USA Government not Trustworthy. Disengage networks. Editorial
It feels like a certainty, based on style, code, exploit strategies and the human signatures in the work, that the government of Russia is behind pervasive intrusions and absolute access to the West’s information technology networks and all their interconnecting client host and client networks.
The initial breaches began likely in 2019. By the spring, the access levels had permeated many interconnecting networks. It is safe to say that by now, the entire USA information technology infrastructure is compromised and that Russia has been reading closed-system emails of the National Security agency since the USA mass murdered a dozen Iraqi and Iranian persons in Baghdad on 3 January.
There is some confusion about the cooperation or even integration of several Russian teams hacking the American pandemic virus vaccine research and the teams working on the IT administration hacks but eventually there is a convergence of the data analysis high up in the Kremlin.
That statement barely describes the seismic impact of the security breach.
If any American says, “this is not as bad as we thought,” they are liars and perhaps traitors. Be sure of that. Trump sold the farm. Trump knew when the American IT system was being studied and manipulated by the Kremlin. The Kremlin has been studying American virus vaccine development plus the national security agency since late spring.
by Micheal John
Would it be fair to say that, “The United States government cannot be trusted because it does not securely manage citizen’s data, but instead it relies on third party software produced by persons, without a cyber security mandate, to accomplish the task of managing state networks?”
This was a reckless move. With high level access to all the data the US government collects and all of its weapons systems and submarine locations, not to mention the rest of the fleets, operative reports, strategies, actions, closed-system emails, and so on, the Trump administration used an IT management software that was not sufficiently subjected to security monitoring and that gave the Kremlin control.
Once the door is open, the penetrators will never leave.
In one instance, a US official told a supplier to buy the Russian-infected software. The supplier took this to mean, “do it or be disqualified for future contracts”. The reach of the exploit expanded to many different networks all over the world.
NATO, the EU, United Nations, supplier networks, allies, they must all disengage from the United States computing networks. One might argue that the damage has been done but that is not true. There are not enough geeks in Russia to exploit all the platforms now available for access in the time available to do that.
Imagine the time it would take just reading all the closed-system email. This is an ongoing process of enormous magnitude. Look for a large building or underground bunker filled with geeks.
Now imagine the time it would take to read only the email a bot searching that email now stored as a copy in the Kremlin would take, and the code that for each thread searches the ongoing live database for thread continuance: the responses.
The context is somewhere between a googol and a googolplex, if you know what that means.
Every mind thinks somewhat differently on the approach but perhaps it would take only five perfected system-oriented code packages in multiple human languages to assail all the networks.
The routine would be from inside a breach, with high-level access login to access the Address Resolution Protocol (arp) lists and the data existing in password trees, and begin adducing randomized naming architecture consistent with the local culture, with passwords and appropriate access levels that would avoid detection.
For example, to infiltrate the German defence IT infrastructure, the code would need to be logged into the root level and build an array of all existing usernames and encrypted hex passwords throughout the network hierarchy, match and store the data with encryption/decryption keys in a Kremlin database.
A code package would have from geo-cultural data and from discovered employee lists, created additional usernames and passwords that would not be noticeable and provide a matching hierarchy of access levels, and a record placed in the Kremlin database.
That’s important because knowing original usernames and passwords is pointless under a multi-level confirmation sign-in regime, like thumb prints on a screen or simultaneous email or smartphone device identification. New users must be created.
Password databases not only reveal network access levels but also which networks are connected to the one the coder is working within. That data must be reported and added to the task list.
A system architecture begins to take form and that data is reported.
Task lists must include work that must be done to explore non-routable internal IP networks that can only be seen and accessed from high-level authorities inside the backend systems.
This takes time and is currently ongoing. That’s why as fast as the plugs can be pulled, nation states and companies must disconnect rom the USA. You can change your passwords, but the cybercriminal can simply read the update and on a one-by-one basis, manually fake the multi-level confirmation by manually reducing the security level for a few seconds.
This hacking process that begins from the initial access point allowed by the initial software breach must be done manually at first to learn the architectures.
The AI routines must be written based on the initial exploration and subsequent study penetrations.
The automated AI routines require intense follow up taking a month of Tuesdays to accomplish and all the while creating work for another month of Tuesdays every Tuesday as new networks are discovered.
A foreign nation state has achieved full IT control of the US Department of Justice, the Treasury and the Commerce Department’s National Telecommunications and Information Administration (NTIA) among other networks including American Health and Human Sciences and the US Department of National Defense.
Once having done that, Russia opened hundreds of access channels to the systems they wanted, creating high-level authorizations for its own operatives inside massive computing networks.
With elevated permission levels Russia operates inside American IT networks on their own, without the initially stolen access provided by system management platforms. The Kremlin is a self-appointed administrator, sometimes at root level, of most of the federal America’s information technology and all interconnecting networks.
Arrest Donald Trump
Donald Trump has done every stupid thing in a big way. He should be arrested the same way, in the White House, with a giant paddy wagon outside, waiting as handcuffed Trump is shoved along the White House front steps by a pair of burly Black female cops. He shouldn’t be alone.
“The National Cyber Strategy demonstrates my commitment to strengthening America’s cyber security capabilities and securing America from cyber threats. It is a call to action for all Americans and our great companies to take the necessary steps to enhance our national cyber security. We will continue to lead the world in securing a prosperous cyber future.” —Donald Trump
A recent change to third party software sourced around the world by lazy companies, governments and organizations to manage their data systems, networks configurations and other information technology, has all been breached.
“What does the cyber criminal have on me?” is what people are asking.
The answer is, ‘everything the American government knows or thinks it knows about you’.
It’s worth repeating in order to stress the seriousness of the crime. The breaches have allowed 100% administrative access to computer systems that allow the cyber crooks to access even more systems by changing passwords, routing, security levels, organization structures and more.
The reason why this happened is that the US government officials in the past four years have been totally reckless.
According to Microsoft
Microsoft claims that its defender software can prevent further breaches. The breach took place as follows.
- An intrusion through malicious code in the SolarWinds Orion product. This results in the attacker gaining a foothold in the network, which the attacker can use to gain elevated credentials. Microsoft Defender now has detections for these files. Also, see SolarWinds Security Advisory.
- Once in the network, the intruder then uses the administrative permissions acquired through the on-premises compromise to gain access to the organization’s global administrator account and/or trusted SAML token signing certificate. This enables the actor to forge SAML tokens that impersonate any of the organization’s existing users and accounts, including highly privileged accounts.
- Anomalous logins using the SAML tokens created by the compromised token signing certificate can then be made against any on-premises resources (regardless of identity system or vendor) as well as to any cloud environment (regardless of vendor) because they have been configured to trust the certificate. Because the SAML tokens are signed with their own trusted certificate, the anomalies might be missed by the organization.
- Using the global administrator account and/or the trusted certificate to impersonate highly privileged accounts, the actor may add their own credentials to existing applications or service principals, enabling them to call APIs with the permission assigned to that application.