Diokine
Member
- Joined
- Mar 2, 2016
- Messages
- 624
If you haven't heard of the SolarWinds Orion supply chain hack, I wouldn't be surprised. Media coverage of this story has been scant, considering it's possibly one of the biggest information breaches in history. To sum it up - hackers inserted malicious code into updates for the SolarWinds Orion software, which is used to manage network infrastructure at a large scale. These updates were then pushed to client machines, including US Government agencies, giving the hackers near "God-Mode" access to the networks. This happened no later than mid-March, meaning whoever did this has had access to extremely sensitive networks for months. This could be very bad.
I have had suspicions that something big was happening in the IT world since May after noticing several vendors and point-of-sale merchants were having issues simultaneously. This led me to research on the nature of financial network infrastructure and to realize how vulnerable our systems were. I recently saw a gas pump at a local convenience store, and noticed the screen where you entered credit card information was different than the last time I had seen it. It had a different font and scheme from the rest of the pumps functions. I then thought about a scenario where an agent could infiltrate the software company providing the software for the pumps, insert malicious code, then release some small exploit or other event that would cause the software company to push a mass update of the software running the pumps. Code running in the background could provide all kinds of data to hackers and could be used to shut down the pumps, etc. Then I realized that this same strategy could be used for many different types of embedded hardware, for instance pumps or PLCs in large buildings, electric transfer stations, etc.
Hackers could even go a step further and could compromise the logic running internet infrastructure, like the routers and switches of large datacenters. They could then execute man in the middle attacks, generate compromised security tokens, and hide their activities much better. They could also selectively shut down huge portions of service or technically bring down the "entire internet." The interconnectedness of our information infrastructure means that this breach has compromised hardware level security of the networks running everything. I would say it's prudent to be prepared and on the lookout - things could get sketchy.
I have had suspicions that something big was happening in the IT world since May after noticing several vendors and point-of-sale merchants were having issues simultaneously. This led me to research on the nature of financial network infrastructure and to realize how vulnerable our systems were. I recently saw a gas pump at a local convenience store, and noticed the screen where you entered credit card information was different than the last time I had seen it. It had a different font and scheme from the rest of the pumps functions. I then thought about a scenario where an agent could infiltrate the software company providing the software for the pumps, insert malicious code, then release some small exploit or other event that would cause the software company to push a mass update of the software running the pumps. Code running in the background could provide all kinds of data to hackers and could be used to shut down the pumps, etc. Then I realized that this same strategy could be used for many different types of embedded hardware, for instance pumps or PLCs in large buildings, electric transfer stations, etc.
Hackers could even go a step further and could compromise the logic running internet infrastructure, like the routers and switches of large datacenters. They could then execute man in the middle attacks, generate compromised security tokens, and hide their activities much better. They could also selectively shut down huge portions of service or technically bring down the "entire internet." The interconnectedness of our information infrastructure means that this breach has compromised hardware level security of the networks running everything. I would say it's prudent to be prepared and on the lookout - things could get sketchy.
