Posts: 2020
Threads: 133
Joined: July 26, 2017
Reputation:
5
SolarWinds Russian Hack - is it reasonable to believe it is real?
December 20, 2020 at 3:59 pm
As most of you probably know, American media is reporting about some Russian hackers having hacked the SolarWinds servers and inserted a spyware in some of the SolarWinds most popular programs, and no antivirus program detected that spyware for almost a year. Do you think it is true?
As a third year computer science student, such a story sounds rather implausible to me. I mean, those supposed Russian hackers would need to be more skilled than programmers in Microsoft, Google, Motorola or Mozilla.
To Microsoft, it has occurred a few times that their innocent programs get misdetected as malware. In April 2010, McAfee misdetected SVCHOST from Windows XP SP3 as malware, leaving perhaps around a hundred thousand machines unable to boot. In December 2010, AVG misdetected CSRSS from 64-bit Windows 7 as malware, also leaving many machines unable to boot. And there have been a few other such cases, though not as devastating. To Google, it has occurred a few times that BoringSSL (part of Chrome that ciphers HTTPS traffic) gets misdetected as ransomware, leaving a large part of the Internet ciphered using flawed algorithms. To Motorola, it has occurred that their Bluetooth drivers get misdetected as malware. To Mozilla, it has occurred many times that SpiderMonkey (the JavaScript engine of the Firefox browser, using some advanced JIT-compilation techniques) gets misdetected as a virus (because AVs think it is self-replicating code).
So, if the programmers working at Microsoft, Google, Motorola and Mozilla have trouble making innocent programs that does not get detected by some antivirus software as malware, is not it kind of absurd to claim there are Russian hackers who can make actual malware that does that? It is obviously incredibly hard to make a good JavaScript engine that won't be detected as malware by some AV (since not even Mozilla can do it), so it must be significantly harder to make actual malware that won't be detected as malware by any AV, right?
Posts: 29799
Threads: 116
Joined: February 22, 2011
Reputation:
159
RE: SolarWinds Russian Hack - is it reasonable to believe it is real?
December 20, 2020 at 4:03 pm
You really should get a formal education. It would expose you to ideas you are unaware of in your solitary ignorance.
Posts: 46351
Threads: 540
Joined: July 24, 2013
Reputation:
109
RE: SolarWinds Russian Hack - is it reasonable to believe it is real?
December 20, 2020 at 4:10 pm
Quote: I mean, those supposed Russian hackers would need to be more skilled than programmers in Microsoft, Google, Motorola or Mozilla.
They are. Of course, it helps that the US has a complicit president.
Boru
‘I can’t be having with this.’ - Esmeralda Weatherwax
Posts: 2020
Threads: 133
Joined: July 26, 2017
Reputation:
5
RE: SolarWinds Russian Hack - is it reasonable to believe it is real?
December 20, 2020 at 4:17 pm
(December 20, 2020 at 4:03 pm)Angrboda Wrote: You really should get a formal education. It would expose you to ideas you are unaware of in your solitary ignorance.
I am not sure what you mean, as I have mentioned I am a third-year computer science student.
Posts: 29799
Threads: 116
Joined: February 22, 2011
Reputation:
159
RE: SolarWinds Russian Hack - is it reasonable to believe it is real?
December 20, 2020 at 4:29 pm
(December 20, 2020 at 4:17 pm)FlatAssembler Wrote: (December 20, 2020 at 4:03 pm)Angrboda Wrote: You really should get a formal education. It would expose you to ideas you are unaware of in your solitary ignorance.
I am not sure what you mean, as I have mentioned I am a third-year computer science student.
I have my facts confused then.
Posts: 1664
Threads: 5
Joined: September 26, 2018
Reputation:
12
RE: SolarWinds Russian Hack - is it reasonable to believe it is real?
December 20, 2020 at 8:46 pm
(This post was last modified: December 20, 2020 at 8:48 pm by HappySkeptic.)
(December 20, 2020 at 3:59 pm)FlatAssembler Wrote: As most of you probably know, American media is reporting about some Russian hackers having hacked the SolarWinds servers and inserted a spyware in some of the SolarWinds most popular programs, and no antivirus program detected that spyware for almost a year. Do you think it is true?
As a third year computer science student, such a story sounds rather implausible to me. I mean, those supposed Russian hackers would need to be more skilled than programmers in Microsoft, Google, Motorola or Mozilla.
It is entirely possible. That doesn't mean we really know the truth yet.
Hacking isn't easy for the average person. The hackers out there build on exploits that have taken hundreds or thousands of hours each to find and. They use toolkits floating around the darkweb that prey on un-patched systems.
Finding a new exploit is hit-and-miss, and takes time. Creating an exploit gives a huge payoff, but takes a lot of planning.
Virus checkers are very poor at finding novel exploits. They typically search for signatures of known viruses in code, as well as scan for changes in boot files. They cannot search for new malicious code in actual programs that have been given permission to run. Any program, when given access to run, can do key scans, open ports, search for files on the system. Hack a trusted updater, and it has the permission to update programs.
Of course virus checkers can be updated to find the new threat, but only after it is analyzed and virus checkers updated.
Think of a virus scanner as your immune system. It can only react to what it has been exposed to already. A novel virus doesn't get caught.
Posts: 30974
Threads: 204
Joined: July 19, 2011
Reputation:
141
RE: SolarWinds Russian Hack - is it reasonable to believe it is real?
December 21, 2020 at 12:21 am
(December 20, 2020 at 4:17 pm)FlatAssembler Wrote: (December 20, 2020 at 4:03 pm)Angrboda Wrote: You really should get a formal education. It would expose you to ideas you are unaware of in your solitary ignorance.
I am not sure what you mean, as I have mentioned I am a third-year computer science student.
Third year student. I have 30 years of experience. You don't know what you don't know.
Posts: 2755
Threads: 8
Joined: November 28, 2014
Reputation:
22
RE: SolarWinds Russian Hack - is it reasonable to believe it is real?
December 21, 2020 at 2:59 am
At work.
(December 21, 2020 at 12:21 am)Jackalope Wrote: (December 20, 2020 at 4:17 pm)FlatAssembler Wrote: I am not sure what you mean, as I have mentioned I am a third-year computer science student.
Third year student. I have 30 years of experience. You don't know what you don't know.
Yes, well. As some one who's 'Just an average Joe' I can but marvel in regards to someone who's studied computers for three years.
Why I oft times look at the bonnet of my car and wonder, "What's under there?"
Much cheers.
Posts: 2020
Threads: 133
Joined: July 26, 2017
Reputation:
5
RE: SolarWinds Russian Hack - is it reasonable to believe it is real?
December 21, 2020 at 8:01 am
(This post was last modified: December 21, 2020 at 8:02 am by FlatAssembler.)
(December 20, 2020 at 8:46 pm)HappySkeptic Wrote: (December 20, 2020 at 3:59 pm)FlatAssembler Wrote: As most of you probably know, American media is reporting about some Russian hackers having hacked the SolarWinds servers and inserted a spyware in some of the SolarWinds most popular programs, and no antivirus program detected that spyware for almost a year. Do you think it is true?
As a third year computer science student, such a story sounds rather implausible to me. I mean, those supposed Russian hackers would need to be more skilled than programmers in Microsoft, Google, Motorola or Mozilla.
It is entirely possible. That doesn't mean we really know the truth yet.
Hacking isn't easy for the average person. The hackers out there build on exploits that have taken hundreds or thousands of hours each to find and. They use toolkits floating around the darkweb that prey on un-patched systems.
Finding a new exploit is hit-and-miss, and takes time. Creating an exploit gives a huge payoff, but takes a lot of planning.
Virus checkers are very poor at finding novel exploits. They typically search for signatures of known viruses in code, as well as scan for changes in boot files. They cannot search for new malicious code in actual programs that have been given permission to run. Any program, when given access to run, can do key scans, open ports, search for files on the system. Hack a trusted updater, and it has the permission to update programs.
Of course virus checkers can be updated to find the new threat, but only after it is analyzed and virus checkers updated.
Think of a virus scanner as your immune system. It can only react to what it has been exposed to already. A novel virus doesn't get caught.
But, obviously, antivirus programs are trying very hard to detect unknown malware. If they did not, false positives would not be a problem.
(December 20, 2020 at 4:10 pm)BrianSoddingBoru4 Wrote: Quote: I mean, those supposed Russian hackers would need to be more skilled than programmers in Microsoft, Google, Motorola or Mozilla.
They are. Of course, it helps that the US has a complicit president.
Boru
But antivirus software don't care who is the president, do they?
Posts: 46351
Threads: 540
Joined: July 24, 2013
Reputation:
109
RE: SolarWinds Russian Hack - is it reasonable to believe it is real?
December 21, 2020 at 8:36 am
(December 21, 2020 at 8:01 am)FlatAssembler Wrote: (December 20, 2020 at 8:46 pm)HappySkeptic Wrote: It is entirely possible. That doesn't mean we really know the truth yet.
Hacking isn't easy for the average person. The hackers out there build on exploits that have taken hundreds or thousands of hours each to find and. They use toolkits floating around the darkweb that prey on un-patched systems.
Finding a new exploit is hit-and-miss, and takes time. Creating an exploit gives a huge payoff, but takes a lot of planning.
Virus checkers are very poor at finding novel exploits. They typically search for signatures of known viruses in code, as well as scan for changes in boot files. They cannot search for new malicious code in actual programs that have been given permission to run. Any program, when given access to run, can do key scans, open ports, search for files on the system. Hack a trusted updater, and it has the permission to update programs.
Of course virus checkers can be updated to find the new threat, but only after it is analyzed and virus checkers updated.
Think of a virus scanner as your immune system. It can only react to what it has been exposed to already. A novel virus doesn't get caught.
But, obviously, antivirus programs are trying very hard to detect unknown malware. If they did not, false positives would not be a problem.
(December 20, 2020 at 4:10 pm)BrianSoddingBoru4 Wrote: They are. Of course, it helps that the US has a complicit president.
Boru
But antivirus software don't care who is the president, do they?
No, but the people who create the virus software just might.
Boru
‘I can’t be having with this.’ - Esmeralda Weatherwax
|