The breach that is: … Solar Winds takes a very interesting turn: part 3

So far, we’ve written two parts, and I know there is a lot more to write. I know there is a lot more to read too, and I know the time and effort i’m putting in to making sense of this and putting my thoughts in to this will be worth the read. Let’s continue on with more of what I have on th Solar Winds debacle as it is continuing to unfold.


There are two articles where the government is involved, and the government tag will be used in this part of the article. You can search Solar Winds and get all of the articles regardless if I used tags or not.

The first article is Senator: SolarWinds hackers breached ‘dozens’ of Treasury email accounts which was quite interesting too.

According to this article: whoever is responsible got in to the highest departments of the government in regards to email access. The Department of Treasury still does not know what extent the hackers did to their network, and the investigation continues.

I want to reitterate that is apparent espionage, the places I monitor aren’t saying one way or the other. When we first blogged this as breaking they even said it wasn’t espionage. If this is the beginning of this being so, we’ve got to get these guys punished.

According to this particular article, the breach at treasury started in July. According to that paragraph, it says:

The breach at Treasury began in July, and the full extent of it is still unknown, Wyden said in a statement. “Microsoft notified the agency that dozens
of email accounts were compromised,” he said.

This proves that whomever targeted the government, did gain access to Microsoft property such as office365 accounts and the like. How extensive, we’ll never know.

The scope of the breach at the Commerce Department is gradually being revealed, too. The hackers breached some three dozen email accounts since June at
Commerce’s National Telecommunications and Information Administration, a U.S. official familiar with the investigation said. It’s unclear what information
they were after, but such email access could be valuable for espionage. A Commerce Department spokesperson did not immediately respond to a request for
comment. …

This is becoming good news, at least on this front so please continue to share the news when you have something to share.

In this article, William Barr joined others in saying that Russia is involved in this, but I definitely want a 100 percent proof before I write that it is definitely Russia.

As reported earlier and in the video I linked in a prior part to this article, only 50 targets were the true target of whatever they decided to do. What makes this worse, the researchers found evidence of another hacking group who deployed code affecting Solar Wind products as well.


Finally, someone is really interested in what is going on with the government and what they’re doing about this breach. This article entitled: Biden takes aim at Trump, Russia over SolarWinds breach is the last in this series that I’m going to write about.

President-elect Joe Biden pressured Donald Trump on Tuesday to name the hackers behind the SolarWinds breach, saying that the evidence suggests Russia
is responsible.

Biden also faulted the incumbent president for his handling of the nation’s digital defenses and vowed to do “all that needs to be done” to get to the
bottom of the sweeping cyber espionage campaign, then punish the culprits.

“It is a grave risk and it continues. I see no evidence that it’s under control,” Biden said during a speech in Wilmington, Delaware. “The Defense Department
won’t even brief us on many things. So I know of nothing that suggests it’s under control. This president hasn’t even identified who is responsible yet.”

Mr. Biden, I don’t believe that Mr. Trump will ever come out and tell the American people who did anything, because his own company was breached three times before he even took office. This blog post from 2016 titled WHY BLIND AMERICANS ARE WORRIED ABOUT TRUMP’S TECH POLICY really speaks volumes, as I don’t believe he had a tech policy if now he’s being questioned about what happened in the solar winds breach. He can’t even pass email security tests (blog post) and even before he took office he was winning but hotels continued to be breached. This blog post Trump continues to win, hotels continue to be breached talks about that aspect of his ordeal.

I’ve got other articles on Mr. Trump you can find on my articles page that I won’t spend any more time on trump and linking articles here.

Back to the article at hand, Mr. Trump can’t even tell us much of anything, and if these articles I’ve linked to from 2016 indicate, we’re still behind. Mr. Trump hasn’t even helped us in that regard I must think.

This article says that Mr. Trump downplayed the attack, just like he downplayed other aspects of things that has come up that he has had delbt with either by others, or by downplaying the event entirely.

“Cyberattacks must be treated as a serious threat by our leadership at the highest level,” Biden said. “That means making clear and [public] who’s responsible
for the attack and taking meaningful steps to hold them to account.”

Why did you think that I wrote up this post-mortem report in regards to customtumblers.us even though there was no security attack? What about this post-mortem report when jaredrimer.net couldn’t be accessed by AT&T for several hours? I’ve been lucky, but other companies haven’t been so lucky.

Because Trump fired many people after he lost the election in 2020, he has downplayed cybersecurity in a big way, and I don’t blame Mr. Trump for attacking him one bit. Here is the last paragraphs of this article and they are worth quoting.

“It’s a sign that with a new administration, we can confront these threats on a bipartisan basis here at home,” he said. “That should be encouraging to
the American people.”

Overall, Biden said his approach on cybersecurity would be to work toward “international rules of the road on cybersecurity,” and he said that it could
take billions more in funding to secure the U.S. in cyberspace.

He said he would make it a priority to get to the bottom of the SolarWinds breach, determine how extensive the damage is and formally declare who’s responsible.

“When I learn the extent of the damage and in fact who is formally responsible, they can be assured that we will respond, probably respond in kind,” Biden
said. “There are many options which I will not discuss now.”

He wouldn’t discuss those options, he said, because it’s similar to any other international crisis where the U.S. doesn’t spell out its precise remedy
in advance.

Addressing the massive cyber espionage campaign “will be an overwhelming focus for my administration,” Biden said.

I hope that we can really come down to the bottom of this entire mess, get a handle on cybersecurity norms, and start behaving normally. If we get in trouble doing something wrong, we pay for it. If it is in cyberspace, seems like nothing is done because there are no treaties or the like to pick up these actors. How do we get them to understand that this is enough? The comment boards await you.

This completes the 3 part series to date, I’m sure I’ll have more to post about this as I read more. Let the comments reign!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.