How the “Solar Winds” hack went down

Image Source: Republican Policy Committee, US Senate

Nearly every day in our digital lives, we see a multitude of apps on our phones or laptops get updated – innocuous maintenance updates that invariably include words to the effect of “This release addresses maintenance updates, stability improvements, and bug fixes.” It was during one of these routine releases late last year that triggered one of the more immensely damaging and wide ranging hacks the US has ever seen, commonly known as the Solar Winds hack. It is named after the company of the same name, and was triggered by an update of their widely used Orion software that helps companies and major technology operations in the US Government monitor network activity. Like a tiger laying in wait, the seemingly boring update triggered what many believe is one of the largest and most damaging hacks the US has ever seen. For many who analyze this sort of thing, the true impact of this will not be able to be calculated for months if not years.

In the months since it happened, NPR has been doing its research to learn more about how exactly it went down and where the checks and balances failed. As was reported when it happened, the brilliance and sophistication of the hack can not be understated.

Network monitoring software is a key part of the backroom operations we never see. Programs like Orion allow information technology departments to look on one screen and check their whole network: servers or firewalls, or that printer on the fifth floor that keeps going offline. By its very nature, it touches everything — which is why hacking it was genius…

The SolarWinds attackers ran a master class in novel hacking techniques. They modified sealed software code, created a system that used domain names to select targets and mimicked the Orion software communication protocols so they could hide in plain sight. And then, they did what any good operative would do: They cleaned the crime scene so thoroughly investigators can’t prove definitively who was behind it. The White House has said unequivocally that Russian intelligence was behind the hack. Russia, for its part, has denied any involvement.

“The tradecraft was phenomenal,” said Adam Meyers, who led the cyber forensics team that pawed through that tainted update on behalf of SolarWinds, providing details for the first time about what they found. The code was elegant and innovative, he said, and then added, “This was the craziest f***ing thing I’d ever seen.”

Dina Temple-Raston, NPR

The first foundation blocks of the hack started in late 2019 when the hackers inserted a seemingly simple line of code into the software that would indicate to them if the server used a 32-bit or 64-bit processor. Once the hackers were able to see a response to that simple query, they knew they could wreak some havoc. And five months later, they set down further foundational blocks by inserting code that would inform them whenever there was an impending software update.

Under normal circumstances, developers take the code out of the repository, make changes and then check it back in. Once they finish tinkering, they initiate something called the build process, which essentially translates the code a human can read to the code a computer does. At that point, the code is clean and tested. What the hackers did after that was the trick.

They would create a temporary update file with the malicious code inside while the SolarWinds code was compiling. The hackers’ malicious code told the machine to swap in their temporary file instead of the SolarWinds version. “I think a lot of people probably assume that it is the source code that’s been modified,” Meyers said, but instead the hackers used a kind of bait-and-switch.

But this, Meyers said, was interesting, too. The hackers understood that companies such as SolarWinds typically audit code before they start building an update, just to make sure everything is as it should be. So they made sure that the switch to the temporary file happened at the last possible second, when the updates went from source code (readable by people) to executable code (which the computer reads) to the software that goes out to customers.

Dina Temple-Raston, NPR

Similar to the situation that happened in the days and weeks leading up to the 9|11 attacks, there were small signals and flags that were picked up by random people in random places, however none of those pieces were put together to demonstrate that something nefarious was going on. It was only after a network administrator at FireEye discovered that there was a listing for two phones for a single employee that they realized that there was a hacker within their network.

Another reason why this hack was such a ‘work of art’ was that all the normal trackers look for ‘normal techniques’ which usually account for 90 to 95% of all attacks. This one was so unique and so stealth that it completely bypassed all normal checks.

Like other catastrophic failures of all shapes and sizes, this hack had its warning signs. There was just no one there looking at the big picture that could have put these pieces together to see what may be happening just beneath the surface. The NPR article is a really great read, and probably worth a second read, just to really grasp the level of sophistication some of these nefarious hacking organizations have.

How the Patriots found him

Last week, Julian Edelman of the New England Patriots retired from pro football after an amazing 13 year career with the only team he knew. Edelman started his football career at a Quarterback at a Southern California Junior college and then transferred to Kent State University in Ohio to play the same position. He was making headlines at Kent State at QB, however the prospect of a 5’9″ QB from a Missouri Valley Conference school breaking through in the pros was slim to none. Yet, the scouts on the Patriots staff saw something, and the story of how they developed relationships with the coaches at the school, and evaluated how Edelman could possibly play other positions in the pros is a story I absolutely love. From Mike Reiss at ESPN:

But Julian was a heck of a football player, and you don’t want to discard really good football players. So you think outside the box and try to get creative, try to find a role for him. There were reasons you thought it could work. He had incredible short-area quickness. He had really good reactive cutting ability. He had great football instincts in terms of feeling people — spatial awareness, things of that nature. Extremely tough with the ball in this hands.

“Digging into the background part of it, he was extremely competitive. The fact he was a California [Junior College] kid and assimilated at a school in the Rust Belt, that’s not easy to do. He’d come out to practice and B.S. with the wideouts, so you could tell he was comfortable with that position group, and that made you feel good — that he was one of the guys.”

Nagy recalled that Edelman just wanted to play football, and bought into the idea of a position switch in the pros — which doesn’t always happen with prospects. The Patriots had December scouting meetings, and then their standard cross-check process in February, with Pioli assigning Nagy wide receivers as his cross-check position. Through that process, Edelman landed on the team’s draft board.

Mike Reiss

Wether he makes the NFL Hall of Fame is up for vigorous debate and that decision and evaluation is way beyond my influence. However, this life long Patriots fan has nothing but respect and happy memories of all that he did to help the team win several Super Bowl championships. He was dependable, tough as nails, and made some phenomenal plays during his career, none more important that the catch in the photo above that he made against the Falcons in SB LII.

Confirmed Russian Collusion

In case this was overlooked with all the other news that is out there these days, a press release from the US Treasury department confirmed what most thought was true but had not been confirmed by the Mueller Report or the bi-partisan Senate Intelligence Committee – what actually happened after Paul Manafort provided Konstantin Kilimnik with the polling data and campaign strategy back in 2016? Yup, Kilimnik passed it on to the Russian Intelligence Agency (aka the “new” KGB) and it likely made its way to Putin himself. From the always excellent Letters From An American Substack:

We also knew from the Senate Intelligence Report that Manafort had provided Kilimnik with secret polling data from the Trump campaign in 2016—his business partner and campaign deputy Rick Gates testified to that—but the committee did not have evidence about what Kilimnik had done with that data.

Today’s Treasury document provides that information. It says: “During the 2016 U.S. presidential election campaign, Kilimnik provided the Russian Intelligence Services with sensitive information on polling and campaign strategy.”

It is hard to overestimate the significance of this statement. It says that Trump’s 2016 campaign manager, Paul Manafort, provided secret polling data and information about campaign strategy to a Russian intelligence officer, who shared it with Russian intelligence. Russian intelligence, as we also know from both the Mueller Report and the Senate Intelligence Committee report, both hacked emails of the Democratic National Committee and the Clinton campaign, and targeted U.S. social media to swing the 2016 election against Democrat Hillary Clinton and to Donald Trump.

By itself, the statement that the Trump campaign worked with Russian intelligence is earthshaking. But aside from the information about the exchange of this particular kind of intelligence in 2016, this statement also indicates that the Trump campaign itself was not simply operating in happy if unintentional tandem with Russian intelligence– which was as far as the Muller Report was willing to go– but in fact had an open channel with Russian operatives. That’s a game-changer in terms of how we understand 2016 and, perhaps, the years that have followed it.

Heather Cox Richardson

Just so we’re clear, 70 million US citizens voted to re-elect a US President who worked directly with the Russians to ‘win’ the 2016 election, got impeached twice, incited an insurrection on the US Capitol on January 6, 2021, and botched the country’s response to the COVID-19 pandemic to the tune of 500,000+ dead US American citizens. Amongst other things.

Abandoned Soviet era copycat Space Shuttles

Two Russian, Soviet era, space shuttles abandoned in Kazakhstan. via CNN

Back in the 1980s and early 1990s, with the US and Russia locked in the depths of the “Cold War”, the US took a major step ahead of Russia in the ‘space race’ by launching the inaugural Space Shuttle mission. Russia felt the need to compete with the US and develop their own version of the Space Shuttle, which they did with great similarity.

A few years ago, some photographers from Europe found their way to sneak into an abandoned hangar in Kazakhstan (neither was named Borat) not too far from the active Russian space launch pads that are currently used today, where these two old Russian shuttles still sit.

It was the Soviet response to the space shuttle, designed to take the Cold War into space. But after just one flight, it was mothballed. Now, the ruins of what was called the Buran program are left to rust in the steppe of Kazakhstan.

Two shuttles and a rocket lie in disused hangars, not far from the launchpad of that first flight, at the Baikonur Cosmodrome. It’s an active spaceport about 1,500 miles southeast of Moscow, still used today to send and retrieve astronauts from the International Space Station.

The site is not open to the public, but a few adventurers have mustered the courage to sneak in and take a look.Among them is French photographer David de Rueda, who visited the site three times between 2015 and 2017: “The space shuttles are only a few hundred meters from active facilities. Getting there was an epic adventure, we didn’t know if we would make it because the Kazakh steppe is a hostile environment. But it was entirely worth it. This place is unreal,” he said in an email interview.

CNN

These shuttle, called Buran (Russian for ‘blizzard’), only went on one flight in 1988, a year before Communism and the Cold War fell along with the Berlin Wall. As the world changed, the Russian money used to fund this experiment dried up and they never did any further flights.

The photos in this article are spectacular and you have to think that the sheer thrill that the photographers had in sneaking into these hangars must have been off the charts.

Alright alright alright

A ‘supercut’ of all the iconic scenes that Matthew McConaughey was in from the movie “Dazed & Confused”. I re-watched this movie a few months ago and just loved every scene that Wooderson was in. I wanted to be there. I wanted to hang out with him. He jumped off the screen.

The backstory of how he got the role is pretty awesome, as detailed in this excerpt from his recently released book Greenlights. To his credit, it wasn’t the ageless ‘Alright, alright, alright’ scene that he keyed on when reading the script – since it was essentially improvised and didn’t exist in the script. He focused in on, in my mind, the even more iconic line:

That’s what I love about these high school girls, man. I get older, they stay the same age.”

The whole scene when he is hanging out at the drive in with the guys, hanging on the wall, just dripping ‘cool’ is fantastic. He owned every piece of that scene, culminating in him delivering that line. The back story on how he thought through how he was going to present Wooderson for that scene is great:

Wooderson was 22 years old but still hanging out around the high school. That line opened up an entire world into who he was, an encyclopedia into his psyche and spirit. I thought about my brother Pat when he was a senior, and I was 11. He was my big brother, my hero. One day, Pat’s Z28 was in the shop so Mom and I were picking him up from high school.

We were slowly pulling through campus in our ’77 wood-paneled station wagon, Mom driving, me peering out the window in the back seat. Pat was not where we had planned to meet him.

“Where is he?” asked Mom.

Turning my head to look left and right and then out the back window, I saw him about a hundred yards behind us, leaning against the brick wall in the shade of the school’s smoking section, one knee bent, boot sole against the side of the building, pulling on a Marlboro, cooler than James Dean and two feet taller.

“Ther — !!” I started to shriek, then caught my tongue because I realized he’d get in trouble for smoking.

“What’s that?” Mom asked.

“Nothin, Mom, nothin.”

That image of my big brother, leaning against that wall, casually smoking that cigarette in his low-elbow, loose-wristed, lazy-fingered way, through my romantic 11-year-old little brother eyes, was the epitome of cool. He was literally 10 feet tall. It left an engraved impression in my heart and mind.

And 11 years later, Wooderson was born from that impression.

Matthew McConaughey

Twenty eight years later, Mr. McConaughey is still super cool and still riding the wave of that iconic performance.

The Louvre digitizes its full collection

Italie Panini, Giovanni Paolo, Musée du Louvre

The Louvre in Paris last week announced that it had digitized its entire museum collection of artwork, a collection that is close to a staggering half a million pieces.

While trying to navigate and enjoy the entire collection could be daunting, they did break it down into different ‘albums’ such as Masterpieces, Historical Events, and Kings, Queens and Emperors, to name a few.

To me, the album that is most interesting is the National Museums Recovery, which highlights stolen or hidden artwork from World War II that has been recovered by the museum.

After World War II, 61,000 works of art were retrieved in Germany and brought back to France. Many had been stolen from Jewish families. To date, more than 45,000 have been returned to their rightful owners. Unclaimed works were sold by the French State, with the exception of 2,143 objects placed under the legal responsibility of the Ministry of Foreign Affairs and entrusted to French national museums for safekeeping. These works are not the property of the State. The Musée du Louvre, is committed to carrying out research to find their rightful owners or beneficiaries. 

Louvre

The piece above, The Roman Forum (Vue du Forum à Rome) by Giovanni Panini is one piece from this album/collection and I found it really striking. It is really neat to see the other works that have been recovered in this collection. It also serves as a reminder of what was stolen from broader society during the time of World War II.