ThreatNG Security

View Original

I AM NOT A BOT Episode 2: “No. Doubt.”

Don’t speak, I say to myself. Better than talking and removing all doubt, as Twain would say.

I didn’t think it would be like this, I follow up in my mind.

Jen.W.A. continues on about the infamous Solarwinds cybersecurity debacle. How some nation-state hackers slipped a malicious code into Solarwinds’s popular network management system called Orion. And then used it as a vehicle for a massive cyberattack. One immediate result was the chaotic disruption of our country’s supply chains.

My mind drifts to toilet paper.

Jen.W.A. goes on to state that Solarwinds is a major software company, which provides system management tools for network and infrastructure monitoring, and other technical services, to thousands of organizations around the world.

Over 100 companies in the US were infected, including Microsoft, Intel, and Cisco; the list of federal agencies affected included the Treasury, Justice, and Energy departments.

Jen.W.A. is a former Human Resource Director. She knows how just one person can affect hundreds of lives. Now imagine how an encrypted blob of code – 3,500 lines long – can affect millions.

Our teacher asks if anyone else has something to add.

Don’t speak, I say to myself once more.

“About Solarwinds?” SkewU2 asks.

“Sure. Or any other Cyber News.”

Stay in your lane, I advise me in silence.

I remind myself that my lane is actually behind the lane, behind the bar. I’m a bartender. I drink and I know things, as any throne gamer could attest. A wide range of things, I proudly say to no one in particular.

For instance, I know that Josh Allen, Justin Herbert, Lamar Jackson, and Patrick Mahomes are four future Hall of Fame QBs the NY Jets somehow passed on drafting the last four years.

I also know regulars at my bar who’ve had Oxycotin and OJ for breakfast, Fentanyl patches for lunch, and plan to have Actiq lollipops for after dinner treats.

And I know that every Sandy Hook and every Uvalde and every Nashville begins with the missing amendment language, "a well-regulated Militia being necessary to the security of a free state” and ends with the District of Columbia v. Heller, 2008, majority opinion, written by Chief Justice Anthony Scalia, “the Second Amendment protects an individual's Right to keep and bear arms, unconnected with service in a militia, for traditionally lawful purposes, such as self-defense.”

Alpha. Omega.

These are the wealth of topics that used to pony up to my bar every weekend. Relentlessly. Inevitably. Like a DDOS attack.

But this stuff?

The epochal failures of a Security Information and Event Management system that SkewUS is now asking about? Nope. Nothing. Never came up.

I hear my teacher and SkewU2 start pronouncing the acronym SIEM as “SIM”. But I only hear “Goober”. That the “Goober” didn’t detect the code because it was slipped in just as SolarWinds was updating its system. Just as the updates went from source code to executable code to the software that goes out to customers.

I think of peanut butter cup candy wrappers. About how my mom told me I had to check that they were sealed tight, especially on Halloween, before I could eat them.

SkewU2 is an IT help desk guy. I thought this class was going to be full of these doods. Good soldiers. Guys who do what they are told. Who know how to put the right “Goober” in the right slot to make sure I can log onto my Discord channel, or play League of Legends, without a hitch.

I thought I’d be able to walk into this three-month intensive like a top lane champion, speeding through this course with ease, stealing lives along the way.

SkewU2, however, is not the guy I expected him to be.. He ain’t no grunt. He is insightful. A natural leader. He is an Aatrox. What is he doing here, I ask my laptop screen.

Edamame, the sous chef. NotSoShi, the ER nurse. MarioFLA, the construction worker. They are all brilliant, passionate, thirsty for mores.

What am I doing here, I ask the reflection on my Dell.

I blame my father, I start to say myself, but --

“-- what was that?” my teachers asks me.

I shake my head with embarrassment realizing I said that last line out loud.

No, nothing, my head motions in my Zoom box as I doubleclick my mute button.

Don’t speak, I scold myself.

“Listen, everyone. I know some of this, a lot of this terminology is completely foreign right now. I can see that some of you are starting to doubt you’re in the right place.”

I think of “Goobers”. I think of Miles Morales.

“But the Solarwinds event, to explain it simply, was one where these nation-state hackers, called Nobelium, studied the routine of their mark intently. They found a vulnerability where Solarwinds did not do enough due diligence just before issuing a software update. They then exploited this vulnerability by slipping in their malicious code as no one was looking.

“That’s it. That’s how 90% of the incidents you will be involved with will go. Now I don’t know if you all will be here in two more months at the end of this course. Only you can answer that for yourself.”

My mind pictures the two letter abbreviation for Nobelium on the Periodic Table.

“But I will say that if you can hang with me for 10 more weeks, then you will be prepared to counter these attacks, to prevent these attacks – as prepared as anyone who went to a four-year college or university to study this topic.”

I smile as I read that the password 18,000 different companies typed to allow for this system upgrade was “Solarwinds123”.

I smile wider as I begin to realize that this is a game of thrones like any other. I smile widest because if there is one thing I know, it’s that I drink and that I know things. Doubt yourself all you want, but that ought to be enough.

“Now, does anyone else have any questions?”

No, I forcibly type into the chat line.