FBI: Nation-state actors have breached the US

erek

[H]F Junkie
Joined
Dec 19, 2005
Messages
10,786
Two US municipalities breached so far !!!!!!!!!!!!

"The sense of urgency in addressing this should be easy to understand.

The bug is a so-called pre-auth RCE (pre-authentication remote code execution). Pre-auth RCEs are extremely attractive to attackers as they are easy to automate and exploit.

Second of all, SharePoint is a very popular product, with Microsoft boasting with more than 200,000 installs across the globe, making this a huge attack surface, most of which are high-value government organizations and big corporations."


upload_2020-1-18_18-42-41.png


https://www.zdnet.com/article/fbi-nation-state-actors-have-breached-two-us-municipalities/
 
Or just use a whitelisting program.. typically makes it near impossible to execute random dll's
 
Or just use a whitelisting program.. typically makes it near impossible to execute random dll's
I don't think you understand the flaw. Hackers are using the MS dlls in sharepoint that are required.

"The specific flaw exists within the EntityInstanceIdEncoder class located in both the Microsoft.SharePoint.dll and Microsoft.SharePoint.Portal.dll. These classes both utilize the XmlSerializer class to reconstruct an object from attacker supplied data in a way that is known to be vulnerable and can be exploited to achieve arbitrary code execution. Originally, it was believed that authentication was required to exploit this vulnerability, but it has subsequently been reported by some groups that it was possible to reach the vulnerable code without authentication paths via external facing websites."
 
Governments want this hacking to be happening (why? I haven't a clue) otherwise they would have made a law or three such as ...

- making any type of hacking a life time stay (without parole) in a Federal prison cell
- making hacking of Government/military an act of war and then acting on that and not just with lip service

but I'll bet a lot of things have changed in cyberland since Iran had it's centrifuges destroyed by a hacker
 
Governments want this hacking to be happening (why? I haven't a clue) otherwise they would have made a law or three such as ...
Why? Because they and we CAN.
It's illegal in separate countries and there are laws, however - China or any other government are not going to extradite their own hackers. Also, governments have no jurisdiction in other countries.
- making any type of hacking a life time stay (without parole) in a Federal prison cell
a bit harsh as murderers get off lighter typically.
- making hacking of Government/military an act of war and then acting on that and not just with lip service
As if we don't have enough wars, this would immediately trigger a world war everywhere. Even our own allies hack us, as we do them.
but I'll bet a lot of things have changed in cyberland since Iran had it's centrifuges destroyed by a hacker
Nope, nothing has changed. Everyone hacks. The intricate spyware used by the NSA and CIA against Iran - is know as suxnet.
 
Governments want this hacking to be happening (why? I haven't a clue) otherwise they would have made a law or three such as ...

- making any type of hacking a life time stay (without parole) in a Federal prison cell
- making hacking of Government/military an act of war and then acting on that and not just with lip service

but I'll bet a lot of things have changed in cyberland since Iran had it's centrifuges destroyed by a hacker

The US doesn't want to do that because the US is the biggest hacker in the world. Serious rules against hacking would tie the US government's hands and expose it to claims of hypocrisy while frustrating its own hacking operations.

How “omnipotent” hackers tied to NSA hid for 14 years—and were found at last

Putin claims Russia proposed a cyber war treaty in 2015 but the Obama administration ignored them
 
I don't think you understand the flaw. Hackers are using the MS dlls in sharepoint that are required."

Why don't you actually read the exploit and see the list of dll's with associated sha hash

It says quite clearly it's used to download other programs into the network or modify the dll. Guess what a whitelisting application could prevent? All of that.
 
Why don't you actually read the exploit and see the list of dll's with associated sha hash

It says quite clearly it's used to download other programs into the network or modify the dll. Guess what a whitelisting application could prevent? All of that.
It says quite clearly remote code execution. Via deserialization to be exact. You didn't mention blocking downloads in your initial post, did you?
 
It says quite clearly remote code execution. Via deserialization to be exact. You didn't mention blocking downloads in your initial post, did you?

Okay, but you are still not understanding application whitelisting. Even if remote code is downloaded, de-serialized, or any other method, every file on every computer and it's hash value is given explicit permission if it's allowed to read, write, or execute.

Changing a dll in any way will change it's hash so no files are able to execute that dll nor is it allowed to create files.

If somehow it's the original dll, unmodified, with the original hash and it creates a file with a hash not seen on the entire network, well that new file isn't allowed to execute or create other files.

So please explain how whitelisting would not stop this as no remote executions would be possible considering unapproved files can't be executed or create other files
 
Okay, but you are still not understanding application whitelisting. Even if remote code is downloaded, de-serialized, or any other method, every file on every computer and it's hash value is given explicit permission if it's allowed to read, write, or execute.

Changing a dll in any way will change it's hash so no files are able to execute that dll nor is it allowed to create files.

If somehow it's the original dll, unmodified, with the original hash and it creates a file with a hash not seen on the entire network, well that new file isn't allowed to execute or create other files.

So please explain how whitelisting would not stop this as no remote executions would be possible considering unapproved files can't be executed or create other files

Again YOU SAID DLL first post. The dlls are not being changed in remote code execution. That is my point about remote code execution. Its REMOTE. Now stopping downloads is helpful, which you failed to mention previously. In any case, I'd just patch the fucker. Have fun with your hashes. Now I know why you don't like patching - It will break your whitelisted shit.
 
Last edited:
The first time of HardForum is civil discussion.

(1) Absolutely NO FLAMING, NAME CALLING OR PERSONAL ATTACKS, NO TROLLING. Mutual respect and civilized conversation is the required norm, this includes personal attacks in signatures. NO POLITICAL DISCUSSION OUTSIDE OF THE SOAPBOX SUBFORUM. http://hardforum.com/account/upgrades
 
The US doesn't want to do that because the US is the biggest hacker in the world. Serious rules against hacking would tie the US government's hands and expose it to claims of hypocrisy while frustrating its own hacking operations.

How “omnipotent” hackers tied to NSA hid for 14 years—and were found at last

Putin claims Russia proposed a cyber war treaty in 2015 but the Obama administration ignored them


Really? You think the US cares about that bullshit? The US does not care about what another country thinks, and the US does not care about another country's claims about what we do or don't do. You are dreaming if you think so. Yes, the US is one of the most active hacking organizations in the world. What, who, and why might surprise you but who knows, maybe you have a good idea and maybe you don't. But if these are your sources then I don't have any faith that you are getting good info because these guys are all clueless. Really man, if you aren't actually in the game, you just can't get it from scraps of disjointed documents like what Snowden outed.
 
Really? You think the US cares about that bullshit? The US does not care about what another country thinks, and the US does not care about another country's claims about what we do or don't do. You are dreaming if you think so. Yes, the US is one of the most active hacking organizations in the world. What, who, and why might surprise you but who knows, maybe you have a good idea and maybe you don't. But if these are your sources then I don't have any faith that you are getting good info because these guys are all clueless. Really man, if you aren't actually in the game, you just can't get it from scraps of disjointed documents like what Snowden outed.

I don't see the point in your post. The US doesn't care? OK... that's a fault of it. But that doesn't counter what I said.
 
I don't see the point in your post. The US doesn't care? OK... that's a fault of it. But that doesn't counter what I said.
Let me re-phrase. If you are positing that the US makes policy decisions regarding it's activities based upon whether it will be popular with our competitors in the world, then I believe you place far more importance on it than our country's leadership does. Only the 5-Eyes countries are close enough that we would seriously consider their preferences, and they are mostly right with us on the doing so there you have it.

I would draw your attention to my use of the word "competitors". I use that word because it adequately explains the relationship between the US and most of the rest of the world. Many people seem to feel that the word ally, as in we have an alliance, treaties, etc, is synonymous with friendship. I would offer that this is far less than accurate for the most part. Spain is a member of NATO, and Spain and the US are therefor Allies and share several treaties with other nations. But when the war on Terror got real for Spain, Spain withdrew their support from the coalition forces in Iraq. Spain was not alone as Italy also withdrew their support and others did as well. British, Canadian, Australian, are all still with us at every turn. This is why these countries hold a special place with the US and the US with them.

Everyone has a few friends, then there are all the other people in the world that you have to find a way to get along with. And of course, sometimes you get one of "those" neighbors....

As for what it has to do with your statement I thought I was clear, you are wrong and the US may do exactly what you think they wont do.
 
Let me re-phrase. If you are positing that the US makes policy decisions regarding it's activities based upon whether it will be popular with our competitors in the world, then I believe you place far more importance on it than our country's leadership does.

You underestimate the currency of reputation and credibility. If the US purports to outlaw hacking while continuing to conduct hacking itself, then the US' word will degrade in the eyes of the world, including in the eyes of its allies. Other states will also adopt the same policy (and have some justification for it), and if they're called-out for their actions by the US, they'll not care and will simply point to the US' hypocrisy, creating negative PR for the US which will have a further impact on US international credibility and domestic morale (or hubris), which is something the US state works very hard with all manner of propaganda to shield and puff up.

British, Canadian, Australian, are all still with us at every turn. This is why these countries hold a special place with the US and the US with them.

https://www.independent.co.uk/news/...s-mocked-britain-jeremy-shapiro-a7994876.html

As for what it has to do with your statement I thought I was clear, you are wrong and the US may do exactly what you think they wont do.

There is nothing in any of what you've said that indicates I am wrong about anything. Further, whether the US cares or not about what other countries think is not the same thing as whether the US "may" do what you think I said they won't. By the same measure, every state may do anything, but consequences will correspond to what they choose to do.

But I did not say the US would cease to hack if it imposed laws against hacking. The US state disregards international law as well as its own laws at every turn, and so I would not expect that a law against hacking would result in the US state ceasing to hack. But it would make the US' efforts more difficult and bring additional consequences - and that is a significant reason why the US state would not wish to impose laws that would indict the US more than any other country in the world and would create critical noise against the US on the international stage and damage the perception and credibility of the US even among its own people.

Regarding a previous comment of yours:

But if these are your sources then I don't have any faith that you are getting good info because these guys are all clueless.

I have a mountain of further sources. But posting them is not relevant to this topic and would be wading into strong politics territory.
 
Last edited:
You underestimate the currency of reputation and credibility. If the US purports to outlaw hacking while continuing to conduct hacking itself, then the US' word will degrade in the eyes of the world, including in the eyes of its allies. Other states will also adopt the same policy (and have some justification for it), and if they're called-out for their actions by the US, they'll not care and will simply point to the US' hypocrisy, creating negative PR for the US which will have a further impact on US international credibility and domestic morale (or hubris), which is something the US state works very hard with all manner of propaganda to shield and puff up.



https://www.independent.co.uk/news/...s-mocked-britain-jeremy-shapiro-a7994876.html



There is nothing in any of what you've said that indicates I am wrong about anything. Further, whether the US cares or not about what other countries think is not the same thing as whether the US "may" do what you think I said they won't. By the same measure, every state may do anything, but consequences will correspond to what they choose to do.

But I did not say the US would cease to hack if it imposed laws against hacking. The US state disregards international law as well as its own laws at every turn, and so I would not expect that a law against hacking would result in the US state ceasing to hack. But it would make the US' efforts more difficult and bring additional consequences - and that is a significant reason why the US state would not wish to impose laws that would indict the US more than any other country in the world and would create critical noise against the US on the international stage and damage the perception and credibility of the US even among its own people.

Regarding a previous comment of yours:



I have a mountain of further sources. But posting them is not relevant to this topic and would be wading into strong politics territory.


outlaw "hacking" is far too general a term. Cyber Warfare certainly includes what most would call hacking. Where I am headed to with this, is that there is a difference between what was done to the Iranians with Stuxtnet, and the industrial espionage that the US accuses China of. I would hope that you agree to this, because I want you to consider the alternative to what was done to the Iranians. Stuxtnet represented a less-than-lethal option and had it not been possible, the next option was probably certainly a lethal option. So where I am going is that the US is not going to accept it's Cyber-Warfare capabilities being defined and restricted as if it were "illegal hacking".

So now that I have this laid out on the table, when someone says "the US is the biggest hacker in the world" I expect that person, can quantify his comment, and point to exactly what activities the US is doing that justifies this statement.

So if you don't mind, I am more than willing to back up, clarify, and continue.
 
Last edited:
Back
Top