Be scared; its Fozzy Bear with a Candle in the Laundry
We think the Russian's have caught up to their criminals and have automated password spraying
[Image; thanks NSA/GCHQ, you twats].
I normally write articles and work on them before pasting into this editor and refining them. But this announcement is just batshit stupid, so I can’t even be bothered.
The NSA issued a media advisory. Go read, and look at the three links within it. The first two link go to the same target PDF (dont bother), which just restates what the press release says and names a few names and provides a description of the standard operating procedure of the first phases of every single penetration tester (IT defense testing) firm world-wide. The last link is to their “we say other things too” page.
If you want a giggle (gaggle?), listen (see sources) to Lavelle and Szamuely laughing their arses off at this rubbish.
A small sequence of points:
NSA claims that Russia’s equivalent is using brute force attacks (automated! like that’s never happened before) to “penetrate” stuff. My head is not sore enough; gimme a wall. In IT speak this is accusing the “Russians” of using a wooden spoon to attack a tank. The “state of the art” is using zero-day vulnerabilities to compromise systems to, in the end, have an invisible presence inside the network equipment of the target. You, as fast as possible, clean up all evidence of your entry and carefully guard the invisibility of your presence in the network.
Since the Snowden revelations, we have learned about the NSA/GCHQ operations against all and sundry; all adversaries, all alliances, political leadership everywhere, and most importantly international financial agreements. Its ALL of them, the US, UK, France, Germany, Russia, China, Uzbekistan, Moldova, Cyprus, Togo, Bolivia, etc.. Some are more capable than others, but its all of them all the time.
The best remark by Peter and George is laughing at how Sleepy Joe gets word in his basement and screams “I thought we were re-aligning to the Chinese”. But, no. The USA establishment has its own plans. Maybe there are budgetary considerations upcoming?
The whole thing is, once again, evidence free and full of known stuff. The “mitigation strategy” is translated into non-IT speak as “dont be an idiot”. This makes sense, because a lot of USA, and possibly Russian or Chinese companies dont pay well enough for the required expertise to defend their systems. Recall, spy agencies do not issue ransom demands, as that exposes the foot holds they wish to be completely unknown to anyone else.
For your fun there is also a NYT article about this garden party. I haven’t read it, ‘coz I don’t slum it with these idiots.
Sources
Ridicule time with Peter and George (not an accurate title), The Gaggle.