Mudcat Café message #4086160 The Mudcat Café TM
Thread #167618   Message #4086160
Posted By: Stilly River Sage
02-Jan-21 - 12:09 PM
Thread Name: BS: New news *not* about the virus
Subject: RE: BS: New news *not* about the virus
Huge news not about the virus - but that isn't helped by the virus.

https://www.nytimes.com/2021/01/02/us/politics/russian-hacking-government.html

Here's a piece of that article:

Interviews with current and former employees of SolarWinds suggest it was slow to make security a priority, even as its software was adopted by America’s premier cybersecurity company and federal agencies.

Employees say that under Mr. Thompson, an accountant by training and a former chief financial officer, every part of the business was examined for cost savings and common security practices were eschewed because of their expense. His approach helped almost triple SolarWinds’ annual profit margins to more than $453 million in 2019 from $152 million in 2010.

But some of those measures may have put the company and its customers at greater risk for attack. SolarWinds moved much of its engineering to satellite offices in the Czech Republic, Poland and Belarus, where engineers had broad access to the Orion network management software that Russia’s agents compromised.

The company has said only that the manipulation of its software was the work of human hackers rather than of a computer program. It has not publicly addressed the possibility of an insider being involved in the breach.

None of the SolarWinds customers contacted by The New York Times in recent weeks were aware they were reliant on software that was maintained in Eastern Europe. Many said they did not even know they were using SolarWinds software until recently.

Even with its software installed throughout federal networks, employees said SolarWinds tacked on security only in 2017, under threat of penalty from a new European privacy law. Only then, employees say, did SolarWinds hire its first chief information officer and install a vice president of “security architecture.”

Ian Thornton-Trump, a former cybersecurity adviser at SolarWinds, said he warned management that year that unless it took a more proactive approach to its internal security, a cybersecurity episode would be “catastrophic.” After his basic recommendations were ignored, Mr. Thornton-Trump left the company.

SolarWinds declined to address questions about the adequacy of its security. In a statement, it said it was a “victim of a highly-sophisticated, complex and targeted cyberattack” and was collaborating closely with law enforcement, intelligence agencies and security experts to investigate.

But security experts note that it took days after the Russian attack was discovered before SolarWinds’ websites stopped offering clients compromised code.


It's difficult to believe that there is a reputable individual in the world with the last name "Trump." In this case, Ian Thornton-Trump. It looks like he's a Canadian.