 for international reporting. His newest book is “The Perfect Weapon: War, Sabotage and Fear in the Cyber Age.” @SangerNYT • Facebook
Nicole Perlroth is a cybersecurity reporter. Her first book, “This Is How They Tell Me The World Ends,” about the global cyber arms race, will publish in February 2021. @nicoleperlroth
FireEye, a Top Cybersecurity Firm, Says It Was Hacked by a Nation-State
The Silicon Valley company said hackers — almost certainly Russian — made off with tools that could be used to mount new attacks around the world.
Dec. 8, 2020Updated 4:59 p.m. ET
FireEye’s clients after huge breaches have included Sony and Equifax. Hackers targeted its “Red Team” tools.David Becker/Reuters
WASHINGTON — For years, the cybersecurity firm FireEye has been the first call for government agencies and companies around the world who have been hacked by the most sophisticated attackers, or fear they might be.
Now it looks like the hackers — in this case, evidence points to Russia’s intelligence agencies — may be exacting their revenge.
FireEye revealed on Tuesday that its own systems were pierced by what it called “a nation with top-tier offensive capabilities.” The company said hackers used “novel techniques” to make off with its own tool kit, which could be useful in mounting new attacks around the world.
It was a stunning theft, akin to bank robbers who, having cleaned out local vaults, then turned around and stole the F.B.I.’s investigative tools. In fact, FireEye said on Tuesday, moments after the stock market closed, that it had called in the F.B.I.
The $3.5 billion company, which partly makes a living by identifying the culprits in some of the world’s boldest breaches — its clients have included Sony and Equifax — declined to say explicitly who was responsible. But its description, and the fact that the F.B.I. has turned the case over to its Russia specialists, left little doubt who the lead suspects were and that they were after what the company calls “Red Team tools.”
These are essentially digital tools that replicate the most sophisticated hacking tools in the world. FireEye uses the tools — with the permission of a client company or government agency — to look for vulnerabilities in their systems. Most of the tools are based in a digital vault that FireEye closely guards.
The hack raises the possibility that Russian intelligence agencies saw an advantage in mounting the attack while American attention — including FireEye’s — was focused on securing the presidential election system. At a moment that the nation’s public and private intelligence systems were seeking out breaches of voter registration systems or voting machines, it may have a been a good time for those Russian agencies, which were involved in the 2016 election breaches, to turn their sights on other targets.
The hack was the biggest known theft of cybersecurity tools since those of the National Security Agency were purloined in 2016 by a still-unidentified group that calls itself the ShadowBrokers. That group dumped the N.S.A.’s hacking tools online over several months, handing nation-states and hackers the “keys to the digital kingdom,” as one former N.S.A. operator put it. North Korea and Russia ultimately used the N.S.A.’s stolen weaponry in destructive attacks on government agencies, hospitals and the world’s biggest conglomerates — at a cost of more than $10 billion.
The N.S.A.’s tools were most likely more useful than FireEye’s since the U.S. government builds purpose-made digital weapons. FireEye’s Red Team tools are essentially built from malware that the company has seen used in a wide range of attacks.
Still, the advantage of using stolen weapons is that nation-states can hide their own tracks when they launch attacks.
On Tech with Shira Ovide: Your guide to how technology is transforming our lives — in the time of coronavirus and beyond.
“Hackers could leverage FireEye’s tools to hack risky, high-profile targets with plausible deniability,” said Patrick Wardle, a former N.S.A. hacker who is now a principal security researcher at Jamf, a software company. “In risky environments, you don’t want to burn your best tools, so this gives advanced adversaries a way to use someone else’s tools without burning their best capabilities.”
A Chinese state-sponsored hacking group was previously caught using the N.S.A.’s hacking tools in attacks around the world, ostensibly after discovering the N.S.A.’s tools on its own systems. “It’s like a no-brainer,” said Mr. Wardle.
The breach is likely to be a black eye for FireEye. Its investigators worked with Sony after the devastating 2014 attack that the firm later attributed to North Korea. It was FireEye that was called in after the State Department and other American government agencies were breached by Russian hackers in 2015. And its major corporate clients include Equifax, the credit monitoring service that was hacked three years ago, affecting nearly half of the American population.
In the FireEye attack, the hackers went to extraordinary lengths to avoid being seen. They created several thousand internet protocol addresses — many inside the United States — that had never before been used in attacks. By using those addresses to stage their attack, it allowed the hackers to better conceal their whereabouts.
“This attack is different from the tens of thousands of incidents we have responded to throughout the years,” said Kevin Mandia, FireEye’s chief executive. (He was the founder of Mandiant, a firm that FireEye acquired in 2014.)
But FireEye said it was still investigating exactly how the hackers had breached its most protected systems. Details were thin.
Mr. Mandia, a former Air Force intelligence officer, said the attackers “tailored their world-class capabilities specifically to target and attack FireEye.” He said they appeared to be highly trained in “operational security” and exhibited “discipline and focus,” while moving clandestinely to escape the detection of security tools and forensic examination. Google, Microsoft and other firms that conduct cybersecurity investigations said they had never seen some of these techniques.
FireEye also published key elements of its “Red Team” tools so that others around the world would see attacks coming.
American investigators are trying to determine if the attack has any relationship to another sophisticated operation that the N.S.A. said Russia was behind in a warning issued on Monday. That gets into a type of software, called VM for virtual machines, which is used widely by defense companies and manufacturers. The N.S.A. declined to say what the targets of that attack were. It is unclear whether the Russians used their success in that breach to get into FireEye’s systems.
The attack on FireEye could be a retaliation of sorts. The company’s investigators have repeatedly called out units of the Russian military intelligence — the G.R.U., the S.V.R. and the F.S.B., the successor agency to the Soviet-era K.G.B. — for high-profile hacks on the power grid in Ukraine and on American municipalities. They were also the first to call out the Russian hackers behind an attack that successfully dismantled the industrial safety locks at a Saudi petrochemical plant, the very last step before triggering an explosion.
“The Russians believe in revenge,” said James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies in Washington. “Suddenly, FireEye’s customers are vulnerable.”
On Tuesday, Russia’s National Association for International Information Security held a forum with global security experts where Russian officials again claimed that there was no evidence its hackers were responsible for attacks that have resulted in American sanctions and indictments.
Security firms have been a frequent target for nation-states and hackers, in part because their tools maintain a deep level of access to corporate and government clients all over the world. By hacking into those tools and stealing source code, spies and hackers can gain a foothold to victims’ systems.
McAfee, Symantec and Trend Micro were among the list of major security companies whose code a Russian-speaking hacker group claimed to have stolen last year. Kaspersky, the Russian security firm, was hacked by Israeli hackers in 2017. And in 2012, Symantec confirmed that a segment of its antivirus source code was stolen by hackers.
David E. Sanger reported from Washington and Nicole Perlroth from San Francisco.
David E. Sanger is a national security correspondent. In a 36-year reporting career for The Times, he has been on three teams that have won Pulitzer Prizes, most recently in 2017 for international reporting. His newest book is “The Perfect Weapon: War, Sabotage and Fear in the Cyber Age.” @SangerNYT • Facebook
Nicole Perlroth is a cybersecurity reporter. Her first book, “This Is How They Tell Me The World Ends,” about the global cyber arms race, will publish in February 2021. @nicoleperlroth
Last edited:
UPDATE: it’s russia again
Russian government spies are behind a broad hacking campaign that has breached U.S. agencies and a top cyber firm
The Russian government hackers who breached a top cybersecurity firm are behind a global espionage campaign that also compromised the Treasury and Commerce departments and other government agencies, according to people familiar with the matter, who requested anonymity because of the sensitivity of the matter.
The FBI is investigating the campaign by a hacking group working for the Russian foreign intelligence service, SVR. The group, known among private-sector security firms as APT29 or Cozy Bear, also hacked the State Department and the White House during the Obama administration.
It is not clear what information was accessed.
Reuters first reported the hacks of the Treasury and Commerce agencies Sunday, saying they were carried out by a foreign government-backed group. The SVR link to the broader campaign is previously unreported.
The matter was so serious it prompted an emergency National Security Council meeting on Saturday, Reuters reported.
“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” said NSC spokesman John Ullyot. He would not comment on the country or group responsible.
APT29 has been linked to several has attempted to steal coronavirus vaccine research.
The Washington Post reported last week that the Russian hacking group, APT29, breached the cybersecurity firm, FireEye, according to sources familiar with the report.
[Russian spies believed to have hacked FireEye]
At Commerce, the Russians targeted the National Telecommunications and Information Administration, an agency that handles internet and telecommunications policy, Reuters reported.
The campaign is said to be quite broad, encompassing an array of targets, including government agencies in the United States and other countries. It has been running for months, one person said.
In 2015, the same group compromised the servers of the Democratic National Committee. But unlike a rival Russian spy agency, which also hacked the DNC, it did not leak stolen material. In 2016, the GRU military spy agency leaked hacked emails to the online anti-secrecy organization WikiLeaks in an operation that disrupted the Democrats’ national convention in the midst of the presidential campaign.
The SVR, by contrast, hacks for traditional espionage purposes, stealing information that might help the Kremlin understand the plans and motives of politicians and policymakers. Its operators also have filched industrial secrets, hacked foreign ministries and gone after coronavirus vaccine data.
Russian government spies are behind a broad hacking campaign that has breached U.S. agencies and a top cyber firm
The Russian government hackers who breached a top cybersecurity firm are behind a global espionage campaign that also compromised the Treasury and Commerce departments and other government agencies, according to people familiar with the matter, who requested anonymity because of the sensitivity of the matter.
The FBI is investigating the campaign by a hacking group working for the Russian foreign intelligence service, SVR. The group, known among private-sector security firms as APT29 or Cozy Bear, also hacked the State Department and the White House during the Obama administration.
It is not clear what information was accessed.
Reuters first reported the hacks of the Treasury and Commerce agencies Sunday, saying they were carried out by a foreign government-backed group. The SVR link to the broader campaign is previously unreported.
The matter was so serious it prompted an emergency National Security Council meeting on Saturday, Reuters reported.
“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” said NSC spokesman John Ullyot. He would not comment on the country or group responsible.
APT29 has been linked to several has attempted to steal coronavirus vaccine research.
The Washington Post reported last week that the Russian hacking group, APT29, breached the cybersecurity firm, FireEye, according to sources familiar with the report.
[Russian spies believed to have hacked FireEye]
At Commerce, the Russians targeted the National Telecommunications and Information Administration, an agency that handles internet and telecommunications policy, Reuters reported.
The campaign is said to be quite broad, encompassing an array of targets, including government agencies in the United States and other countries. It has been running for months, one person said.
In 2015, the same group compromised the servers of the Democratic National Committee. But unlike a rival Russian spy agency, which also hacked the DNC, it did not leak stolen material. In 2016, the GRU military spy agency leaked hacked emails to the online anti-secrecy organization WikiLeaks in an operation that disrupted the Democrats’ national convention in the midst of the presidential campaign.
The SVR, by contrast, hacks for traditional espionage purposes, stealing information that might help the Kremlin understand the plans and motives of politicians and policymakers. Its operators also have filched industrial secrets, hacked foreign ministries and gone after coronavirus vaccine data.
thernbroom
Superstar
At this stage think we are just better putting stuff offline lol