Basically, someone (maybe a US soldier) got broad access to snowflake credentials that allowed them to access many, many corporate and govt accounts which contained extraordinarily sensitive data.
This has been a historic year for data breaches, a historic year for cybercrime (much of it aided by AI, as was predicted), and our enemies are absolutely capitalizing while we just stand here with our thumbs up our asses. What’s incredible about this breach, and Krebs is very rarely wrong, is that it seems to be coming from inside the house. Anyone with a confidential clearance this high to have the kind of credentials this person has been claiming (with success) should be easy to sniff out, but they are not, suggesting high capabilities. My working theory is a NK plant. NK has also had a lot of success by putting plants in US tech companies as well, which is why a lot of these breaches have been happening (in my view).
If you don’t know the long technical backstory, the United States is in a protracted and ongoing cyber war against a swath of enemy states - chiefly Russia, Iran, China, and NK. NK/China seem to have the most advanced nation state capabilities so far (unless you want to count private Israeli companies that sell services to other nation states, but I won’t go into detail on that here) and NK’s capabilities are IMO very impressive for a nation that does not have broad access to the web. I have a theory that this will become a prominent part of the next 4-8 years of the trump/trump-adjacent administrations as they deal with the rest of the world. Either we deal with this threat, which we are already losing badly to (and not just outright hacks, misinformation wars too), or we lose entirely. Every other country in the world has figured this out except maybe some European nations. This thread is for this stuff and will be a dump for anything interesting I find I can post publicly or related to the ongoing cyber threat of AI + the privacy crisis we are now facing that basically no one knows about.
was some dumb 20 year old script kiddie, krebs was right, was a soldier that was selling military contractor credentials and tried to extort the incoming president and the current vice president with phone call logs he’d obtained from verizon, then taunted intelligence agencies, caught less than 30 days after he made a small mistake. these kids are typically recruited or radicalized by much worse players, would be curious to see how him and his associates had been radicalized. These kids do not understand that anonymity online is not a real thing, if someone sufficiently powerful and determined wants to get you they will, srcurity researchers are targeted all the time. when you then go piss off those people in addition to threatening some of the most powerful people in the world, of course they’re going to find you. these kids also dont understand the ramifications of some of this stuff goes on for decades and is a huge mess, not to mention the death toll stuff like this typically incurs. dont have a lot of anything but disgust for these types, they’re usually just out for glory and make paltry sums compared to the risks they are taking.
havkers used to be more principled I feel like, these kids on a technical level are actually extremely incompetent, and the scum of the earth. one thing going on right now are gangs of ‘hackers’ that are extorting young kids into sexual material or committing self harm or violence to animals or other people, then selling it on the dark web. why? because kids are dumb and believe anything and are the most vulnerable. scum.
cve drives most compliance and security tooling and automated software that highlights vulnerabilities and fixes and documents them in a way people that do what i do in defensive cybersec can find them and secure things. its been under attack for a while, in many different ways, but i feel this is some sort of final blow. i dont know what comes next. lots of it is theater, but lots of professionals rely on this org for a lot. like, only someone with completely nefarious intentions would think this is a remotely good idea. we are fucked with a capital F.
I’ve had a weird thought lately I probably won’t articulate well. I follow a lot of this stuff out of a morbid interest and out of professional concern, but am by no means professing to be an expert.
I don’t understand the NSA or whoever is in charge of this in our defense is not entirely focused to recruit and pay private citizens to commit foreign cyberattacks on definite enemies of ours. I don’t think it’s happening at all, offensive cybersec in the manner NK, china, iran, russia, to some degree israel have utilized extremely effectively over the years just doesnt seem to be happening by us. I think we are losing this war pretty badly.
One example is kind of an asshole, definitely like actually insane security researcher/blogger i follow sometimes a few years ago took down NK’s entire network. Like, not an exaggeration. And from what I understand the technique he used was fairly trivial, at least for me to understand well enough how it worked, and suggested simply that no one had thought of anything like that before.
then he doesnt even get in trouble when the govt finds out, how could they, they probably should hire him. what law did he break? you could find some minor computer fraud and abuse act stuff but not worth throwing the book at something like this. I think he did end up consulting for them. but to me it was like, if the majority of that account was true, seemed like they just genuinely had never considered doing anything like that. and we know for almost certain our entire govt infra and actual infra backend systems are probably hopelessly compromised by backdoors. why arent we doing that? i guess we cant know for sure if we are or arent, the US to me just seems very behind here from a casual semi informed view.
i mean the deal is kind of raw for the citizen, they get a way higher than avg chance of ending up in a freezer with all their internal organs than the average citizen would, but everyone has a price.