I'm going to weigh in here. I am neither low key nor a shill. But I will tell you PatelPatriot is dead wrong on 60% of devolution 10.
Source: I was actually there during some of those events. That's not how it went down. I've known Shawn Henry since ~2009, when he was heading up an FBI task force investigating transnational cybercrime. He's not TE-1. Dmitri Alperovitch might be, but more likely Eric Schmidt.
Clownstrike came into existence because the FBI wanted a "signatureless" cyber threat agent and they wanted attribution- basically, an automated agent to replace what humans at the FBI were doing, so they put out an RFI. Alperovitch was a VP at McAfee (during the malaise years under Intel) and put together a team to win the business, but Intel wasn't backing the new direction. So he formed Clownstrike on his own and ganked the coders from McAfee, turning it into a commercial product. A couple years after they got the FBI contract, Shawn retired and magicked himself into a VP job at CS, heading up their services practice (read: incident response, cleaning up the messes left when the product failed to do its job).
This is very common in cybersec startups.. they hire former Three Letter Agency types with some notoriety to give their Beta-quality products some cachet and to do the talk tracks at the major IT conferences.
On the CIS / Election-ISAC side, they put out an RFI as well- much more thorough, but CS was allowed to write the proposal in part. It was skewed so only their product was allowed, owing to a little-known (outside of Fedspace) requirement for FEDRAMP compliance. They got the contract because they wrote the spec for it.
The kicker?
CS's agent won't actually run on any of the machines it needs to protect, since it's a Windows-only system (they claim Mac, Linux, Android support but it's basically just a file-hashing engine that uses their cloud db).
Oh and it requires that the agent be connected to the Internet. Welcome to the Federal contracting world, it sucks. (I may have failed to mention that the EI-ISAC is almost entirely funded by CISA, aka DHS.. so that decision has Chris Krebs written all over it).
On to the last point in the title.
No, the Solarwinds hack was not done to get access to CS or Dominion. That's such a logic fail it made me laugh. Patel Patriot knows CS and FireEye are two different companies, but still manages to conflate the two.
I will tell you what I know about the "Solarwinds Hack". There was a vulnerability discovered in the Solarwinds Orion network management product, by 'hackers'. They were able to leverage it into a useful exploit that allowed them to move laterally through a victim's network. Since no one at Solarwinds was watching their support side, the hackers injected the working exploit (nicknamed "Sunburst") into Solarwinds' update packages, so anyone that downloaded an update for their Orion server over an almost 1-year period was pulling in an active exploit. Considering it's one of the most popular network managers on the planet, that's a spicy meatball- 2M unique companies affected.
At this point, the original hackers sold the exploit- exploit code, access to popped machines, a menu of stuff they got from victims. This original crew was almost certainly Russian Organized Crime.
A number of foreign intelligence services bought the 'package' from the OG crimesters. One of those was definitely China. The PLA modified some of the original capabilities and augmented them... effectively "gain of function" weaponization. They could now use it to traverse cloud services, and impersonate system-level access throughout a corporate infrastructure relying on MS Azure or AWS.
Same exploit, different goals. Criminals use it to ransom data in exchange for money. Nation-state actors are using it for covert surveillance and disinfo purposes. Unethical corporations are using it for Intellectual Property theft. In all of that, it's clear that white hats did not develop it for the purpose of going after Dominion or CS.
I'm going to weigh in here. I am neither low key nor a shill. But I will tell you PatelPatriot is dead wrong on 60% of devolution 10.
Source: I was actually there during some of those events. That's not how it went down. I've known Shawn Henry since ~2009, when he was heading up an FBI task force investigating transnational cybercrime. He's not TE-1. Dmitri Alperovitch might be, but more likely Eric Schmidt.
Clownstrike came into existence because the FBI wanted a "signatureless" cyber threat agent and they wanted attribution- basically, an automated agent to replace what humans at the FBI were doing, so they put out an RFI. Alperovitch was a VP at McAfee (during the malaise years under Intel) and put together a team to win the business, but Intel wasn't backing the new direction. So he formed Clownstrike on his own and ganked the coders from McAfee, turning it into a commercial product. A couple years after they got the FBI contract, Shawn retired and magicked himself into a VP job at CS, heading up their services practice (read: incident response, cleaning up the messes left when the product failed to do its job).
This is very common in cybersec startups.. they hire former Three Letter Agency types with some notoriety to give their Beta-quality products some cachet and to do the talk tracks at the major IT conferences.
On the CIS / Election-ISAC side, they put out an RFI as well- much more thorough, but CS was allowed to write the proposal in part. It was skewed so only their product was allowed, owing to a little-known (outside of Fedspace) requirement for FEDRAMP compliance. They got the contract because they wrote the spec for it.
The kicker?
CS's agent won't actually run on any of the machines it needs to protect, since it's a Windows-only system (they claim Mac, Linux, Android support but it's basically just a file-hashing engine that uses their cloud db).
Oh and it requires that the agent be connected to the Internet. Welcome to the Federal contracting world, it sucks. (I may have failed to mention that the EI-ISAC is almost entirely funded by CISA, aka DHS.. so that decision has Chris Krebs written all over it).
On to the last point in the title. No, the Solarwinds hack was not done to get access to CS or Dominion. That's such a logic fail it made me laugh. Patel Patriot knows CS and FireEye are two different companies, but still manages to conflate the two.
I will tell you what I know about the "Solarwinds Hack". There was a vulnerability discovered in the Solarwinds Orion network management product, by 'hackers'. They were able to leverage it into a useful exploit that allowed them to move laterally through a victim's network. Since no one at Solarwinds was watching their support side, the hackers injected the working exploit (nicknamed "Sunburst") into Solarwinds' update packages, so anyone that downloaded an update for their Orion server over an almost 1-year period was pulling in an active exploit. Considering it's one of the most popular network managers on the planet, that's a spicy meatball- 2M unique companies affected.
At this point, the original hackers sold the exploit- exploit code, access to popped machines, a menu of stuff they got from victims. This original crew was almost certainly Russian Organized Crime.
A number of foreign intelligence services bought the 'package' from the OG crimesters. One of those was definitely China. The PLA modified some of the original capabilities and augmented them... effectively "gain of function" weaponization. They could now use it to traverse cloud services, and impersonate system-level access throughout a corporate infrastructure relying on MS Azure or AWS.
Same exploit, different goals. Criminals use it to ransom data in exchange for money. Nation-state actors are using it for covert surveillance and disinfo purposes. Unethical corporations are using it for Intellectual Property theft. In all of that, it's clear that white hats did not develop it for the purpose of going after Dominion or CS.
Thanks for taking the time to type out what I couldn’t be arsed to.....
There are a lot of inconsistencies in the overall devolution theory here.... I would recommend guys go on to the QRB to find out for themselves....
But of course I must be a shill too for even thinking it....!
WWG1WGA