201222 From Solar Winds hack to Symantec hack, McAfee hack, F-Secure hack, Avecto hack and...SAAB
Latest Solar Winds hack could have been discovered long time ago, and avoid so much dammage as it is partially recognized today.
Main cause: many companies and state authorities have a blind belief in an already established trusted software company, especially if it is located in USA or UK.
Responsible with IT Security Management, Repacks and Application Specialists trust blindly any version and update if it is "signed" with a "verified" digital signature.
They get for granted above and do not trust if any would reverse-engineer a certain software for backdoors discovering.
How about if a certain famous software company have backdoors in their intranet or update servers and unauthorized strangers get access to their intranet and signing tools and certs or special access cookies which can emulate authorized external access?
This was the case few years ago with all famous names: Symantec, McAfee, Avecto, F-Secure.
All above, reputated security software companies from USA, UK, Finland-Sweden, actively used in many global companies and state/military/sigint authorities.
Imagine a high-security encrypted laptop being left completely open.
Imagine a cloned RSA Security USB-stick for unauthorised access.
Imagine an intranet antivirus server "cooked" with modded virus-definitions updates.
Imagine a "poisoned" Access Server, with modded records if unauthorized access records installed.
Imagine a user getting hidden local/global admin rights, after "getting unauthorized access" to Active Directory records of others.
Unfortunately, the practice described above (trust blindly and refuse to accept "unpleasant" discoveries) is well spread mostly among Corporate CEOs and high-rank officers and responsibles.
If someone discovers "the incredible", it's like whistling in the church and gets punished instead of using precious info with critical timing.
Few years ago I worked as IT-Security Administrator SAAB Global Network.
After discovering similar issues, SAAB leading thought I whistled in the church.
What is more serious is that a lot of hacking info discovered by me was found via my direct hacking of certain servers located in Russia.
I'm sure if any IT Security responsible in any affected country/company/authority affected by Solar Winds hack, would not have trusted blindly any software (update) and digcert, the situation today would have been completely different.
Zeno Sloim
IT-Security Specialist, MSC in Computer Sciences
ex. SAAB Global Network IT-Security Administrator
