I work in IT, and have worked for a major financial institution that used Solarwinds to monitor their network. I'm seeing a lot of confusion surrounding it, and wanted to put out a quick explainer to anyone not up on tech.

What happened?

Solarwinds is a software that monitors network traffic. That means that any communication your computer does is recorded and analyzed. For a home computer connected to the internet this isn't a huge deal (maybe they steal a credit card number or a password), but the problem happens when you're talking about computers on a company network. Companies have one or many firewalls for traffic in and out of the company (like our rapidly expanding beauty on the southern border), but inside, they tend to have mich less security. If you have control of a system reading all of the internal network traffic (Solarwinds), it can see Every 👏 Single 👏 Device 👏 on the network, and all communication between them. Servers hidden in obscurity in a back corner are suddenly exposed, and now all of the security that didn't happen because "nobody will ever be able to reach that server" is about to kick a lot of places in the teeth. (Trust me that that isn't uncommon)

Have they fixed it yet?

Not how this works. They found a flaw in code they released in March/June. Even if they could figure out exactly whats happening, and can reproduce the issue themselves, they need to dig through an insanely complex system to figure out how to make it stop. Best case scenario this takes hours. It could be days or weeks depending on the complexity of the code (with this breach I'd say very complex), and how good their development/infrastructure teams are (you can be the judge of that seeing as they accidentally gave out god mode to the attackers of a enterprise system)

So they fix it and business as usual right?

Wrong. Even if the fix were in right now, everyone who had solarwinds active in the last 9 or so months has to check all of their systems for unauthorized changes. Once a hacker gets in a system, they start seeing how much access they have and how much more access they can gain. They leave little bits of code that can let them back in should the vulnerability be discovered and fixed. Also, they may be able to alter systems to do things like delete everything on a certain date, or send information back to the hackers, or in the case of a financial institution, move money around maybe. None of this is easily locatable, and in some cases might never be found.

What does this mean going forward?

This is the single largest data breach in United States history. Yeah it isn't flashy like nuclear launch codes, but man is it going to hit some places hard. It's difficult to say all of the ramifications this will have, but it suggests an age of cyberwar is now shuffling into the open. The number of DDOS attacks seems to be spiking (https://horizon.netscout.com/). Basically a huge numbers of connections are all sent to the same server at once to try to flood it with so many that nobody can access the server. There will be sweeping changes from this I predict.

Hopefully this helps someone. Stay safe and MAGA on.

I work in IT, and have worked for a major financial institution that used solawrwinds to monitor their network. I'm seeing a lot of confusion surrounding it, and wanted to put out a quick explainer to anyone not up on tech.

What happened?

Solarwinds is a software that monitors network traffic. That means that any communication your computer does is recorded and analyzed. For a home computer connected to the internet this isn't a huge deal (maybe they steal a credit card number or a password), but the problem happens when you're talking about computers on a company network. Companies have one or many firewalls for traffic in and out of the company (like our rapidly expanding beauty on the southern border), but inside, they tend to have mich less security. If you have control of a system reading all of the internal network traffic (solarwinds), it can see Every 👏 Single 👏 Device 👏 on the network, and all communication between them. Servers hidden in obscurity in a back corner are suddenly exposed, and now all of the security that didn't happen because "nobody will ever be able to reach that server" is about to kick a lot of places in the teeth. (Trust me that that isn't uncommon)

Have they fixed it yet?

Not how this works. They found a flaw in code they released in March/June. Even if they could figure out exactly whats happening, and can reproduce the issue themselves, they need to dig through an insanely complex system to figure out how to make it stop. Best case scenario this takes hours. It could be days or weeks depending on the complexity of the code (with this breach I'd say very complex), and how good their development/infrastructure teams are (you can be the judge of that seeing as they accidentally gave out god mode to the attackers of a enterprise system)

So they fix it and business as usual right?

Wrong. Even if the fix were in right now, everyone who had solarwinds active in the last 9 or so months has to check all of their systems for unauthorized changes. Once a hacker gets in a system, they start seeing how much access they have and how much more access they can gain. They leave little bits of code that can let them back in should the vulnerability be discovered and fixed. Also, they may be able to alter systems to do things like delete everything on a certain date, or send information back to the hackers, or in the case of a financial institution, move money around maybe. None of this is easily locatable, and in some cases might never be found.

What does this mean going forward?

This is the single largest data breach in United States history. Yeah it isn't flashy like nuclear launch codes, but man is it going to hit some places hard. It's difficult to say all of the ramifications this will have, but it suggests an age of cyberwar is now shuffling into the open. The number of DDOS attacks seems to be spiking (https://horizon.netscout.com/). Basically a huge numbers of connections are all sent to the same server at once to try to flood it with so many that nobody can access the server. There will be sweeping changes from this I predict.

Hopefully this helps someone. Stay safe and MAGA on.