Mega Hack
The amazing thing about this morning’s Barr presser is how gratuitous it was, which coincidentally was also the amazing thing about him saying a few weeks ago that he’s seen no evidence of widespread voter fraud. He made the latter comment to the Associated Press in an interview he didn’t need to give. And he threw cold water on Trump’s idea about seizing state voting machines or naming Sidney Powell special counsel in charge of election irregularities this morning during a press conference he didn’t need to hold.
And then, when he was asked about the SolarWinds mega-hack, instead of simply no-commenting by referring reporters to the Director of National Intelligence, he popped another Trump balloon by saying the evidence seems to point to Russia.
I have a theory about why he’s turned antagonistic to Trump lately and it’s not the standard “he’s trying to rehab his reputation before reentering private life” theory either. Watch, then read on.
Mega Hack version 5.3 version 5.3 by Absolute - How to. Games Scroll the list of programs until you locate Mega Hack version 5.3 or simply activate the Search feature and type in 'Mega Hack version 5.3'. The Mega Hack version 5.3 app will be found very quickly. MEGA provides free cloud storage with convenient and powerful always-on privacy. Claim your free 50GB now. Mega Hack Pro Mega Hack v6 Pro is an extremely versatile Geometry Dash modding tool designed to seamlessly integrate with the game itself It is the successor to the wildly popular Mega Hack v5 so could easily become the only Geometry Dash mod you will ever need. Critical Ops is an Action Game for android Download latest version of Critical Ops MOD Apk + OBB Data Mega Hack 0.9.10.f136 for Android from apkonehack with direct link Critical Ops Apk Description Version: 0.9.10.f136 Package: com.criticalforceentertainment.criticalops 200 MB Min.
AG William Barr said the massive cyber-attack on the U.S. government 'certainly appears' to have been carried out by Russia after Trump suggested China may have been responsible https://t.co/HbogDDHw0hpic.twitter.com/2Ox6ZZ9zU7
— Bloomberg Quicktake (@Quicktake) December 21, 2020
I think it’s this simple: Barr resents it when Trump makes the DOJ look like a joke. Barr himself is willing to make the DOJ look like a joke on the president’s behalf, like when he moved to lighten the sentences of Trump cronies Roger Stone and Mike Flynn. But I suspect he was ticked off to hear Trump muse on TV last month that the Justice Department might have had a role in the alleged grand conspiracy to steal the election from him. And he was probably ticked off even more this weekend to learn that Powell, of all people, might be given Justice Department authority at Trump’s behest to pursue her kooky theories about election fraud.
“I’m willing to embarrass myself at times to carry out parts of your agenda. But don’t you embarrass my agency.” That’s Barr’s tacit deal with Trump, I think. And Trump broke the deal, more than once.
With respect to the mega-hack, we’re having a national case of deja vu. As in 2017, a foreign power has hacked Americans in a spectacular way and literally everyone in the know inside the government agrees that it was Russia except for one very important person. Here’s Mike Pompeo pointing the finger:
QUESTION: From my pedestrian point of view, and that’s all it is, I agree with you 100 percent that they need to be on that list. Now, this attack, I guess our government is still sorting it out and so forth. Reports are coming out this is a massive attack on our computer systems and our software systems, correct?
SECRETARY POMPEO: That’s right. I can’t say much more as we’re still unpacking precisely what it is, and I’m sure some of it will remain classified. But suffice it to say there was a significant effort to use a piece of third-party software to essentially embed code inside of U.S. Government systems and it now appears systems of private companies and companies and governments across the world as well. This was a very significant effort, and I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity.
Marco Rubio is the acting head of the Senate Intelligence Committee and receives top-level intel briefings. He’s also naming Russia as the culprit:
Increasingly clear that Russian intelligence conducted the gravest cyber intrusion in our history
The process of determining its extent & assessing the damage is underway
Remediation will take time & significant resources
Our response must be proportional but significant
— Marco Rubio (@marcorubio) December 19, 2020
Neither Pompeo nor Rubio have any incentive to lie about this. They’re both looking to run for president at some point and thus they’re both grasping for opportunities to ingratiate themselves to Trump’s voters. The way to do that in this case would be to claim that it’s China, not Russia, that pulled off the mega-hack. That’s because Trump himself has been far more antagonistic towards the former than the latter, especially after Beijing covered up the early spread of COVID-19. Blaming Russia also brings up unhappy memories of Moscow’s interference in the 2016 campaign, a subject so sore for the president that his intelligence briefers allegedly tried to avoid the topic of Russia with him whenever possible. Pompeo in particular has strived to fashion himself as a loyalist among loyalists inside the administration, a man so trusted by the president that he received not one but two cabinet-level appointments from him.
And yet, to his credit, Pompeo has stuck by the intelligence even when doing so hurts his political prospects. In 2017, when he was nominated to be CIA chief, he insisted that all signs pointed to Russia in the hacks of the DNC and John Podesta. Now he’s insisting that all signs point to Russia in the SolarWinds mega-hack. He has no reason to lie. Same for Barr, who’ll be out of the government in 48 hours.
There’s only one person in the executive branch who seems to have any doubt. Guess who.
https://twitter.com/realDonaldTrump/status/1340333619299147781
Spinning for Russia while folding it into yet another conspiracy theory about election fraud makes that a top 20 all-time Trump tweet. But the Russia spin extends beyond social media, per WaPo: “White House officials had drafted a statement to be released Friday accusing Moscow of carrying out the cyber intrusions in a months-long campaign, but they were blocked from doing so, said a senior administration official, who like others spoke on the condition of anonymity because of the matter’s sensitivity.” Both the Secretary of State and the Attorney General have acknowledged publicly that Russia is responsible. Why won’t the White House say something officially?
I don’t fault Trump much for claiming falsely in his tweet that “everything is well under control” after the hack. No one wants the head of state saying of an enemy, “Boy, they got us good this time. What a nightmare!” But they did in fact get us good and it really is a nightmare:
The only way to be sure a network is clean is “to burn it down to the ground and rebuild it,” said Dmitri Alperovitch, co-founder of the leading cybersecurity firm CrowdStrike. “Cleanup is just phase one.”…
A twist: The Russian intelligence service apparently can watch in real time as governments and corporations try to discover and patch the damage.
Jeremy Bash of Beacon Global Strategies — former Pentagon and CIA chief of staff — said on MSNBC that the hackers “poisoned our own medicine.”
Bash told Andrea Mitchell: “[T]hey’re going to be reading the emails of the I.T. and security professionals who’re responsible for kicking the Russians out.”
“The attack blended extraordinarily stealthy tradecraft, using cyber tools never before seen in a previous attack, with a strategy that zeroed in on a weak link in the software supply chain that all U.S. businesses and government institutions rely on—an approach security experts have long feared but one that has never been used on U.S. targets in such a concerted way,” the Wall Street Journal reported this weekend. I won’t rehash this post, but if you missed it last week read it now to get up to speed on SolarWinds. Russia was in hundreds or thousands of U.S. government and private-sector networks for months, undetected, and did God knows what during the time. They might have stolen mountains of data. They might have altered information, including code used to run real-world applications. They might have created new, hidden ways to re-enter the systems after we kick them out. They might have done all of the above and more. It’s not under control.
© Getty Images/iStockphotoMega Hack
We're now living in the era of the mega-hack. More than ever, software flaws are being seized on by sophisticated hackers who take these bugs -- and use them to create attacks that compromise the computer systems of thousands of organisations, all at once.
ZDNet Recommends
Newly discovered vulnerabilities in Microsoft's Exchange Server provide a good example of this evolution. The flaws were seized on by (likely China-backed) hackers as a way to attack networks, with tens of thousands of systems apparently compromised in a widespread attack. At least 10 other groups are thought to be attempting to use the same exploits, and now cyber criminals are piggy-backing on the original attack in an attempt to deliver ransomware too.
Bugs exists wherever there is software, despite attempts to eradicate them. What we're seeing now is a growing ability and desire from hackers to turn these bugs into attacks. Increasingly, the same software applications and tools are being used by companies around the world. Some may not even be aware of the software code they are relying on, such is the interconnected world of tech products. And even if they do know the software they are using, too many companies fail to update it even when warned about vulnerabilities by software vendors.
Also: Check to see if you're vulnerable to Microsoft Exchange Server zero-days using this tool
Hacking groups have different motivations: state-backed hackers want to gain access to as many systems as possible before deciding which have strategic value (either a source of intelligence or as a stepping-stone to compromising other systems); cyber criminals want to break in where they can to either steal data or deliver money-making ransomware. Either way, threat actors are now sophisticated enough to respond to weaknesses quicker than ever before. That's bad for everyone.
A software flaw doesn't affect just one company, but can put thousands or even tens of thousands at risk as hacking groups seize on a new bug and race to exploit it, breaking into as many systems as possible before a fix is found and applied. Some companies used to think they were too small to be targeted, but will sadly discover that crooks will attack -- and potentially destroy -- their business, just on the off-chance that a ransom will be paid. Others will find that cutting costs by not patching software flaws is a false economy, to say the least.
Mega Hacks
So what can be done? Projects that aim to fix bugs in everything -- starting with programming languages and the basic code (often open-source) that underpins software applications -- are a start. Encouraging secure code as a standard is a must. Companies must also understand that legacy systems may contain vulnerabilities, and that patching is not optional. Longer-term, the ransomware threat must be addressed and better international rules around state-backed hacking put in place. Neither of those are going to be easy problems to tackle.
Right now, we need to realise that the stakes are increasing -- and rapidly.
ZDNET'S MONDAY MORNING OPENER
Mega Hack V5 Geometry Dash
The Monday Morning Opener is our opening salvo for the week in tech. Since we run a global site, this editorial publishes on Monday at 8:00am AEST in Sydney, Australia, which is 6:00pm Eastern Time on Sunday in the US. It is written by a member of ZDNet's global editorial board, which is comprised of our lead editors across Asia, Australia, Europe, and North America.