SolarWinds Russian Hack - is it reasonable to believe it is real?

[FlatAssembler]

As most of you probably know, American media is reporting about some Russian hackers having hacked the SolarWinds servers and inserted a spyware in some of the SolarWinds most popular programs, and no antivirus program detected that spyware for almost a year. Do you think it is true?

As a third year computer science student, such a story sounds rather implausible to me. I mean, those supposed Russian hackers would need to be more skilled than programmers in Microsoft, Google, Motorola or Mozilla.
To Microsoft, it has occurred a few times that their innocent programs get misdetected as malware. In April 2010, McAfee misdetected SVCHOST from Windows XP SP3 as malware, leaving perhaps around a hundred thousand machines unable to boot. In December 2010, AVG misdetected CSRSS from 64-bit Windows 7 as malware, also leaving many machines unable to boot. And there have been a few other such cases, though not as devastating. To Google, it has occurred a few times that BoringSSL (part of Chrome that ciphers HTTPS traffic) gets misdetected as ransomware, leaving a large part of the Internet ciphered using flawed algorithms. To Motorola, it has occurred that their Bluetooth drivers get misdetected as malware. To Mozilla, it has occurred many times that SpiderMonkey (the JavaScript engine of the Firefox browser, using some advanced JIT-compilation techniques) gets misdetected as a virus (because AVs think it is self-replicating code).
So, if the programmers working at Microsoft, Google, Motorola and Mozilla have trouble making innocent programs that does not get detected by some antivirus software as malware, is not it kind of absurd to claim there are Russian hackers who can make actual malware that does that? It is obviously incredibly hard to make a good JavaScript engine that won't be detected as malware by some AV (since not even Mozilla can do it), so it must be significantly harder to make actual malware that won't be detected as malware by any AV, right?

[Angrboda]

You really should get a formal education. It would expose you to ideas you are unaware of in your solitary ignorance.

[BrianSoddingBoru4]

 I mean, those supposed Russian hackers would need to be more skilled than programmers in Microsoft, Google, Motorola or Mozilla.

They are. Of course, it helps that the US has a complicit president.
Boru

[FlatAssembler]

You really should get a formal education.  It would expose you to ideas you are unaware of in your solitary ignorance.

I am not sure what you mean, as I have mentioned I am a third-year computer science student.

[Angrboda]

You really should get a formal education.  It would expose you to ideas you are unaware of in your solitary ignorance.

I am not sure what you mean, as I have mentioned I am a third-year computer science student.

I have my facts confused then.

[HappySkeptic]

As most of you probably know, American media is reporting about some Russian hackers having hacked the SolarWinds servers and inserted a spyware in some of the SolarWinds most popular programs, and no antivirus program detected that spyware for almost a year. Do you think it is true?

As a third year computer science student, such a story sounds rather implausible to me. I mean, those supposed Russian hackers would need to be more skilled than programmers in Microsoft, Google, Motorola or Mozilla.

It is entirely possible.  That doesn't mean we really know the truth yet.

Hacking isn't easy for the average person.  The hackers out there build on exploits that have taken hundreds or thousands of hours each to find and.  They use toolkits floating around the darkweb that prey on un-patched systems.

Finding a new exploit is hit-and-miss, and takes time.  Creating an exploit gives a huge payoff, but takes a lot of planning.

Virus checkers are very poor at finding novel exploits.  They typically search for signatures of known viruses in code, as well as scan for changes in boot files.  They cannot search for new malicious code in actual programs that have been given permission to run.  Any program, when given access to run, can do key scans, open ports, search for files on the system.  Hack a trusted updater, and it has the permission to update programs.

Of course virus checkers can be updated to find the new threat, but only after it is analyzed and virus checkers updated.

Think of a virus scanner as your immune system.  It can only react to what it has been exposed to already.  A novel virus doesn't get caught.

[Jackalope]

You really should get a formal education.  It would expose you to ideas you are unaware of in your solitary ignorance.

I am not sure what you mean, as I have mentioned I am a third-year computer science student.

Third year student. I have 30 years of experience. You don't know what you don't know.

[Peebothuhlu]

At work.

I am not sure what you mean, as I have mentioned I am a third-year computer science student.

Third year student. I have 30 years of experience. You don't know what you don't know.

Yes, well. As some one who's 'Just an average Joe' I can but marvel in regards to someone who's studied computers for three years.

Why I oft times look at the bonnet of my car and wonder, "What's under there?"




Much cheers.

[FlatAssembler]

As most of you probably know, American media is reporting about some Russian hackers having hacked the SolarWinds servers and inserted a spyware in some of the SolarWinds most popular programs, and no antivirus program detected that spyware for almost a year. Do you think it is true?

As a third year computer science student, such a story sounds rather implausible to me. I mean, those supposed Russian hackers would need to be more skilled than programmers in Microsoft, Google, Motorola or Mozilla.

It is entirely possible.  That doesn't mean we really know the truth yet.

Hacking isn't easy for the average person.  The hackers out there build on exploits that have taken hundreds or thousands of hours each to find and.  They use toolkits floating around the darkweb that prey on un-patched systems.

Finding a new exploit is hit-and-miss, and takes time.  Creating an exploit gives a huge payoff, but takes a lot of planning.

Virus checkers are very poor at finding novel exploits.  They typically search for signatures of known viruses in code, as well as scan for changes in boot files.  They cannot search for new malicious code in actual programs that have been given permission to run.  Any program, when given access to run, can do key scans, open ports, search for files on the system.  Hack a trusted updater, and it has the permission to update programs.

Of course virus checkers can be updated to find the new threat, but only after it is analyzed and virus checkers updated.

Think of a virus scanner as your immune system.  It can only react to what it has been exposed to already.  A novel virus doesn't get caught.

But, obviously, antivirus programs are trying very hard to detect unknown malware. If they did not, false positives would not be a problem.

---

 I mean, those supposed Russian hackers would need to be more skilled than programmers in Microsoft, Google, Motorola or Mozilla.

They are. Of course, it helps that the US has a complicit president.
Boru

But antivirus software don't care who is the president, do they?

[BrianSoddingBoru4]

It is entirely possible.  That doesn't mean we really know the truth yet.

Hacking isn't easy for the average person.  The hackers out there build on exploits that have taken hundreds or thousands of hours each to find and.  They use toolkits floating around the darkweb that prey on un-patched systems.

Finding a new exploit is hit-and-miss, and takes time.  Creating an exploit gives a huge payoff, but takes a lot of planning.

Virus checkers are very poor at finding novel exploits.  They typically search for signatures of known viruses in code, as well as scan for changes in boot files.  They cannot search for new malicious code in actual programs that have been given permission to run.  Any program, when given access to run, can do key scans, open ports, search for files on the system.  Hack a trusted updater, and it has the permission to update programs.

Of course virus checkers can be updated to find the new threat, but only after it is analyzed and virus checkers updated.

Think of a virus scanner as your immune system.  It can only react to what it has been exposed to already.  A novel virus doesn't get caught.

But, obviously, antivirus programs are trying very hard to detect unknown malware. If they did not, false positives would not be a problem.

---

They are. Of course, it helps that the US has a complicit president.
Boru

But antivirus software don't care who is the president, do they?

No, but the people who create the virus software just might.

Boru