This article is only the tip of the ICEBERG....
The attackers, whom CISA said began their operation no later than March, managed to remain undetected until last week when security firm FireEye reported that hackers backed by a nation-state had penetrated deep into its network. Early this week, FireEye said that the hackers were infecting targets using Orion, a widely used network management tool from SolarWinds. After taking control of the Orion update mechanism, the attackers were using it to install a backdoor that FireEye researchers are calling Sunburst.”>
When you read this article (link posted below) you will understand just why I’m saying this and the writing is on the wall.
FIRST: Trump has already won! Almost 100% sure on this.
As you will read in the article, ORION/SolarWinds has been compromised. It’s been known for a couple days now. It’s far more serious than initially expected.
Why does this matter: Well pedes, SolarWinds powered the dominion/tabulation machines. It has now been proven that we have been under attack for months.
This means that the entire election will have to be thrown out*
That means that neither candidate will have 270 electoral votes, which means that the HOUSE will vote. 1 vote per state. Do the math it’s over.
I’m actually sad right now while writing this, not because we’re not going to get the outcome we’ve so desired, but more so because this will change the world.
We will undoubtedly go to war over this. Many people will die. This won’t be like Iraq or Afghanistan. This will be a near peer actor. Most likely China although I’ve seen Russia mentioned as well.
I am OVERJOYED that Trump will stay in office. Unfortunately there will likely not be much time for celebration.
These actors are inside of our network. They can shut off our power grid, our water supply, our food supply.
This is some scary ass shit!
Please READ THE ARTICLE so that you can see I’m not overplaying this at all.
Start making preparations. I fear the next time we see POTUS it will be a prime time event and what we hear will not be good for our way of life.
I pray to God that I am wrong!
I woke up and this election was the most important thing in my life, now it’s the least. This will be bad.
One thing for sure, they cannot deny that we were hacked, that SolarWinds was hacked, and Dominion tabulators were hacked. That by itself invalidates the entire election.
It now appears that we are on the doorstep of a major War....
Only if you can get a court to agree though. Supreme Court is asleep at the wheel right now (we know why).
Step 1: Build up China Step 2: Get them into a hot war with the US Step 3: EU builds on the ashes.
~ George Soros
It was never about making China the next Global Super Power. It was about the future supremacy of their baby, the EU.
I believe both China and the US know this.
If there is to be war, let it be in my time.
You're completely right in my opinion. If we've learned anything since November 4th, no, really since Covid started, is that facts DO NOT MATTER to these people anymore.
Doesn't matter that Covid's no deadlier than the flu with a 99.98% recovery rate. We must destroy the economy! Mandate masks (which have also been scientifically proven not to filter viruses)! The Great Reset at all costs!
Election fraud? Prove it! Ok, here's a mountain of evidence. Eh, wouldn't have changed the outcome! What are you talking about, the fraud is way bigger than Biden's margin. Oh well, dismiss all cases on procedural grounds, too late to do anything about it now. What Constitution? That's not how it works any more.
No proof, no evidence, no reason or logic seems capable of having any impact on the system as it stands now. It is corrupt and rotten to it's very core. Something a lot more drastic is going to need to happen to right this ship. And I'm praying that it does.
This is so accurate that it pisses me off reading it.
I am surrounded by dumbasses that see the pain coming but continue to say, at least we got Trump out because he was super corrupt.
Depends on what someone thinks are important facts. To a liberal it is a fact that Trump is a terrible person. To a far leftist it is a fact that Trump is worse than Hitler and any means necessary are ok to remove him from office. To a normie, it is a fact that covid exists and some people in government said it is bad, so we need to act like pussies to save a mythical person like Grandma, who would actually rather just see them anyway. To a white collar normie, it's a fact that a lot of them like working from home, so they can stay in their sweatpants all day, go to Target from time to time, and generally not have to work as hard, and it's too bad for the poor, lonely, and business owners, because "covid".
Facts are what they want them to be.
The only option of not throwing it out would be to hand count every single paper ballot.
If that is done will they be simultaneously signature matched?
The paper ballots might be the reason it’s not tossed all together.
This would be the only reason that I could see. If anyone else sees any other option that I’m overlooking, please bring it up
Problem there is the Dem governors have blocked any serious audits or recounts.
If we go IA or martial law, couldn't military confiscate all ballots and perform hand recounts?
Solar winds is in their open source code. Not the proprietary portion. There is no doubt.
I saw a photo on this very website of that.
Yes it is. It's still in the HTTP headers on dvsfileshare.dominionvoting.com (Serv-U is a SolarWinds product).
Thanks for that, I couldn’t remember where I just remember having seen it
We don't know this.
We also don't know to what extend their Serv-U product was compromised, which we know for a fact they used and had an insecure http page to access it as recently as a few days ago (until they scrubbed their site of any mention of SolarWinds although their server headers still say Serv-U on the HTTP responses. It's also not clear what other systems could be compromised by the overall attack.
No if you have access to monitor network packets you can perform man in the middle attacks. It's a devastating hack. It means a lot of classified information was leaked. It means systems are still compromised.
Not even close to true
Dude, I'm a Computer Engineer. Yes, you can perform man in the middle attacks from a network vantage point. Absolutely 1000% true.
How does orion facilitate that? Give me details from a layer 3 level
Included links see below.
https://thehackernews.com/2020/12/new-evidence-suggests-solarwinds.html?m=1
https://thehackernews.com/2020/12/solarwinds-issues-second-hotfix-for_15.html?m=1
"Network monitoring services provider SolarWinds officially released a second hotfix to address a critical vulnerability in its Orion platform that was exploited to insert malware and breach public and private entities in a wide-ranging espionage campaign."
This is claiming malicious code being injected into patches which are pushed out to systems. Are you claiming that dominion used this SW option to push out updates to their voting machines?
Theoretically though, there's no reason to believe there isn't a malicious Trojan on DVS machines. I just don't know if that's how they pulled it off or some other way. Even a compromised USB drive would be enough to do it.
They wouldn't have to. First of all as I said elsewhere Dominion's https://dvsfileshare.dominionvoting.com/ was unsecured and unencrypted as of last week (they fixed it after getting called out for it by CodeMonkeyZ). That means just being on the same LAN and sniffing packets would yield the password for these files (whatever is there). That's completely independent of the SolarWinds hack, which we don't yet know the full extent of. Microsoft said today 44 of their customers were targed with malicious Trojans from the hack. How many systems do Dominion machines interact with? What are the State governments running? How about the Edison program that collects the data? There are so many vectors. But yes, if any of those machines connect to systems on Orion networks, there could be MITM attacks that either copied and routed data to external servers unbeknownst to government agencies. That alone could allow them to do modeling to predict how many votes they need to make up for whatever difference Biden needed (including throughout early voting period and all throughout election day).
At any rate, I look forward to the full analysis. But what we know is there's at least a dozen vulnerabilities
What do you mean " orion networks". There is no such thing. It is a windows based service that sits on one or more orion servers. There is no indication of the role it plays with the actual voting machines. Since the machines are off-site are you saying they all connected back to the dominion networks via VPN?
I mean if these machines connect to say, a state of Georgia computer system. Do you know what's running on those systems? Do you know if a Georgia system was running Orion and got the malicious code injected, for example? Could it theoretically communicate with Georgia based Dominion systems and install a Trojan that way? Of course it could. Even if the Dominion machines themselves did not directly download the malicious code from the identified exploit, it could hop indirectly through other channels. A USB drive being one of them. Anyways I'm speculating and identifying that it's a distinct possibility. That is how the Stuxnet worm infected systems: indirectly. At any rate, I think it's insane that we rely on computers for one time only votes. We should be using paper and ballot images should be public domain (with personal deets redacted).
The only Fly in the ointment is the ASSUMPTION the the 30 something Republican State Legislatures will VOTE for Trump. Can we count on them? Roberts failed us Kavanaugh failed us Barrett Failed us. Alito and Thomas stood with us and thats it. So why should we expect all 30 Republican/Rino State Houses to do that Right thing???? Im just asking.
Because it would be political suicide for the republican houses not to vote for the republican candidate. This gives them a free pass, they don't have to "play it safe" by going with their state's election results, because this proves that we don't really know what the true results were. The election results are null and void, so now "play it safe" means vote party lines.
I believe every pede possible needs to get to where congress votes the day before and the day of so they need to see as they walk into the building to make their decisions
Hmm. Well the power grid thing is just wrong. There is no single entity that is a power grid. There is no national grid. There are over 3,000 power companies in the US. Now some of those are small players, but there's a few hundred large power generators. Each operates its own grid. They interconnect agreements and power sharing/buying/selling agreements between each other. Management of these grids is distributed not centralized.
If someone knows the statement to be incorrect please advise.
You are incorrect.
Every single power company connects to the internet. That means that they are compromised. Did you read the article at all?
If they have been “persistent since March” that means that they have been able to pivot and are in the root directory.
I don’t even think there’s a way to remedy this beyond wiping every single router/switch and reimaging every single computer.
If you’re not IT (I know you are but many here aren’t) then I understand. Anyone who is in the IT field definitely understands the gravity of this situation.
This isn’t hyperbole fellas. This is as REAL as it gets
UNPLUG.
Any network starts as a local area network. If that local network is not physically connected to a Wide Area Network it is not vulnerable from outside attack. If there is connectivity to the outside world, or a public network such as the one we know as the Internet, it is as vulnerable as the routing/gateway/firewall devices that connect it. So yes, anything connected to a public network is subject to being defeated. What can't be defeated is the UNPLUG.
I still remember the gravity of the "Year 2000 Switch".
Yes but now imagine our entire infrastructure having to unplug.
While most likely at war....
I'm not seeing where in your article link it says every power company is connected to Internet.
That said, you have plant operation networks and the business side networks. As far as plant operation, I can't imagine a scenario where those networks go beyond the premises. i.e. Physical presence would be necessary to operate. There would be an air gap between any power infrastructure regulating/operating devices and any public wide area network. Now there could be a private OC-3 level connection between generation facilities. But that would also be private network that could only be infiltrated at the carrier level which would require nefarious hardware installation for ip communication, correct?
Going back to this attack specifically, if it is as truly widespread as is claimed, there are very likely players on the inside.
The article doesn’t mention the power grid. If I’m a nation state and they were this good to go undetected for that long..... I’m gaining control and pivoting everywhere I can.
They’re everywhere. I guarantee it!
Some tough decisions are being made first for National Security, and then for us and the public.
I will say that it is ominous that Lin Wood told us to prepare either Sunday or Monday, and that things would come fast. Get people’s phone numbers.
If they do UNPLUG that means we’re cut off.
Not sold on Lin Wood. But as far as cutting the Internet, its very redundant.
There are a few major NAPS or network access points geographically disbursed in the US. A NAP allows backbone providers to peer. Take down a NAP and traffic can be rerouted. There is also a lot of wireless redundancy. Beyond that is HAM radio which is alive and well. I'm not saying the whole system cannot be taken down. But TCP/IP is by design a self healing protocol. To take everything down would be quite a feat. It would require taking down many different providers/carriers individually. One glaring weakness however is the amount of fiber that is run on poles and not underground.
My HAM equipment arrives tomorrow. Been studying my ass off for the operator license, but at least I can lurk if SHTF before then. Speaking of pivoting, does anyone really think Orion wasn't running on prem at SolarWinds? If they were comped, its all comped.
Interesting info from Canada regarding power grid. We know folks working at one of the major dam's in BC,Canada. Several times the doors has been locked preventing anyone getting in to main bldg where control room is located and also none could get out. The folks we know had to contact Atlanta. Georgia to get new pass codes to enter.
The not for profit outfit is https://nerc.ukri.org/ who has contracts right across Canada with all the power generating provinces. 100% of production goes to US then what ever is needed for local Canadian customers is returned. I did a quick dig but before I could make a post on this my pc was 'zapped' and is now dead. Using friends right now.
This would mean that power could be cut from this one point and affect huge parts of US and Canada.
If you read the actual CISA alert, you would understand that it's not a guaranteed compromise just because they ran Solarwinds. Just because they got persistence doesn't mean they got it EVERYWHERE. I'm not trying to undermine the significance of this, but you've got to keep it in perspective.
Tracking that. Since you have also read the report, what do you think about Windows being compromised and even secret keys being generated to bypass dual authentication on OWA and much much more?
What product on solarwinds orion "powered" the machine? That statement makes no sense to me. I use solarwinds at work and ive only used it for performance ans config management.
Then you should know if it has a connection with an infected host, what the repercussions of that are.
I wish I could be more high energy about this, but the writing is on the wall.
This is HUGE
So an election network was managed by solarwinds?
If this is true then it can be easily proven 100% through the VM names and the registration keys.
Is there an article that talks avout solarwinds being used by dominion? Besides that website image?
It’s in the coding of their website. This was posted earlier this week. I don’t know where it is now.
You can go to https://dvsfileshare.dominionvoting.com and inspect the HTTP headers.
Yup! There it is! In the "functions.js" . . . {window.open("https://customerportal.solarwinds.com/?CM . . .
Also found Serv-u (same directory) . . . setRequestHeader("User-Agent","Serv-U");if( . . .
Dominion uses SolarWinds Serv-U to power https://dvsfileshare.dominionvoting.com. We believe important election files might be stored there. As of last week it was unsecured on standard unencrypted http (which means if those packets traveled on any network with Orion, passwords were compromised).
So theyre transferring files thru servu. This isnt on Orion Platform though is it? I think orion uses a different sftp and tftp server. I mean theyre clearly using solarwinds. But if they actually used the orion platform then itd be huge
It wouldn't necessarily have to be. First of all their file sharing site was unsecured as of last week (they since fixed it as soon as people noticed it and scrubbed their site of any SolarWinds logos). That means even an unsophisticated hacker could steal credentials. Hell just being on the same LAN would grant you credentials with a packet sniffer. But the Orion hack affected a lot of systems so it could have affected any government systems Dominion plugs into. So the hack could be indirect. I mean, these fucking Dominion machines are like Swiss cheese. It's like they were intentionally designed to have multiple vectors of vulnerability.
Don't they use Windows as op sys on the devices in the field?
This is what i have been talking about with my close friends lately. I think you are right on the money. And even if we are both wrong, it never hurts to be prepared.
This likely means that they also know exactly what we have in our arsenal... Doesn't it
MODS >> sticky!
We need some dragon energy on HOT page! 🥳
No shit this tweet comes out 20 min after I post this?
https://twitter.com/codemonkeyz/status/1339798295594471429?s=21
That is a bit spooky. Enjoyed your thread.
We may not agree on all of it, but you raise some great points and valid concerns.
Time for paper records again... thank God we can read lol
Just not in cursive!
it's us, we are the hackers, the power grid stuff and nuclear stuff is just cover, the target was Dominion and their backers
Orion powers nothing. You don't know what you are talking about like the majority of the freaks that have been posting worthless garbage.
Orion is nothing but a monitoring system. I have used it for decades. It powers nothing. A voting machine would maybe be monitored, but only via snmp and read only.
You can tell who works in the industry and who reads hacking buzzwords online
Well that briefed well... but what box does that Orion SolarWinds sit on smart ass?
$100,000,000 says it’s not on a standalone.
If you installed the update on your box and they pivot then they have root access to your OS and box. Are you starting to see the bigger picture yet? Good
You can always tell who monitors green and red nodes on a map and who actually configures and secures the network and assets that allow you to monitor said network.
Here’s an idea, instead of us having a pissing contest, let’s work together towards a logical solution.
Link from quote pay attention to the URL:
https://us-cert.cisa.gov/ncas/alerts/aa20-352a
So the hacker has root access to the orion system. Now what does that gain them to a device with snmp read only community string?
It is not a pissing match...I am trying to temper you Bigfoot pedes who fucking post on here every second that this time you have finally found the smoking gun when it is never true.
I expect actual results not this drama. I know your intentions are good, but when you are wrong you will just pretend you never said it and post more garbage for that dopamine fix. This kind of shit discredits the movement.
@maleitch
You’re stuck on the entry point and you’re missing it completely.
Windows was compromised, OWA was compromised. All in the link
Bit off the subject but, Windows is garbage w/ great marketing.
In the early ISP days everything of vital importance seemed to run on FREE BSD!
No I am not. I am stuck on the end point. What exact sw product interfaces with the dominion machines and how? Until that is answered none of what you say can be considered accurate.
I doubt Russia was involved. I think they’re just throwing that in there for red meat to the Left. I think this was 100% China and they know that if US and Russia are on the same page, China is fucked. Especially, if you add India to the coalition.
Speaking of Ars Technica, does anyone have any good MAGA friendly alternatives?
I used to visit Ars all the time but it's turned into a cesspool of Karens. Would love to replace it.
We’ve been at war with the CCP for decades. It’s called Thucydides Trap. IMHO Trump was specifically recruited to end this war. It’s possible that it might go kinetic. But it might not too. Trump has many tools he can use to bring down the CCP. My guess is that the icing on the cake will be. 1: take down the great firewall. 2: release the evidence that covid-19 is a bioweapon. 3: watch the people of China rip the CCP to pieces.