Tech Talk with Craig Peterson Podcast: SolarWinds Hack, Nation-State Ransomware, Fire-Eye RedTeam Tools and More

---

Automated Machine-Generated Transcript:

Craig Peterson: [00:00:00] In case you didn't hear, we have had a massive hack. We're going to be talking about that and what it means to you. What it means to the federal government. What it means to organizations that are using SolarWinds. Oh my

Hi everybody. Craig Peterson here. Had a great discussion this week with Mr. Matt Gagnon Wednesday morning, as we usually do, and we're going to continue that now. Let's get into it in a little bit more depth.

You probably heard me pounding on that table and it was just unbelievable because the bottom line here is these particular hacks were effective because these supposedly "Professional Security People" did not follow the basics. They didn't have the software configured according to the manufacturer of the software's specifications.

So number one, read the directions.

Number two, they didn't use the most basic of security controls that are out there.

You've got to watch these domains, capabilities, practices, processes. That's what we are always talking about in the cybersecurity business. They were not monitoring outbound connections. They didn't stop the call home stuff.

What I keep telling you guys, the easiest way to stop the spread of some of this nasty software is to use Cisco Umbrella. It's just that simple. Cisco Umbrella for just regular people is free. How could you get better than that?

When you get into the business level, which you cannot buy on their website. You can buy some very good stuff from the Umbrella website, from Cisco then you get a lot more features and fine-tuning and granularity and stuff.

If they had just been using Cisco Umbrella, that probably would have stopped the call home. That's what it does. Okay.

These are professional organizations that got hit here. Professional organizations.

We do not allow Willy nilly, outbound connections.

Some of these pieces of software pretend that they are a web browser and they just want to go to this website. If you're allowing your employees on your network to go Willy nilly, wherever they want online, you got some problems.

If you're just filtering for instance, Oh I'm not going to let them go to porn sites or something. Violence sites or Netflix to watch TV movies all day long. Instead of working, that's not good enough. That might help to keep them paying attention a little bit more to their work. I've found frankly, much of the time, they spend trying to figure out how to get around those filters. We catch people doing that all of the time. You have to talk to them and explain why the most dangerous parts of the internet, from a security standpoint, are the parts of the internet where you are going to have some of that nasty content that they might be looking at for. Once they understand that, usually they wake up and smarten up, et cetera, et cetera. But if that's all you're filtering for.

How are you going to know that there is a piece of Chinese back door software on your network, that's trying to get out? How are you going to know that there's a Russian back door trying to get out? Or there is a hacker that's in your network who is exfiltrating all of your data and then they're going to hold your data. Not quite hostage to where it used to be, but they're going to extort you and say, Hey, if you don't pay up, we're going to release all of this intellectual property to the internet.

The right way to do it is you only allow outbound connections to places they have to go for work.

We have a company, our client, just as an example, who is in the Department of Defense space. They are a subcontractor and they deal with parts for airplane engines, certain parts. As such, they have all kinds of federal regulations and those regulations mean that they can't have data that gets stolen, that gets exfiltrated, right? That's the whole idea. They're supposed to be secure. So what do we do in a case like that?

The people that work there can only get two websites that are approved. There websites of their suppliers. Their websites of their clients and that is all. They cannot go anywhere else. Why? Because part of the problem here is what just happened this week.

What happened this week with this massive order? This has only happened five times before in all of history. We'll talk about that, as well. What is this order? What happened is they tried to go out to some other websites.

Let's say they got infected, and their computer had some nasty-ware on there that was trying to call home. Just do its ET thing, call home. It tries to get out of the network using what looks to be an innocent little web connection. It gets there normally. But if we block everything except the website that they absolutely have to go to, that software is not gonna be able to get out of their network, is it?

This is not rocket science. Yet we've got 18,000 organizations that look like they got hit in this massive cyber attack. Massive. There's a company out there called SolarWinds. Now, SolarWinds we have used in the past. We stopped using them because of some of their practices. We just couldn't, in good conscience use them. Knowing what they were doing and how they were doing it.

But SolarWinds has this network management software. They have sold it to government agencies, massive companies, 499 of the Fortune 500 companies use SolarWinds. They have this network management product called Orion. Apparently, they like any other good little software vendor-provided updates.

The updates between March and June 2020 apparently had a little extra payload.

Now, the way these actors, the bad guys got this payload into SolarWinds software really shows that it was a Nation-State.

Now of course the media is out there saying Russia, which is what they usually do. You'd think it was probably more likely to be China. But you know what we'll probably never know because these people were very sophisticated. They basically reversed engineered a one-way hash function called SHA-1 which you should not be using anymore. It was thought to be relatively safe. They combined that with another vulnerability in a web server and in some software that supports the web server and is supported by the web server and bam they're in.

SolarWinds sent out updates to their clients. Those updates included updates and went to government agencies, all, but one Fortune 500 company, and over 22,000 managed services providers.

Now, we're going to talk about MSPs some more, and we've talked about them in the past. This is a big deal. Most businesses don't do the information technology function themselves. They might have somebody that's in charge of it, but that person is the person who goes out and tries to find somebody to take care of the systems or do an audit or whatever it might be that they're trying to do. That makes sense, I think. So that's what they're trying to do. But do they really know what they should do? What they shouldn't do? What should be done? What shouldn't be done? That's a subject that we'll take up a little bit later.

This compromised software was distributed as a software update to SolarWinds customers by SolarWinds. It turned out that their software had this payload in it that now allowed an as yet unknown bad guy to get into the networks.

Now there's a statement that was filed with the securities and exchange commission. I'm looking at it right now by SolarWinds corporation and talking about the Orion products. They say that SolarWinds believes that the Orion products downloaded, implemented, or updated during the relevant period, starting in March this year, contained the vulnerability. Orion products download implemented before the relevant period and not updated, did not contain the vulnerability. It goes on and on. It says SolarWinds values of privacy and security of its over 300,000 customers.

I can't believe that this would happen. So not only was SolarWinds caught up in this but so were many of their customers and you will find it interesting to know who some of their customers are because they have also been in the news lately for different reasons.

This is just fascinating. The biggest hack in recent history, and one, that's going to have consequences for years, literally years.

Make sure you visit me online. Craig peterson.com.

We've established that there was a hack. We've established that the media thinks Russia did it and so do many security consultants. We're not absolutely sure. We probably never will be.

What is this hack doing? How is SolarWinds tied into Dominion?

This hack has been absolutely scary as heck. One of the congressmen who got a briefing on Tuesday about what had been going on. Called this absolutely terrifying. Now that is a terrifying statement to make and the accusations are that Russian government hackers are responsible for this.

Now we've seen since March this software by SolarWinds called Orion, which was in place in 18,000 organizations, was compromised. Once it was in the network, it gave bad guys access to that network. Coming out this week on Thursday, we found that the feds have, in fact, said that yes, we were affected by this. Now affected, what does that mean? Ultimately, the pros and cons to this.

The list of affected US government agencies and entities include the Commerce Department, the Department of Homeland Security, the Pentagon, the Treasury Department, the US postal service, and the National Institutes of Health. Isn't that amazing actually it is institutes, right?

This is a long list of suspected Russian hacks into the US as well as many of our allies and other nations out there. This is very scary to hear that because Russia has been using hackers, they have been using bots, and they have had other means to try and influence elections in the United States and elsewhere.

Before this latest election, we had the Democrats saying our election that elected President Trump there was influenced was hacked by the Russians. And of course, as you know of investigations for four years, they never really found that Trump was colluding with Russia.

I think the focus was absolutely wrong in those investigations. It should have been on what happened with our elections? How safe is our election software? How about the hardware? How about the mechanisms that are in place? The federal government does have guidelines for this election vote tabulating software and hardware. They have error rates that are allowed just like they have so many mouse parts that can be in peanut butter. They have error rates that are far lower than are being reported, right now. Oh, thousands of times more ballots were rejected than were allowed by law. But nothing is happening. Nothing happened.

They investigated one person, one, man, basically President Trump. A number of other people were caught up in this investigation as they laid traps for people.

We did not do a major investigation into these systems. To me, that is absolutely inexcusable. Now we're seeing some other evidence that is something that I think we should be paying some attention to and that ties right into this hack of SolarWinds.

As I mentioned, all but one, of the Fortune 500 companies use their software. 18,000 different organizations installed the version of SolarWinds Orion products that were in fact known to not just be vulnerable, but have built into them hacking tools, which is just astounding to me.

Are we going to look into this now? Because looking right on this is from the Gateway Pundit.com. They went to dominion voting software. You can go to the homepage. They probably removed it by now, but it was there when I had a quick look on their website.

This emergency directive 21 dot 01. Very rare. Only has been issued five times in the last five years is saying remove all of this. Yet Dominion Voting is apparently a customer of SolarWinds and Dominion Voting brags about how they use SolarWinds. That is scary, very scary to me. Let's talk about what it does mean.

It does mean that our friends Dominion Voting, who has been accused of having terrible software, all the way through having major backdoors in their software. Our friends over Dominion Voting could well, have been completely compromised by that is SolarWinds attack. Completely compromised.

We don't know if they were but we do know that they were using it and they are the ones with our voting machines. This goes back to what I talked about last week, where I think there is only one solution to being able to be confident about votes.

Obviously, it's too late now to deal with all of the potential voter fraud, software errors, hardware failures that have occurred in past elections. It really is too late based on the evidence I've seen, to quote Attorney General Barr. But how about the future? How about we do an investigation into these companies that are providing us with the hardware and software. Or better yet, my solution is we have ballots printed. Those ballots have serial numbers on them with a very good check sum. All we do with those ballots is we scan them on regular commercial, industrial scanners that keep pictures of those votes. So we have a hard copy that we can go to at any time of the votes. We can analyze them. We can compare it to the vote counts, et cetera. We take those pictures now and we run them through very inexpensive software.

Very inexpensive, under a thousand dollars to buy a license for some of the software. What that software does is it looks at the images that were taken by these scanners. And it goes ahead and tallies votes. If we use two or three different software packages, they should pretty much agree. Our error rate should be less than one in a hundred thousand or maybe even a million. Should be pretty darn low. Then we hand tabulate a few of these just to double-check, make sure everything is all right. We now have hard counts.

People add up the counts and as always, you have election observers from the two major parties and the minor parties they're watching this whole process.

I am for absolute transparency here. I think all of those images of the votes should also be made available to anyone who wants to download them. This is the age of the internet. Why are we not making the images of the votes available for anyone who wants to look at them? Private individuals can tally the votes and come up with what should have happened, what the count should be.

You expect a little bit of variance, but absolute transparency. People add up those votes. It's all audited. There are cameras running, webcams 24 seven watching the voting machines. Watching the election workers. Streaming to anyone who cares to look. Now we have absolute transparency. Now we can believe the vote.

That I think is the only way we can handle this.

We're going to run through some checklists here about what gamers should be doing. If you're giving a video game or one of these consoles to maybe some of your kids. I don't dunno. Maybe your husband, maybe they are kids. We're all kids. What should they be looking for this year?

We are talking about this massive hack we've been talking about, and we're going to get into some other stuff right now. I wanted to mention one more thing. When we were just talking about this major hack may have been Russia, maybe China. Sometimes it's really hard to tell who it is. If these are good hackers and these are by the way were very good hackers.

SolarWinds I just can't hold them a hundred percent responsible for this hack because part of the problem was people not reading directions, not doing just the very basic practices that are established in the industry for trying to keep things safe.

So keep that in mind as well. But it is a huge problem. It's something we all have to pay a little bit of attention to.

I had a great question this week when I was on the radio, I was asked, Hey, please tell me that there are people in our government who are trying to do the same type of thing to other governments.

And you might've heard about what is it? I would call a person hack, right? This is what is called in the industry a honeypot. You probably heard about US Representative Eric Swalwell. He is a California politician, which makes a lot of sense. He has been in office since 2013 and he is also on a very. Interesting committee.

When we are talking about Representative Swalwell, his committee assignment includes him being on the Select Committee on Intelligence. Okay. Ranking member of its central intelligence agency subcommittee. He also retained his seat on the United States House Committee on science space and technology according to Wikipedia.

This is very scary because he fell for the oldest trick in the book. It also tells us just the links China will go to in order to hack our people, our country. Don't worry, we're going to tie all of this into our hackers. Okay.

He, as well as another politician from California. Yes indeed sitting us Senator she had a driver, I think it was for about 20 years who was a Chinese spy.

Eric Swalwell had this girlfriend and apparently, this happened when he was just a mayor before he had moved up to the house. Then, of course, moved into the intelligence committee. A lady who became his girlfriend was doing everything you might expect of a honeypot, a Chinese lady who was trying to get information out of him. I don't know what information he got she got out of him. He had a lot of information.

Now. If this were to happen to a Republican, of course, just by default, the morals of a Republican would be well. I really messed up. I'm sorry. I resign. At least resign from the intelligence committee, but I resign from Congress. That has happened before. Much different response. It's just amazing to watch from a Democrat and Republican.

Nancy Pelosi should have removed him from his very sensitive government positions. This guy has demonstrated that he can't keep his well, you know what I mean, and not reliable when it comes to secrets. Why hasn't the FBI said, I don't care what you say, Ms. Pelosi, we want this Congressman removed?

The big question is how did we find out about this? What ended up happening that brought us to the point where we realized that Eric Swalwell was a major security risk and was on the select intelligence committee? On oversight committees. Okay. It's scary, isn't it?

This ties into this whole hacking agenda. It looks like we might have been hacking, as well. I'd be shocked if we weren't. We have teams, red teams, in every branch of government, basically, that hack. That's what they do. They're hacking in order to see what weaknesses we have. But this has been barely reported at all.

This also happened last week. A major leak of official records from the Chinese communist party. Many of these Chinese communist party higher-ups are living and working in other countries, including the United States, Australia, United Kingdom of course, and this list that's been uncovered has about 2 million members of the Chinese communist party.

Now, remember these people have sworn an oath to do everything they can to protect and build up the communist party. Okay. This database lists names, party positions, dates of birth, national identification numbers, ethnicity, telephone numbers of these members.

Now. Australia Sky News on Sunday reported that the database quote "lifts the lid" on how the party operates under president and chairman Xi Jinping. The leak shows that the party branches are embedded in some of the world's biggest companies and even inside government agencies. Communist party branches have been set up inside Western companies, allowing the infiltration of those companies by CCP members who if called on are answerable directly to the communist party. To the chairman, the president himself.

So apparently along with the personal identifying details of almost 2 million communist party members, there are also details of 79,000 communist party branches. Many of them inside companies. Now there was some analysis done of this member, we've only had it for what about a week now, but the analysis has been done so far has been interesting, cause that's revealed that both Pfizer and AstraZeneca, both companies who have vaccines for this COVID virus both of these companies together employed 123 party loyalists.

There were more than 600 party members across 19 branches working at British banks, HSBC and standard chartered.

In 2016, in addition, the Daily Mail's reporting that firms with the defense industry interests, like Airbus, Boeing, and Rolls Royce employed hundreds of party members.

Now, when I found interesting is the response by the US media and the response by some of these companies. It's been reported that some of these companies, when they were alerted to the Chinese party membership of some of their people said "we're not interested in the political parties that our employees belong to."

Which is just shocking. We're not talking about basic parties here. We're talking about what effectively is an enemy of the United States and frankly, we're also looking at this hack as a declaration of war by Russia, by China.

China's done this before, too. In fact, we think they were behind another major hack you've heard of just a few years ago.

The PS five and Xbox series X apparently are almost impossible to get. Best Buy just can't get restock. But assuming you got one, what are some of the tips that you need to know? If you are playing games or your kids or grandkids are.

Video games, I've never gotten into them, but it's probably my generation. Back when I was a teenager, we had these text-based games that we would play sometimes. You're sitting in there on a teletype and you're typing into this computer over 110 bod modem. Oh, my gosh.

It was fun, so you were in a twisty maze of tunnels? I can't remember the exact wording and then you'd go left or right. And I never spent a whole lot of time on those things. Because I basically considered it a waste of time. I've played like Mario cart a couple of times when we got it for the kids and that's probably the extent of it. I've played with some of these video games that Apple has released now as part of their arcade product. I am shocked at how good they are. How good the. Resolution is. And the movement of the phone itself can be read by the game. Your phone is your controller. So if you play games on these video devices or on a PC of some sort or even a Mac. You're not too worried about availability because the software is easy, right? It doesn't cost much to duplicate that software. Probably doesn't even cost a penny, nowadays for the guys to download the game to someone. Of course, there are other charges and stuff involved, but it's just so easy to do.

So we're going to have a lot of them this year. Many of the people who are playing these games are the younger millennial generation, the Z generation, and both of them really have issues when it comes to security.

I mentioned this before in talking with my youngest son, about two weeks ago, about security. He just didn't seem to care. Now, we had given him a really good firewall router and a wifi system built into it. All kinds of processing that was going on. It was a Cisco device. Cisco firewall. It was analyzing everything coming into his network, everything going out from his network. It does a very good job of it. It had a limit of, I think, it was 250 megabits worth of data flowing through it. He said megabytes, and I'd have to look at the specs on it. Actually, I do think it's two hundred and 50 megabits and that particular device was great.

You're cruising the web. You have software of a machine gets infected, trying to get out. It'll shut it down just as all of this. His roommate, who calls himself a gamer, didn't like that at all. So he ordered a gigabit network coming in. It's a gigabit over RF cable modem, which is crazy. Cause you're not going to get it and we had previously explained, Hey, listen. Your biggest problem is going to be latency turnaround. It's not going to be the bandwidth. We showed him these statistics that our router had gathered that he never used more than 10 megabits of the worth of bandwidth, which is, pretty normal.

I've read some studies on it and 10 megabits, 20 megabits. That's the max that is used by these video games. He knew better, cause he's in his twenties, and he's a professional gamer, almost. Not that he makes money from it, but he's a professional gamer and he has been talking in the gaming community.

So rule number one is they don't need as much bandwidth as they think they need. What they need is a, basically a jitter-free line so that they can talk to their friends without any problems while they're playing the games. They need a very quick turnaround, so the round trip time needs to be fast.

I brought up with my son, Hey, listen. You realize that he went out and upgraded the line and then ripped out, while you were gone, the firewall. He put in a better one than handles a gigabit and of course, yeah, no better. The wifi that he has in the house that his friend purchased as his roommate, does not provide gigabit over the Wi-FI. It just doesn't happen. It can't happen on any of this consumer stuff when you get right down to it and you look at it hard, right?

Many companies are lying to us. They publish these specs. They give all of this data and it is so misleading. I said, this is a problem now because you have security at the bottom of the pile, when it comes to your network now. Anything that gets onto his machine is going to get onto yours. The firewall was actually a zero-trust basis and would not allow his friend's gaming computer to access his computer or anything else on the network that it wasn't explicitly allowed to access. And you do you know what he told me? He said he doesn't care.

Now. I don't know. So if this is your dad and you've been doing internet cybersecurity for 30 years, and you're just getting carried away type thing that you get from an under 30 five-year-old son.

I've got kids that are actually that age too. There certainly is a difference, a major difference. I don't know what it is, but the stats that I've seen in the studies I've read are showing that these younger millennials and generation Z, which this of our kids is right on that cusp, don't care about cybersecurity. Part of the reason is that they just have given up. Now, I've been fighting it for over 30 years. I haven't given up yet, but they have, it's just a fact of life.

Just like you have to be on social media and you have to post these pictures of your wonderful life. It's just crazy.

Here are seven tips and I got these from dark reading, a great website, but obviously, I'm going to comment on them a much different way than Dark Reading's approach to it.

But I really liked these points.

Number one, we've got to make sure our kids and ourselves understand that personal information needs to be kept personal. Now, I know every one of us in this country has had our data stolen. It's guaranteed. It hasn't all been stolen and it's from a snapshot in time.

For instance, the Equifax hack. Yes, indeed. That's pretty much everybody in this country, Canada, much of Europe's personal information. Our salaries, our home addresses, our social security numbers. Everything was stolen, but that's years ago. By the way, that was probably done by the Chinese communist party. Remember that they're socialists. We talked about this last week. They steal stuff. That's what they do because they just can't compete. They don't like competition. They want to sit on their hands for the most part. Now, China's done some interesting things. With trying to combine the ability to have some free trade with the government-controlled economy, right?

They're not just like we are. Not capitalists, they are not communist there. There's never, ever even with the Soviet Union and what happened in Venezuela and Cuba, they have never actually achieved pure communism.

We don't have pure capitalism here either. Don't let them share personal information, make sure they realize that every little bit of information they share, they may be sharing with a hacker. Someone that's going to break in. We had break-ins in our neighborhood. This was probably about five years ago. A bunch of break-ins bunch of stuff stolen. Our house at that time was never broken into. It turned out that it was a kid from the neighborhood whose family had moved out and he knew things about people in the neighborhood and when they worked and when they were taking vacations. So he came back in and he started stealing from the houses, he'd break into them and steal stuff. In some cases, apparently, kids had given him codes to be able to enter houses. It's amazing.

It reminds us again of another, a best practice. That we should be exercised in business and you need to exercise in your home as well. That is when someone leaves a job. What do you do? You shut down their accounts, do it all automatically. That's the way it should work. You archived their data so they can't get back in. Now we've seen instances where network people who had been doing network work at a business left and stole just tons of things, shut down networks, change passwords because that hadn't happened.

And in this case, It's a good idea to change the code on your door lock pretty frequently. Keep track of who has what code, right? Doesn't that make sense to you? Then on top of that, with these fancier new ones where you can use the Bluetooth, the cell phone To program it.

So you just bring the phone close to the door and it automatically unlocks, it gets more complicated. It's easy to set up, but we've got to make sure we erase them.

So number one, don't share personal information. The next one, obvious as heck. We talk about it all the time but take care of your home network. Don't do what my son did and put in a cheap router. My son's roommate did make sure it's secured using multi-factor authentication. Now there are some ways around some of this, so that's why I recommend you do not use texting for multi-factor authentication. Use something like DUO or 1password or Last Pass or Google Authenticator. It's really going to help.

Stay away from chats. Now, this is difficult because much of the social stuff that goes on with gaming is over chats that are built into these games. So just be careful when they're in chats because it is used by these honeypots and others to get personal information. Kids don't realize, Hey, listen, dad is a high up in this company and I probably shouldn't be talking about that because honeypot to go after our kids, to get at us.

Avoid third party stores, apps, turn off Universal Plug And Play. (UPNP) If you still have it on your network and beware of scams when playing online. So some good tips for the kids.

This latest declaration of war as it's been called may be bad enough for government agencies and bigger companies, and 22,000 managed services providers. But man ransomware.

Then follow up to our last hour, DNI, the Director of National Intelligence Ratcliffe was supposed to have come out with a report as of yesterday about the elections and about foreign interference. Because of disagreement within the National Intelligence Community, it did not get released, at least not yet. It should be out fairly soon.

The big talk and the disagreement between various people who are in the organization, one of those jobs for life things, right? The deep state as President Trump has called it. Is that how much involvement did China really have? How much involvement did Russia have? I strongly suspect. Russia had a lot of involvement here in hacking. In fact, even our voting machines, as we talked about in the last hour because of the SolarWinds hack. How about China? They're saying it looks like it could be a major influence and have had a big impact on the election, in a number of ways, but we're not going to get into that right now.

Those big hacks have been very successful against larger companies all, but one, of the Fortune 500 apparently was affected and some 22,000 managed services providers countrywide use it according to SolarWinds, about 18,000 businesses. Were using the affected or infected, depending on how you want to look at this, but using the affected software. That's a real big deal, frankly. How about you and me? What does it mean to us as business people, as home users, et cetera? I want you guys to understand this a little better, so I'm going to explain it and I appreciate all the comments I've had about how much you guys appreciate me doing a little deeper dive into this far deeper than most anyone else can. You get these guys on the radio that just talk about absolute fluff in technology. Mainly because they don't know any better. I've just been doing this for too long.

One of these commentators, a lady who's had her own radio show for years. Just amuses me to know she was a marketer for years before she got on the radio. Maybe that's why she's a lot more successful on the radio than I am, but I'm much more successful in tech than she is.

You as a regular end-user, you're probably not badly affected by this hack, this SolarWinds hack, and all of the subsequent hacks that happened. It's probably not a huge deal for you because your home computers were not running this Orion software from SolarWinds, and you're probably not using any of the other software that's out there. I'm continually reminding everybody and I'm covering this as