No Act Of War But "An Easy Score": Here's What We Know & Don't Know About SolarWinds Hack

Tyler Durden's Photo
by Tyler Durden
Sunday, Dec 20, 2020 - 03:15 PM

National security correspondent and investigative journalist Jordan Schachtel in an epic thread has gone off on the Russia hawks now seizing the moment to blame the Kremlin for the SolarWinds hack and whip up this current round of "the Russians are coming!" hysteria. 

The cyberattack, said to have been months-long in the making which breached multiple US federal agencies, has posed a "grave risk" to the nation including the potential compromise of classified systems which monitor the nation's nuclear arsenal, according to widespread reports. Some powerful Democratic Senators are already calling it "an act of war" by the Russians while demanding that Trump "do something" about it, which would likely take the form of more sanctions and ratcheting tensions with Moscow further.

But Trump poured cold water on that scenario yesterday after being briefed on the intelligence related to the hack. "Russia, Russia, Russia is the priority chant when anything happens" the president tweeted Saturday morning, while calling the cyber hack "far greater in the Fake News Media than in actuality". 

But what do we actually know and how do we know it? Schachtel blasts the politicians and media for now advancing a convenient narrative but which they can't possibly know at this point. As we've pointed out this appears yet more last-ditch Russiagate-style hyperventilating during the final weeks of the Trump presidency.

The below is journalist and national security pundit Jordan Schachtel's analysis of the matter which he calls "insane and dangerous" for the way the hack is being prematurely weaponized against the usual boogeyman yet without evidence...

* * *

When we talk about hacking and attribution, it's important to understand that tier 1 cyber nations (USA, China, Russia, & select Euros) can make it appear as if another country is responsible for select actions. Attribution is very difficult. Rapid confidence is a giant red flag.

The process of dissecting a sophisticated cyber attack that was potentially executed by a nation state takes significant time. Finger pointing by politicians and bureaucrats during this process is not only unwise, it gives off the scent of a political agenda in play.

You should never, ever trust "the intel" and take it to the bank. Learn the lessons from the 21st century. "The intel" is not sufficient. Show your work or shut your mouth. Even gov't officials who you consider "good guys" are sometimes advancing info they received from bad sources.

The timing surrounding the hack and all of the timely U.S.-centric political elements (NDAA debate, CISA defying POTUS), makes me hesitant to conclude this was a definitive work of a foreign regime. Time will tell, but yelling Russia Russia Russia does not convince me of anything.

Hacks can have "the marks" of a country. Now you need to figure out if those marks are authentic or a smokescreen. All of our sophisticated allies + China and probably even Iran can falsify Russian attribution. Process takes a while to uncover. Be wary of those who jump to conclusions.

See how insane and dangerous this shit is? Remember the names of the people who are saying stuff like this. It's safe to disregard them as a serious person: "This is virtually a declaration of war by Russia on the United States and we should take that seriously," Sen. Dick Durbin said days ago.

When we talk about politcs and hacking, recall that we still have no evidence Russia hacked the DNC. And we know DNC+Podesta lost info due to a very simplistic phishing attack. However, the court of public opinion has ruled otherwise. Perhaps that's the goal this time around, too.

Also, I'm not terribly convinced that SolarWinds hack was as big an op as hyped. Cracking servers required finding out their password was "solarwinds123." Not joking. Similar to Podesta "hack" (his password was the word password), this stuff doesn't need big resources to pull off.

In the cybersecurity world, having such shit infosec measures means your toast. What they did is the equivalent of living on a busy street with your door unlocked and a million dollars of visible cash in the window. Was the intrusion wrong? Sure. At the same time, it was inevitable.

Whatever actor/s is responsible for the hack did not commit some kind of act of war. They took advantage of an easy score. SolarWinds network has apparently been easily accessible for YEARS. These media narratives are bogus on multiple fronts, from attribution to perspective.