Pay the Russians $5,000,000 in BitCoin for their ransomware attack (Poll)

[marvin martian]

How about a federal law requiring that critical production systems NOT be connected to the internet in any way.

Despite what everyone seems to think, all computers do not have to have an internet connection.

To run a pipeline system I'm not sure what software they were using, but may guess would be a DCS, which shouldn't be connected to the internet, or hackable. If it was connected they deserved to be hacked.

Distributed control system - Wikipedia

en.wikipedia.org

Nowadays most end-users want to be able to connect to control systems remotely from their office PCs or from home.

So companies insist that control systems be connected at least to the office network and usually to the internet.

They also like to have automated systems monitoring and alerting...usually using Solarwinds.....

That's just stupid and lazy. They get scammed by faux "security" companies like "Solarwinds" who say their firewalls are secure. Dumbasses.

FYI:

Solarwinds doesn't produce firewalls, they produce monitoring and network/systems/application management software (along with an assortment of IT Professional Utilities) and other than the recent security flaw on their Orion platform their software has been pretty solid.

"It ain’t what you don’t know that gets you into trouble. It’s what you know for sure that just ain’t so." -- Donald G. Reinertsen

Whatever US computer security companies are doing, just isn't working. The Russians hack just about everything they want to. IMHO the US needs a paradigm shift in computer security competency. The Russians look very capable, and the US looks like chumps.

That's a complete mischaracterization of the situation which is far more complex than one might believe looking on the surface.

Just to begin with, we're (the good guys) are in a situation where we have to defend against constantly evolving threats coming at us 24x7x365 from all over the globe where the bad guys only need to get lucky once to breach and they can attack many targets at once for little to no cost, while the good guys have to spend tremendous amounts of time, effort and capital to defend.

Leading US Companies specializing in cybersecurity solutions are (for the most part) solid companies (as are many foreign companies in the space), it's just that they're in a space where the battlefield is never the same from day to day and the enemies are coming from all sides and getting more sophisticated every day.

Totally agree with every word in your post. "Firewalls" are apparently wat too porous.

That said, the "battlefield" is NOT in our favor, so we need to pull a stratagem out of our hat.
My recommendation would be a new "bulletproof" OS.
Failing that, a good OS with a "bullet-proof" keyed administrator tool, not just a PW, but a physical thumb-drive key that can't be duplicated so no one but the admin can do hackable things.
Just like driving a car, we need some new physical device to keep remote hackers out.

Sadly, the hack reportedly exploited a known hole in an outdated version of MS Exchange software...

Colonial Pipeline using vulnerable, outdated version of Microsoft Exchange: report

Colonial Pipeline may have been using an outdated version of Microsoft Exchange when it was targeted by a ransomware attack late last week.

www.foxbusiness.com

My company's OnPremise Exchange server got hit by a malware attack about a month ago. It didn't affect anything other than shutting down that server.

I doubt that this was done thru any Exchange server vulnerability...sounds like a whole lot of people are scramblin' to cover their asses!!!!

Hospitals and schools have been getting hit like this for years

This however was state sanctioned most likely and there needs to be a price paid

Good lord, you dems are such warmongers. Blows my fucking mind.

The DemoKKKrats have never met a war they didn't LOVE.

 

[Richard-H]

How about a federal law requiring that critical production systems NOT be connected to the internet in any way.

Despite what everyone seems to think, all computers do not have to have an internet connection.

To run a pipeline system I'm not sure what software they were using, but may guess would be a DCS, which shouldn't be connected to the internet, or hackable. If it was connected they deserved to be hacked.

Distributed control system - Wikipedia

en.wikipedia.org

Nowadays most end-users want to be able to connect to control systems remotely from their office PCs or from home.

So companies insist that control systems be connected at least to the office network and usually to the internet.

They also like to have automated systems monitoring and alerting...usually using Solarwinds.....

That's just stupid and lazy. They get scammed by faux "security" companies like "Solarwinds" who say their firewalls are secure. Dumbasses.

FYI:

Solarwinds doesn't produce firewalls, they produce monitoring and network/systems/application management software (along with an assortment of IT Professional Utilities) and other than the recent security flaw on their Orion platform their software has been pretty solid.

"It ain’t what you don’t know that gets you into trouble. It’s what you know for sure that just ain’t so." -- Donald G. Reinertsen

Whatever US computer security companies are doing, just isn't working. The Russians hack just about everything they want to. IMHO the US needs a paradigm shift in computer security competency. The Russians look very capable, and the US looks like chumps.

Sounds like an already hot career just got hotter. It would be a good idea to jump into cyber security if you want a solid career.

It's a great career - until your systems get hacked - then it's out the door - fuck you and the horse you rode in on.

 

[Richard-H]

If the powers that be really, really wanted to stop hacking, they'd form a black ops corp of cyber-vigilantes.

Hunt down the hackers and hang 'em.

 

[hadit]

How about a federal law requiring that critical production systems NOT be connected to the internet in any way.

Despite what everyone seems to think, all computers do not have to have an internet connection.

To run a pipeline system I'm not sure what software they were using, but may guess would be a DCS, which shouldn't be connected to the internet, or hackable. If it was connected they deserved to be hacked.

Distributed control system - Wikipedia

en.wikipedia.org

Nowadays most end-users want to be able to connect to control systems remotely from their office PCs or from home.

So companies insist that control systems be connected at least to the office network and usually to the internet.

They also like to have automated systems monitoring and alerting...usually using Solarwinds.....

That's just stupid and lazy. They get scammed by faux "security" companies like "Solarwinds" who say their firewalls are secure. Dumbasses.

FYI:

Solarwinds doesn't produce firewalls, they produce monitoring and network/systems/application management software (along with an assortment of IT Professional Utilities) and other than the recent security flaw on their Orion platform their software has been pretty solid.

"It ain’t what you don’t know that gets you into trouble. It’s what you know for sure that just ain’t so." -- Donald G. Reinertsen

Whatever US computer security companies are doing, just isn't working. The Russians hack just about everything they want to. IMHO the US needs a paradigm shift in computer security competency. The Russians look very capable, and the US looks like chumps.

Sounds like an already hot career just got hotter. It would be a good idea to jump into cyber security if you want a solid career.

It's a great career - until your systems get hacked - then it's out the door - fuck you and the horse you rode in on.

That's the nature of being in IT. If you do your job right, no one notices, but if you screw it up, EVERYONE notices.

 

[kyzr]

How about a federal law requiring that critical production systems NOT be connected to the internet in any way.

Despite what everyone seems to think, all computers do not have to have an internet connection.

To run a pipeline system I'm not sure what software they were using, but may guess would be a DCS, which shouldn't be connected to the internet, or hackable. If it was connected they deserved to be hacked.

Distributed control system - Wikipedia

en.wikipedia.org

Nowadays most end-users want to be able to connect to control systems remotely from their office PCs or from home.

So companies insist that control systems be connected at least to the office network and usually to the internet.

They also like to have automated systems monitoring and alerting...usually using Solarwinds.....

That's just stupid and lazy. They get scammed by faux "security" companies like "Solarwinds" who say their firewalls are secure. Dumbasses.

FYI:

Solarwinds doesn't produce firewalls, they produce monitoring and network/systems/application management software (along with an assortment of IT Professional Utilities) and other than the recent security flaw on their Orion platform their software has been pretty solid.

"It ain’t what you don’t know that gets you into trouble. It’s what you know for sure that just ain’t so." -- Donald G. Reinertsen

Whatever US computer security companies are doing, just isn't working. The Russians hack just about everything they want to. IMHO the US needs a paradigm shift in computer security competency. The Russians look very capable, and the US looks like chumps.

That's a complete mischaracterization of the situation which is far more complex than one might believe looking on the surface.

Just to begin with, we're (the good guys) are in a situation where we have to defend against constantly evolving threats coming at us 24x7x365 from all over the globe where the bad guys only need to get lucky once to breach and they can attack many targets at once for little to no cost, while the good guys have to spend tremendous amounts of time, effort and capital to defend.

Leading US Companies specializing in cybersecurity solutions are (for the most part) solid companies (as are many foreign companies in the space), it's just that they're in a space where the battlefield is never the same from day to day and the enemies are coming from all sides and getting more sophisticated every day.

Totally agree with every word in your post. "Firewalls" are apparently wat too porous.

That said, the "battlefield" is NOT in our favor, so we need to pull a stratagem out of our hat.
My recommendation would be a new "bulletproof" OS.
Failing that, a good OS with a "bullet-proof" keyed administrator tool, not just a PW, but a physical thumb-drive key that can't be duplicated so no one but the admin can do hackable things.
Just like driving a car, we need some new physical device to keep remote hackers out.

Sadly, the hack reportedly exploited a known hole in an outdated version of MS Exchange software...

Colonial Pipeline using vulnerable, outdated version of Microsoft Exchange: report

Colonial Pipeline may have been using an outdated version of Microsoft Exchange when it was targeted by a ransomware attack late last week.

www.foxbusiness.com

My company's OnPremise Exchange server got hit by a malware attack about a month ago. It didn't affect anything other than shutting down that server.

I doubt that this was done thru any Exchange server vulnerability...sounds like a whole lot of people are scramblin' to cover their asses!!!!

How about a federal law requiring that critical production systems NOT be connected to the internet in any way.

Despite what everyone seems to think, all computers do not have to have an internet connection.

To run a pipeline system I'm not sure what software they were using, but may guess would be a DCS, which shouldn't be connected to the internet, or hackable. If it was connected they deserved to be hacked.

Distributed control system - Wikipedia

en.wikipedia.org

Nowadays most end-users want to be able to connect to control systems remotely from their office PCs or from home.

So companies insist that control systems be connected at least to the office network and usually to the internet.

They also like to have automated systems monitoring and alerting...usually using Solarwinds.....

That's just stupid and lazy. They get scammed by faux "security" companies like "Solarwinds" who say their firewalls are secure. Dumbasses.

FYI:

Solarwinds doesn't produce firewalls, they produce monitoring and network/systems/application management software (along with an assortment of IT Professional Utilities) and other than the recent security flaw on their Orion platform their software has been pretty solid.

"It ain’t what you don’t know that gets you into trouble. It’s what you know for sure that just ain’t so." -- Donald G. Reinertsen

Whatever US computer security companies are doing, just isn't working. The Russians hack just about everything they want to. IMHO the US needs a paradigm shift in computer security competency. The Russians look very capable, and the US looks like chumps.

Sounds like an already hot career just got hotter. It would be a good idea to jump into cyber security if you want a solid career.

LOL!! In the old days I could beat the computers at chess regularly. Now its not even a contest.
My brain is mush, its up to the young Turks now. But thanks for the compliment! Those are like hens teeth on this forum.

 

[Jim H - VA USA]

How about a federal law requiring that critical production systems NOT be connected to the internet in any way.

Despite what everyone seems to think, all computers do not have to have an internet connection.

To run a pipeline system I'm not sure what software they were using, but may guess would be a DCS, which shouldn't be connected to the internet, or hackable. If it was connected they deserved to be hacked.

Distributed control system - Wikipedia

en.wikipedia.org

Nowadays most end-users want to be able to connect to control systems remotely from their office PCs or from home.

So companies insist that control systems be connected at least to the office network and usually to the internet.

They also like to have automated systems monitoring and alerting...usually using Solarwinds.....

That's just stupid and lazy. They get scammed by faux "security" companies like "Solarwinds" who say their firewalls are secure. Dumbasses.

FYI:

Solarwinds doesn't produce firewalls, they produce monitoring and network/systems/application management software (along with an assortment of IT Professional Utilities) and other than the recent security flaw on their Orion platform their software has been pretty solid.

"It ain’t what you don’t know that gets you into trouble. It’s what you know for sure that just ain’t so." -- Donald G. Reinertsen

Whatever US computer security companies are doing, just isn't working. The Russians hack just about everything they want to. IMHO the US needs a paradigm shift in computer security competency. The Russians look very capable, and the US looks like chumps.

That's a complete mischaracterization of the situation which is far more complex than one might believe looking on the surface.

Just to begin with, we're (the good guys) are in a situation where we have to defend against constantly evolving threats coming at us 24x7x365 from all over the globe where the bad guys only need to get lucky once to breach and they can attack many targets at once for little to no cost, while the good guys have to spend tremendous amounts of time, effort and capital to defend.

Leading US Companies specializing in cybersecurity solutions are (for the most part) solid companies (as are many foreign companies in the space), it's just that they're in a space where the battlefield is never the same from day to day and the enemies are coming from all sides and getting more sophisticated every day.

Totally agree with every word in your post. "Firewalls" are apparently wat too porous.

That said, the "battlefield" is NOT in our favor, so we need to pull a stratagem out of our hat.
My recommendation would be a new "bulletproof" OS.
Failing that, a good OS with a "bullet-proof" keyed administrator tool, not just a PW, but a physical thumb-drive key that can't be duplicated so no one but the admin can do hackable things.
Just like driving a car, we need some new physical device to keep remote hackers out.

Sadly, the hack reportedly exploited a known hole in an outdated version of MS Exchange software...

Colonial Pipeline using vulnerable, outdated version of Microsoft Exchange: report

Colonial Pipeline may have been using an outdated version of Microsoft Exchange when it was targeted by a ransomware attack late last week.

www.foxbusiness.com

My company's OnPremise Exchange server got hit by a malware attack about a month ago. It didn't affect anything other than shutting down that server.

I doubt that this was done thru any Exchange server vulnerability...sounds like a whole lot of people are scramblin' to cover their asses!!!!

I'm surprised by your comment. The links says outdated version. As I am sure you are aware, MicroSoft finds vulnerabilities in its software frequently, and it releases patches to plug the holes.

There are even vulnerabilities that have not been patched but certain people in IT know about. So even if one is diligent about updating software frequently, one can still get hacked.

Remember the Stuxnet hack on Iran's centrifuge control systems? It was allegedly orchestrated by the US, UK, Israel, and Germany. It exploited four holes in Microsoft Software that had not been publicly released...

Stuxnet attackers used 4 Windows zero-day exploits

The attackers behind the recent Stuxnet worm attack used four different zero-day security vulnerabilities to burrow into -- and spread around -- Microsoft's Windows operating system.

www.zdnet.com

For your information, here are some MS Exchange vulnerabilities from April...

Updates on Microsoft Exchange Server Vulnerabilities | CISA

us-cert.cisa.gov

In their May update, MS patched 55 holes...

Microsoft Patches 55 Vulnerabilities in May Update -- Microsoft Certified Professional Magazine Online

Four CVEs this month were described as 'Critical' in severity, 50 were deemed 'Important' and one was 'Moderate.'

mcpmag.com

"Exchange Server has been a high-profile target of late, following the disclosure of so-called "ProxyLogon" vulnerabilities by Microsoft on March 2, which were said to be exploited by a "Hafnium" nation state actor. For this month, the job of patching Exchange Server continues."

Regards,
Jim

 

[Jim H - VA USA]

How about a federal law requiring that critical production systems NOT be connected to the internet in any way.

Despite what everyone seems to think, all computers do not have to have an internet connection.

To run a pipeline system I'm not sure what software they were using, but may guess would be a DCS, which shouldn't be connected to the internet, or hackable. If it was connected they deserved to be hacked.

Distributed control system - Wikipedia

en.wikipedia.org

Nowadays most end-users want to be able to connect to control systems remotely from their office PCs or from home.

So companies insist that control systems be connected at least to the office network and usually to the internet.

They also like to have automated systems monitoring and alerting...usually using Solarwinds.....

That's just stupid and lazy. They get scammed by faux "security" companies like "Solarwinds" who say their firewalls are secure. Dumbasses.

FYI:

Solarwinds doesn't produce firewalls, they produce monitoring and network/systems/application management software (along with an assortment of IT Professional Utilities) and other than the recent security flaw on their Orion platform their software has been pretty solid.

"It ain’t what you don’t know that gets you into trouble. It’s what you know for sure that just ain’t so." -- Donald G. Reinertsen

Whatever US computer security companies are doing, just isn't working. The Russians hack just about everything they want to. IMHO the US needs a paradigm shift in computer security competency. The Russians look very capable, and the US looks like chumps.

That's a complete mischaracterization of the situation which is far more complex than one might believe looking on the surface.

Just to begin with, we're (the good guys) are in a situation where we have to defend against constantly evolving threats coming at us 24x7x365 from all over the globe where the bad guys only need to get lucky once to breach and they can attack many targets at once for little to no cost, while the good guys have to spend tremendous amounts of time, effort and capital to defend.

Leading US Companies specializing in cybersecurity solutions are (for the most part) solid companies (as are many foreign companies in the space), it's just that they're in a space where the battlefield is never the same from day to day and the enemies are coming from all sides and getting more sophisticated every day.

Totally agree with every word in your post. "Firewalls" are apparently wat too porous.

That said, the "battlefield" is NOT in our favor, so we need to pull a stratagem out of our hat.
My recommendation would be a new "bulletproof" OS.
Failing that, a good OS with a "bullet-proof" keyed administrator tool, not just a PW, but a physical thumb-drive key that can't be duplicated so no one but the admin can do hackable things.
Just like driving a car, we need some new physical device to keep remote hackers out.

Sadly, the hack reportedly exploited a known hole in an outdated version of MS Exchange software...

Colonial Pipeline using vulnerable, outdated version of Microsoft Exchange: report

Colonial Pipeline may have been using an outdated version of Microsoft Exchange when it was targeted by a ransomware attack late last week.

www.foxbusiness.com

Thanks for that post! Microsoft Exchange!! Any product that begins with "Microsoft" is probably hackable.

Reportedly, the pipeline hackers just got hacked. Darkside servers got taken down today...

Servers Of Colonial Pipeline Hacker Darkside Forced Down: Security Firm

Servers for Darkside were taken down by unknown actors Friday, a week after the cyber extortionist forced the shutdown of a large US oil pipeline in a ransomware scam, a US cyber security firm said.

www.barrons.com

 

[kyzr]

How about a federal law requiring that critical production systems NOT be connected to the internet in any way.

Despite what everyone seems to think, all computers do not have to have an internet connection.

To run a pipeline system I'm not sure what software they were using, but may guess would be a DCS, which shouldn't be connected to the internet, or hackable. If it was connected they deserved to be hacked.

Distributed control system - Wikipedia

en.wikipedia.org

Nowadays most end-users want to be able to connect to control systems remotely from their office PCs or from home.

So companies insist that control systems be connected at least to the office network and usually to the internet.

They also like to have automated systems monitoring and alerting...usually using Solarwinds.....

That's just stupid and lazy. They get scammed by faux "security" companies like "Solarwinds" who say their firewalls are secure. Dumbasses.

FYI:

Solarwinds doesn't produce firewalls, they produce monitoring and network/systems/application management software (along with an assortment of IT Professional Utilities) and other than the recent security flaw on their Orion platform their software has been pretty solid.

"It ain’t what you don’t know that gets you into trouble. It’s what you know for sure that just ain’t so." -- Donald G. Reinertsen

Whatever US computer security companies are doing, just isn't working. The Russians hack just about everything they want to. IMHO the US needs a paradigm shift in computer security competency. The Russians look very capable, and the US looks like chumps.

That's a complete mischaracterization of the situation which is far more complex than one might believe looking on the surface.

Just to begin with, we're (the good guys) are in a situation where we have to defend against constantly evolving threats coming at us 24x7x365 from all over the globe where the bad guys only need to get lucky once to breach and they can attack many targets at once for little to no cost, while the good guys have to spend tremendous amounts of time, effort and capital to defend.

Leading US Companies specializing in cybersecurity solutions are (for the most part) solid companies (as are many foreign companies in the space), it's just that they're in a space where the battlefield is never the same from day to day and the enemies are coming from all sides and getting more sophisticated every day.

Totally agree with every word in your post. "Firewalls" are apparently wat too porous.

That said, the "battlefield" is NOT in our favor, so we need to pull a stratagem out of our hat.
My recommendation would be a new "bulletproof" OS.
Failing that, a good OS with a "bullet-proof" keyed administrator tool, not just a PW, but a physical thumb-drive key that can't be duplicated so no one but the admin can do hackable things.
Just like driving a car, we need some new physical device to keep remote hackers out.

Sadly, the hack reportedly exploited a known hole in an outdated version of MS Exchange software...

Colonial Pipeline using vulnerable, outdated version of Microsoft Exchange: report

Colonial Pipeline may have been using an outdated version of Microsoft Exchange when it was targeted by a ransomware attack late last week.

www.foxbusiness.com

Thanks for that post! Microsoft Exchange!! Any product that begins with "Microsoft" is probably hackable.

Reportedly, the pipeline hackers just got hacked. Darkside servers got taken down today...

Servers Of Colonial Pipeline Hacker Darkside Forced Down: Security Firm

Servers for Darkside were taken down by unknown actors Friday, a week after the cyber extortionist forced the shutdown of a large US oil pipeline in a ransomware scam, a US cyber security firm said.

www.barrons.com

Thanks for that post. Its nice to know that at least the US can stay in the ring with the Russians.
That proves what the teckies here have been saying, its easier to hack than to defend.

 

[Esdraelon]

When they gotz you by the ballz whatz you gonna dood?

The company was lax on protocol and cybersecurity, I bet they make changes now and buy that McAfee program...

I'd pay them but I'd also spare no expense to track and identify them. The SEALs can take it from there. SOME areas should be considered sacrosanct and if violated, people should pay the price with their lives. I expect that once the word got around about what happened to poor Igor and Pavel, the rest of the vultures might look for easier targets.

 

[JoeMoma]

How about a federal law requiring that critical production systems NOT be connected to the internet in any way.

Despite what everyone seems to think, all computers do not have to have an internet connection.

To run a pipeline system I'm not sure what software they were using, but may guess would be a DCS, which shouldn't be connected to the internet, or hackable. If it was connected they deserved to be hacked.

Distributed control system - Wikipedia

en.wikipedia.org

Nowadays most end-users want to be able to connect to control systems remotely from their office PCs or from home.

So companies insist that control systems be connected at least to the office network and usually to the internet.

They also like to have automated systems monitoring and alerting...usually using Solarwinds.....

That's just stupid and lazy. They get scammed by faux "security" companies like "Solarwinds" who say their firewalls are secure. Dumbasses.

FYI:

Solarwinds doesn't produce firewalls, they produce monitoring and network/systems/application management software (along with an assortment of IT Professional Utilities) and other than the recent security flaw on their Orion platform their software has been pretty solid.

"It ain’t what you don’t know that gets you into trouble. It’s what you know for sure that just ain’t so." -- Donald G. Reinertsen

Whatever US computer security companies are doing, just isn't working. The Russians hack just about everything they want to. IMHO the US needs a paradigm shift in computer security competency. The Russians look very capable, and the US looks like chumps.

That's a complete mischaracterization of the situation which is far more complex than one might believe looking on the surface.

Just to begin with, we're (the good guys) are in a situation where we have to defend against constantly evolving threats coming at us 24x7x365 from all over the globe where the bad guys only need to get lucky once to breach and they can attack many targets at once for little to no cost, while the good guys have to spend tremendous amounts of time, effort and capital to defend.

Leading US Companies specializing in cybersecurity solutions are (for the most part) solid companies (as are many foreign companies in the space), it's just that they're in a space where the battlefield is never the same from day to day and the enemies are coming from all sides and getting more sophisticated every day.

Totally agree with every word in your post. "Firewalls" are apparently wat too porous.

That said, the "battlefield" is NOT in our favor, so we need to pull a stratagem out of our hat.
My recommendation would be a new "bulletproof" OS.
Failing that, a good OS with a "bullet-proof" keyed administrator tool, not just a PW, but a physical thumb-drive key that can't be duplicated so no one but the admin can do hackable things.
Just like driving a car, we need some new physical device to keep remote hackers out.

Sadly, the hack reportedly exploited a known hole in an outdated version of MS Exchange software...

Colonial Pipeline using vulnerable, outdated version of Microsoft Exchange: report

Colonial Pipeline may have been using an outdated version of Microsoft Exchange when it was targeted by a ransomware attack late last week.

www.foxbusiness.com

Thanks for that post! Microsoft Exchange!! Any product that begins with "Microsoft" is probably hackable.

Reportedly, the pipeline hackers just got hacked. Darkside servers got taken down today...

Servers Of Colonial Pipeline Hacker Darkside Forced Down: Security Firm

Servers for Darkside were taken down by unknown actors Friday, a week after the cyber extortionist forced the shutdown of a large US oil pipeline in a ransomware scam, a US cyber security firm said.

www.barrons.com

That's good news. However, I can't help for the conspiracy theory side of my brain to kick in. Did the pipeline hackers actually get hacked, or are they simply shutting things down for awhile in order to stay on the down low after getting such a high profile ransom?

 

[Jim H - VA USA]

How about a federal law requiring that critical production systems NOT be connected to the internet in any way.

Despite what everyone seems to think, all computers do not have to have an internet connection.

To run a pipeline system I'm not sure what software they were using, but may guess would be a DCS, which shouldn't be connected to the internet, or hackable. If it was connected they deserved to be hacked.

Distributed control system - Wikipedia

en.wikipedia.org

Nowadays most end-users want to be able to connect to control systems remotely from their office PCs or from home.

So companies insist that control systems be connected at least to the office network and usually to the internet.

They also like to have automated systems monitoring and alerting...usually using Solarwinds.....

That's just stupid and lazy. They get scammed by faux "security" companies like "Solarwinds" who say their firewalls are secure. Dumbasses.

FYI:

Solarwinds doesn't produce firewalls, they produce monitoring and network/systems/application management software (along with an assortment of IT Professional Utilities) and other than the recent security flaw on their Orion platform their software has been pretty solid.

"It ain’t what you don’t know that gets you into trouble. It’s what you know for sure that just ain’t so." -- Donald G. Reinertsen

Whatever US computer security companies are doing, just isn't working. The Russians hack just about everything they want to. IMHO the US needs a paradigm shift in computer security competency. The Russians look very capable, and the US looks like chumps.

That's a complete mischaracterization of the situation which is far more complex than one might believe looking on the surface.

Just to begin with, we're (the good guys) are in a situation where we have to defend against constantly evolving threats coming at us 24x7x365 from all over the globe where the bad guys only need to get lucky once to breach and they can attack many targets at once for little to no cost, while the good guys have to spend tremendous amounts of time, effort and capital to defend.

Leading US Companies specializing in cybersecurity solutions are (for the most part) solid companies (as are many foreign companies in the space), it's just that they're in a space where the battlefield is never the same from day to day and the enemies are coming from all sides and getting more sophisticated every day.

Totally agree with every word in your post. "Firewalls" are apparently wat too porous.

That said, the "battlefield" is NOT in our favor, so we need to pull a stratagem out of our hat.
My recommendation would be a new "bulletproof" OS.
Failing that, a good OS with a "bullet-proof" keyed administrator tool, not just a PW, but a physical thumb-drive key that can't be duplicated so no one but the admin can do hackable things.
Just like driving a car, we need some new physical device to keep remote hackers out.

Sadly, the hack reportedly exploited a known hole in an outdated version of MS Exchange software...

Colonial Pipeline using vulnerable, outdated version of Microsoft Exchange: report

Colonial Pipeline may have been using an outdated version of Microsoft Exchange when it was targeted by a ransomware attack late last week.

www.foxbusiness.com

Thanks for that post! Microsoft Exchange!! Any product that begins with "Microsoft" is probably hackable.

Reportedly, the pipeline hackers just got hacked. Darkside servers got taken down today...

Servers Of Colonial Pipeline Hacker Darkside Forced Down: Security Firm

Servers for Darkside were taken down by unknown actors Friday, a week after the cyber extortionist forced the shutdown of a large US oil pipeline in a ransomware scam, a US cyber security firm said.

www.barrons.com

That's good news. However, I can't help for the conspiracy theory side of my brain to kick in. Did the pipeline hackers actually get hacked, or are they simply shutting things down for awhile in order to stay on the down low after getting such a high profile ransom?

>I can't help for the conspiracy theory side of my brain to kick in. Did the pipeline hackers actually get hacked, or are they simply shutting things down for awhile in order to stay on the down low after getting such a high profile ransom?

That's not conspiracy thinking; that's reasoned deduction. Good thoughts.

 

[Gdjjr]

You idiot. We get all sorts of perks by having the currency that is most used for trade.
You WANT to give that up?

Hey you idiot- being in servitude for using a monopoly isn't exactly a perk where I come from

 

[Lesh]

You idiot. We get all sorts of perks by having the currency that is most used for trade.
You WANT to give that up?

Hey you idiot- being in servitude for using a monopoly isn't exactly a perk where I come from

Where the fuck is that?
Russia? Bulgaria?

Gofuckistan?

 

[evenflow1969]

FECKLESS. Describes the Xiden administration perfectly.
Feeble or ineffective.
Spiritless; weak; useless; worthless.

Colonial Pipeline did pay ransom to hackers, sources now say

Colonial Pipeline paid the ransomware group that carried out a crippling cyberattack, two sources familiar with the matter told CNN on Thursday.

www.cnn.com

Stupid Russians probably could have gotten a lot more than $5m (crime pays!!).
Maybe they have even richer chumps lined up for their next ransomware attack?

Lol, privately owned firm. Privately paid the ransom. Private sector does everything better than government remember? It is the Republicans that tout no rules and regulations for the private sector. You wanted it ya got it. Now maybe you dumb fucks will support some rules and regulations. Like here is a couple for ya, how about requiring all governmental and critical infrastructure computer parts be made and manufactured in the USA with governmental over site. Also all critical infrastructure computers be require to be on wired closed loop systems not connected to the internet. That solves these issues but ya gotta be able to regulate we all know your ilk are whole hearted against such things. So go ahead and continue your propaganda lies.

 

[debbiedowner]

FECKLESS. Describes the Xiden administration perfectly.
Feeble or ineffective.
Spiritless; weak; useless; worthless.

Colonial Pipeline did pay ransom to hackers, sources now say

Colonial Pipeline paid the ransomware group that carried out a crippling cyberattack, two sources familiar with the matter told CNN on Thursday.

www.cnn.com

Stupid Russians probably could have gotten a lot more than $5m (crime pays!!).
Maybe they have even richer chumps lined up for their next ransomware attack?

Their insurance company found it was quite a bit cheaper than building a new system so the the insurance company paid.

 

[debbiedowner]

FECKLESS. Describes the Xiden administration perfectly.
Feeble or ineffective.
Spiritless; weak; useless; worthless.

Colonial Pipeline did pay ransom to hackers, sources now say

Colonial Pipeline paid the ransomware group that carried out a crippling cyberattack, two sources familiar with the matter told CNN on Thursday.

www.cnn.com

Stupid Russians probably could have gotten a lot more than $5m (crime pays!!).
Maybe they have even richer chumps lined up for their next ransomware attack?

Yeah, I have a feeling whether or not they pay the ransom is going to have a minuscule effect on whether they try to do it again.

There’s just no risk to the hackers.

Yes and no. The hacker's in fact were hacked two days ago and their whole operation has been shut down. But you're right there will be other's.

 

[kyzr]

FECKLESS. Describes the Xiden administration perfectly.
Feeble or ineffective.
Spiritless; weak; useless; worthless.

Colonial Pipeline did pay ransom to hackers, sources now say

Colonial Pipeline paid the ransomware group that carried out a crippling cyberattack, two sources familiar with the matter told CNN on Thursday.

www.cnn.com

Stupid Russians probably could have gotten a lot more than $5m (crime pays!!).
Maybe they have even richer chumps lined up for their next ransomware attack?

Lol, privately owned firm. Privately paid the ransom. Private sector does everything better than government remember? It is the Republicans that tout no rules and regulations for the private sector. You wanted it ya got it. Now maybe you dumb fucks will support some rules and regulations. Like here is a couple for ya, how about requiring all governmental and critical infrastructure computer parts be made and manufactured in the USA with governmental over site. Also all critical infrastructure computers be require to be on wired closed loop systems not connected to the internet. That solves these issues but ya gotta be able to regulate we all know your ilk are whole hearted against such things. So go ahead and continue your propaganda lies.

Every so often the "free market" fucks up. I'm very fine with regulations that preclude hackers of any kind

 

[kyzr]

FECKLESS. Describes the Xiden administration perfectly.
Feeble or ineffective.
Spiritless; weak; useless; worthless.

Colonial Pipeline did pay ransom to hackers, sources now say

Colonial Pipeline paid the ransomware group that carried out a crippling cyberattack, two sources familiar with the matter told CNN on Thursday.

www.cnn.com

Stupid Russians probably could have gotten a lot more than $5m (crime pays!!).
Maybe they have even richer chumps lined up for their next ransomware attack?

Their insurance company found it was quite a bit cheaper than building a new system so the the insurance company paid.

"Crime Pays" is NO WAY to run a country. What happens next time when its 100x more?

 

[evenflow1969]

FECKLESS. Describes the Xiden administration perfectly.
Feeble or ineffective.
Spiritless; weak; useless; worthless.

Colonial Pipeline did pay ransom to hackers, sources now say

Colonial Pipeline paid the ransomware group that carried out a crippling cyberattack, two sources familiar with the matter told CNN on Thursday.

www.cnn.com

Stupid Russians probably could have gotten a lot more than $5m (crime pays!!).
Maybe they have even richer chumps lined up for their next ransomware attack?

Lol, privately owned firm. Privately paid the ransom. Private sector does everything better than government remember? It is the Republicans that tout no rules and regulations for the private sector. You wanted it ya got it. Now maybe you dumb fucks will support some rules and regulations. Like here is a couple for ya, how about requiring all governmental and critical infrastructure computer parts be made and manufactured in the USA with governmental over site. Also all critical infrastructure computers be require to be on wired closed loop systems not connected to the internet. That solves these issues but ya gotta be able to regulate we all know your ilk are whole hearted against such things. So go ahead and continue your propaganda lies.

Every so often the "free market" fucks up. I'm very fine with regulations that preclude hackers of any kind

I really can not understand why common sense regulation like critical infrastructure being built in the USA and not hooked to the internet have not all ready been inacted already. Over a million lines of codified law many of which are useless but we can not enact the simple stuff. Good grief.

 

[danielpalos]

How difficult would it be to connect Keystone to Colonial, and upgrade the system in the process?