What are the implications of the recent SolarWinds hack, should I change my preps?

LNMOt - December 18, 2020

Hello!  Looking to get everybody’s thoughts on the potential implications of the recently discovered hacks?  Unsure how serious these are and if I should consider adding to / adjusting my current preparedness strategy.

14  

Let me give a quick summary of my understanding of the hack for others unfamiliar with it. Here is my source, which goes over it well. 
A private company noticed that they had been receiving malicious updates to essential software for the past few months. During that time, the hackers (they think it may be Russia) installed various backdoors so that they could remain in the systems and continually monitor things. No damage has been done as of yet, but further investigation needs to be done to see what information was seen and they still need to patch all the vulnerabilities. The private company provides cyber security support to various organizations like many fortune 500 companies, US telecom companies, US military and many branches of the federal and state government. 

My first reaction is “If I was president, I would see this as an act of war! We wouldn’t just let Russian spies walk into the White House and look around at whatever they want, so why let them do it through our wires?” 
But I suspect that cyber attacks like this are a delicate area for politicians and our government. We hack and spy on other governments as well. We just don’t hear about it because we are hacking governments like China and North Korea that suppress that kind of information from the public to seem stronger than they are. 

Information and data is the new gold and oil. See how companies like Google, Facebook, and Microsoft have been able to explode over the past few years in value as they have harvested much of our data. That is just on a private sector to seek data to advertisers. Now think about how valuable information about how our telecom and internet systems are set up. Or military procedures and codes. Knowing how things work and are laid out is so vital to exploit vulnerabilities and knowing where your enemy is weakest. 

How this relates to preppers
Not related to this specific attack, but hopefully this attack can help you see how vulnerable systems can be. I believe that having good backups of your information that is stored on the cloud is important. If you backup everything to Google, and they are attacked, you may lose everything. Have offline local backups that you control. 
The more devastating would be an attack against our communications, or utility grid. With everything being ran and controlled by computers, you need to be prepared for a cyber attack that can shut those down for days, weeks, or months before they could become fully operational again. Having food, water, and power storage and ability is vital to your family’s survival if you wouldn’t be able to access those in the traditional way.

This year we have seen how a high demand for things has created shortages and delays in receiving vital goods that we need every day. This is with the power and communications not being affected at all. Now think about an even greater demand on these goods and services, but with no power or communications to continue making those or distributing them. Things can go from normal to chaos in the matter of days. 

From a cyber security standpoint, I think an attack on our infrastructure is incredibly likely, although I do not know the politics behind it to say if it would happen. A widespread attack that knocks our our power would be clearly seen as an act of war and fully retaliation would swiftly come. But let’s say Country X wanted to declare war on another.  What better way then to have figured out how to attack their infrastructure in the previous years, actually do it, which would shut down all communication and manufacturing making them confused, disoriented, and ununified, then follow through with nukes, or a air/ground assault. 

I’m not an expert in this field, and I have not looked into everything fully. So if I am off on something, please correct me. This is just my initial thoughts and opinions. 

 

Is this in regards to the recent SolarWinds hack by suspected Russia which can affect the American government and major corporations?

If so, could we change the title of this post to something like: What are the implications of the recent SolarWinds hack, should I change my preps?

I just want the most amount of people to know what the thread is about and be drawn to it

 

Thank you!  I updated the title of the post.

 

There is no doubt it’s alarming that it went six months undetected.  I just read an article this morning that they don’t believe it was malware at least, and was just used for spying, not destruction.  It’s likely too early to know what all has been affected though.  One thing I am certain of though, both sides are doing things like this.  Remember when the US was caught eavesdropping on world leaders personal phones?  I don’t believe there is any guaranteed security on electronics.  If someone can design a system to be secure there’s someone that can figure a way into it. It will always be a game of cat and mouse.  A friend of mine that works in IT once said to me, “there is no such thing as privacy anymore, just get over it”.  I’m thinking more highly of his comment all the time.

 

I agree with your interpretation of the hack. They were just gathering intel, and both sides are doing it. 

I do not agree with your friend’s comment that we should get over the lack of privacy that we have though. Yes our privacy is being attacked, taken away, and even the more common is that we are willing giving it up for conveniences. But there are things you can do to minimize surveillance and data collection if that is a priority to you. It is extremely unlikely that we can remain 100% private and anonymous, but we can sure put up a fight and get pretty close if we try hard. 

 

I keep Siri turned off.  I also believe she is still listening.  My son uses android, and google is even more observant than Siri.  There have been too many times I’ve gotten ads about something I’ve talked about to call it a coincidence. These companies are spying on us to sell products and make money.  As far as the government goes I don’t have anything to hide and basically believe in the rule of law, so am not really paranoid about eavesdropping.  I doubt the average person could stop the govt from listening to everything they do anyways. That being said I would never have an Alexa or other listening device in my home intentionally.  I am more technologically challenged than most when it comes to computers so don’t worry about the more in depth ways I could limit intrusions into my privacy.  

 

Let me give a quick summary of my understanding of the hack for others unfamiliar with it. Here is my source, which goes over it well. 
A private company noticed that they had been receiving malicious updates to essential software for the past few months. During that time, the hackers (they think it may be Russia) installed various backdoors so that they could remain in the systems and continually monitor things. No damage has been done as of yet, but further investigation needs to be done to see what information was seen and they still need to patch all the vulnerabilities. The private company provides cyber security support to various organizations like many fortune 500 companies, US telecom companies, US military and many branches of the federal and state government. 

My first reaction is “If I was president, I would see this as an act of war! We wouldn’t just let Russian spies walk into the White House and look around at whatever they want, so why let them do it through our wires?” 
But I suspect that cyber attacks like this are a delicate area for politicians and our government. We hack and spy on other governments as well. We just don’t hear about it because we are hacking governments like China and North Korea that suppress that kind of information from the public to seem stronger than they are. 

Information and data is the new gold and oil. See how companies like Google, Facebook, and Microsoft have been able to explode over the past few years in value as they have harvested much of our data. That is just on a private sector to seek data to advertisers. Now think about how valuable information about how our telecom and internet systems are set up. Or military procedures and codes. Knowing how things work and are laid out is so vital to exploit vulnerabilities and knowing where your enemy is weakest. 

How this relates to preppers
Not related to this specific attack, but hopefully this attack can help you see how vulnerable systems can be. I believe that having good backups of your information that is stored on the cloud is important. If you backup everything to Google, and they are attacked, you may lose everything. Have offline local backups that you control. 
The more devastating would be an attack against our communications, or utility grid. With everything being ran and controlled by computers, you need to be prepared for a cyber attack that can shut those down for days, weeks, or months before they could become fully operational again. Having food, water, and power storage and ability is vital to your family’s survival if you wouldn’t be able to access those in the traditional way.

This year we have seen how a high demand for things has created shortages and delays in receiving vital goods that we need every day. This is with the power and communications not being affected at all. Now think about an even greater demand on these goods and services, but with no power or communications to continue making those or distributing them. Things can go from normal to chaos in the matter of days. 

From a cyber security standpoint, I think an attack on our infrastructure is incredibly likely, although I do not know the politics behind it to say if it would happen. A widespread attack that knocks our our power would be clearly seen as an act of war and fully retaliation would swiftly come. But let’s say Country X wanted to declare war on another.  What better way then to have figured out how to attack their infrastructure in the previous years, actually do it, which would shut down all communication and manufacturing making them confused, disoriented, and ununified, then follow through with nukes, or a air/ground assault. 

I’m not an expert in this field, and I have not looked into everything fully. So if I am off on something, please correct me. This is just my initial thoughts and opinions. 

 

I completely agree that an attack on our grid or other infrastructure would be an outright declaration of war.  I don’t believe Russia, or any other country is that suicidal.  Hopefully anyways.  I do think they were learning all sorts of information about us to exploit in the case of us ever actually being at war.  Just shutting down the grid would produce more effect than all the damage from WWII.  Our cities would have body counts within weeks beyond imagination without a single shot being fired.  Let’s just hope our leaders are smart enough to keep the spying in context and not let it go to the next level.  

 

Totally agree! A cyber attack like you described would have so many casualties. I hope our leaders are putting a lot of money and work into securing the grid, but don’t think we will ever know how much they do because that will just show the enemy where to attack. 

You don’t go showing your neighbor all your home security systems and things you have done to keep bad guys out, because then he will know just where you are vulnerable.

 

You ever wonder why we let North Korea get away with all they do?  Real reason is, they are extremely dangerous to us & our interests.  They have the ability to hack our grid and infrastructure plus they have super EMP weapons and the means to deliver them.  We will never attack them because they are completely led by an individual that could care less about reprisals.  He could care less if we nuked his country & killed half his population.  Now Russia & China of course would.  MAD, mutually assured destruction, only works if each country wants their country to survive.  So we have to fear folks like North Korea or some country controlled by religious fanatics.  Not everyone is as worried about suicide as we are.  Need a reference, look at the Japanese during WWII.

I prep for a long term crisis because I understand how vulnerable our grid & infrastructure are to hacking or EMP attack.  Heck, back in the 80’s, when I was a Minuteman Missile Combat Crew Commander, we had an option to use our nukes as a high altitude EMP weapon.  They are much more advanced today and much more of our economy & infrastructure can be harmed by EMP today. 

 

That sure is a scary thought. I hope things never come to that. 

It’s good to know about these things though, so we can prepare for the worst.

 

LNMOt, I use a business method to establish my thoughts and the related implications.

I study insurance availability and rates.

Sidewinder – and a couple of others – were in the insurance journals recently.  The articles told of pending new insurance policy clauses and, of course, rates.  

The implications are crystal-clear.

 

https://www.mynewmarkets.com/articles/183710/frequency-of-cyber-events-targeting-businesses-increasing-travelers

Above is a basic article on cyber events.

Had read somewhere about the Solar Winds hacking but couldn’t find it.  

 

https://www.cnet.com/news/microsoft-head-calls-solarwinds-hack-act-of-recklessness-what-you-need-to-know/

See if anything of value in this cnet article.

The prepper perspective functions best with certainity and surely these cyber attacks provide for uncertainity.

 

There isn’t much you can do. I’m not even sure if the government knows what to do yet. I know a few security people and they’re all frighteningly quiet about it. As Gideon said, keep good backups and realize that any information you have online can be hacked, no matter how supposedly “secure” it is.