RE: SolarWinds Russian Hack - is it reasonable to believe it is real?
December 20, 2020 at 8:46 pm
(This post was last modified: December 20, 2020 at 8:48 pm by HappySkeptic.)
(December 20, 2020 at 3:59 pm)FlatAssembler Wrote: As most of you probably know, American media is reporting about some Russian hackers having hacked the SolarWinds servers and inserted a spyware in some of the SolarWinds most popular programs, and no antivirus program detected that spyware for almost a year. Do you think it is true?
As a third year computer science student, such a story sounds rather implausible to me. I mean, those supposed Russian hackers would need to be more skilled than programmers in Microsoft, Google, Motorola or Mozilla.
It is entirely possible. That doesn't mean we really know the truth yet.
Hacking isn't easy for the average person. The hackers out there build on exploits that have taken hundreds or thousands of hours each to find and. They use toolkits floating around the darkweb that prey on un-patched systems.
Finding a new exploit is hit-and-miss, and takes time. Creating an exploit gives a huge payoff, but takes a lot of planning.
Virus checkers are very poor at finding novel exploits. They typically search for signatures of known viruses in code, as well as scan for changes in boot files. They cannot search for new malicious code in actual programs that have been given permission to run. Any program, when given access to run, can do key scans, open ports, search for files on the system. Hack a trusted updater, and it has the permission to update programs.
Of course virus checkers can be updated to find the new threat, but only after it is analyzed and virus checkers updated.
Think of a virus scanner as your immune system. It can only react to what it has been exposed to already. A novel virus doesn't get caught.
