Some perspective about the SolarWinds Hack

Journalist Jordan Schachtel in an article has gone off on the Russia hawks now seizing the moment to blame the Kremlin for the SolarWinds hack and whip up this current round of “the Russians are coming!”  hysteria. The hacked company, SolarWinds, sells software that lets an organization see what’s happening on its computer networks. Hackers inserted malicious code into an updated version of the software, called Orion. Around 18,000 SolarWinds customers installed the tainted updates onto their systems, the company said (source).

But before going into the issue of the SolarWinds hack, some background about hacking to get some perspective.

How many user-accounts get hacked a day?

While there is no reliable data on this for the current year, data breach statistics from 2018 show that over 2.5 billion accounts were hacked in that year. That amounts to roughly 6.85 million accounts getting hacked each day or 158 every second.

Clark School study at the University of Maryland was one of the first to be able to quantify the near constant rate of hacker attacks of computers with Internet access – every 39 seconds on average, affecting one in three Americans every year – and the non-secure usernames and passwords we use give attackers more chance of success.

64% of companies have experienced web-based attacks. 62% experienced phishing and social engineering attacks. 59% of companies experienced malicious code and botnets as well as 51% of companies experiencing denial of service attacks.

158,727 per hour, 2,645 per minute and 44 every second of every day records are stolen because of hacks.  The study examined 700 healthcare organisations including medical treatment facilities, health insurance agencies and healthcare manufacturing companies and found that 75% of them were hacked.

How do hackers actually hack?

The trial and error method of hacking passwords is called a brute force attack, meaning the hacker tries to generate every possible combination to gain access. Another way to hack passwords is to use a dictionary attack, a program that inserts common words into password fields. They use Kali Linux (is used for learning to hack), BackBox, Parrot Security operating system, DEFT Linux, Samurai Web Testing Framework Network Security Toolkit, BlackArch Linux, Cyborg Hawk Linux operating systems for available network tools without restrictions and simple programming in the various programming languages.

Where do hackers coming from?

  1. China. By quite a significant margin, China houses the largest number of hackers on Earth. During the last quarter of 2012, the world’s most populous country accounted for 41 percent of the world’s hacking traffic.
  2. US. Although hacking traffic in the United States dropped from 13 percent to 10 percent during the fourth quarter of 2012, hacking groups such as Anonymous lead the USA to second place on this list.
  3. Turkey. Coming in at third, Turkey’s hacker traffic was good for 4.7 percent of the worldwide total.
  4. Russia. Falling from 6.8 percent in 2011 to 4.7 percent in 2012, Russia’s digital attack traffic is falling, but it’s still enough to slot this massive country into fourth place.
  5. Taiwan. Don’t let its relatively small size (23 million people) fool you. This country accounted for 3.7 percent of the world’s hacking traffic during 2012’s last quarter.
  6. Brazil. South America’s largest country comes in at sixth, accounting for 3.3 percent of the world’s hacking traffic in the fourth quarter of 2012.
  7. Romania. Responsible for 2.8 percent of the world’s hacking traffic during the last quarter of 2012, Romania comes in at seventh place. In recent years, the isolated town of Ramnicu Valcea has become a hacker hotbed.

Do hackers get paid?

Yes.

Some freelance hackers can get paid $500,000 a year to test defenses of companies like Tesla. New data compiled by “bug bounty” company Bugcrowd shows that hackers can now command up to $500,000 per year testing security flaws at companies that hire them.

Furthermore, hackers charge differently based on level of difficulty, ethics, risk, and time necessary to complete. For instance Hire A Hacker Pro and Darknet Hacker have fees starting at around $200 per hour. What people don’t normally realize is that professional hackers for hire are in a network.

Do governments have hackers?

The US government has increasingly used hacking as an investigative technique. Since 2002, the FBI has used malware in virtual criminal investigations. The main research targets of early NITs were individual computers. The FBI has since developed a form of hacking which attacks millions of computers in one operation. Whether sanctioned by a court or not, the government may actively break into computers remotely. Agents may access, copy, delete, or even create data in order to suit their needs.
How did SolarWinds get hacked?
How did hackers sneak malware into a software update? Hackers managed to access a system that SolarWinds uses to put together updates to its Orion product, the company explained in a filing with the SEC. From there, they inserted malicious code into otherwise legitimate software updates.

How do hackers manage to access SolarWinds?

By guessing the password “solarwinds123“! Also the administrator of their network didn’t change his or her password for a long time. The fact that the administrator used such easy to guess password and didn’t change it, is almost criminal, but for sure ignorant and incompetent. And that’s the administrator, but the company SolarWinds using such person for their network is also ignorant and incompetent.
And how the hacker could use the update engine?
 Also that is easy. With the update engine, there is a file (XML-file for example), which tells which software (and where it is) and which company or client is going to updated and when. It’s so simple to change that file.

The hack is performed by a country?

So … is this hack performed by a country? Not likely. It’s much more likely a lone hacker got access to the network and took his or her time to see what’s there. When he or she discovered the updating system, it was a very easy way to infiltrate other systems and that’s what the hacker did.

Hacking explained

Leave a Reply, please

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Copyrights (c) 2020 Wim Vincken | Copyright Notice | Privacy Policy | Resume | Terms & Conditions | What's New | Refund Policy
InterServer Web Hosting and VPS
%d bloggers like this: