Posted On: Friday - March 19th 2021 12:38PM MST
In Topics:   Globalists  China  Artificial Stupidity  Big-Biz Stupidity
Peak Stupidity has warned our readers multiple times: We don't guarantee timely news, and our wise investment strategy advice is generally done retroactively. Caveat emptyor goes your wallet. In this case, this 2-week old news about Chinese hacking of email server programs may be just a wee too late to save that secure information regarding your plans for the next insurrection on the US Capitol.
That is, for the Microsoft Windows users, this could have been a problem. Commenter Adam Smith has advised you and me to go to Linux many times. It's MS Exchange Server that has been hacked by the Chinese through 4 security holes, per some dude named Chris Krebs (Krebs On Security is his web site). He reports At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software. 30,000 organizations probably runs into the 10's of millions of people, Basically, 30,000 copies of those versions of non-secure software have been sold in the US and over a hundreds of thousands worldwide:
At least 30,000 organizations across the United States — including a significant number of small businesses, towns, cities and local governments — have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that’s focused on stealing email from victim organizations, multiple sources tell KrebsOnSecurity. The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software, and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems.Great.... it was bad enough keeping the NSA and Deep State in mind when you email your friends, but now we have to worry about what the Chinese will get out of it. So, no insurrection plans and no bright new ideas would be the way to go.
On March 2, Microsoft released emergency security updates to plug four security holes in Exchange Server versions 2013 through 2019 that hackers were actively using to siphon email communications from Internet-facing systems running Exchange.[My bolding there.] Interesting... perhaps the Chinese have already hacked some brilliant new face-diapering technology from the CDC, or, failing that, just information on how to raise another cool virus like the COVID-one-niner.
Microsoft said the Exchange flaws are being targeted by a previously unidentified Chinese hacking crew it dubbed “Hafnium,” and said the group had been conducting targeted attacks on email systems used by a range of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs.
In the three days since then, security experts say the same Chinese cyber espionage group has dramatically stepped up attacks on any vulnerable, unpatched Exchange servers worldwide.
White House press secretary Jen Psaki told reporters today the vulnerabilities found in Microsoft’s widely used Exchange servers were “significant,” and “could have far-reaching impacts.”I'll just bet you're concerned. I'm not at all trying to tell you how to do your job, Miss Psaki, but the first person I'd call would be former Secretary of State Hillary Clinton. We don't know for sure the Hildabeast has a handle on this, or whether she ever actually successfully wiped that hard driver of hers. I mean, isopropyl alcohol and some elbow grease SHOULD do it, but at the level of security involved, "Evil Level Class IV Secret", her staff may want to try something stronger, say hydroflouric acid.
“We’re concerned that there are a large number of victims,” Psaki said.
This is a comprehensive systematic hacking job, not some one-time breach:
In each incident, the intruders have left behind a “web shell,” an easy-to-use, password-protected hacking tool that can be accessed over the Internet from any browser. The web shell gives the attackers administrative access to the victim’s computer servers.What to do? What to do?
“We’ve worked on dozens of cases so far where web shells were put on the victim system back on Feb. 28 [before Microsoft announced its patches], all the way up to today,” Adair said. “Even if you patched the same day Microsoft published its patches, there’s still a high chance there is a web shell on your server. The truth is, if you’re running Exchange and you haven’t patched this yet, there’s a very high chance that your organization is already compromised.”
Meanwhile, CISA has issued an emergency directive ordering all federal civilian departments and agencies running vulnerable Microsoft Exchange servers to either update the software or disconnect the products from their networks.Uhhh, yeah-uh! The information is out. As cheap as memory is today, just as the NSA can do, the CCP can save every last email and attachment file, and the information can be looked at when the need arises.
Adair said he’s fielded dozens of calls today from state and local government agencies that have identified the backdoors in their Exchange servers and are pleading for help. The trouble is, patching the flaws only blocks the four different ways the hackers are using to get in. But it does nothing to undo the damage that may already have been done.
“On the call, many questions were from school districts or local governments that all need help,” the source said, speaking on condition they were not identified by name. “If these numbers are in the tens of thousands, how does incident response get done? There are just not enough incident response teams out there to do that quickly.”I'm guessing these organizations made the most calls because they have the highest level of Affirmative Action, hence the smallest proportion of smart White people. As Steve Sailer says, we're running out of White people.
“It’s a question worth asking, what’s Microsoft’s recommendation going to be?,” the government cybersecurity expert said. “They’ll say ‘Patch, but it’s better to go to the cloud.’ But how are they securing their non-cloud products? Letting them wither on the vine.”Whoa, do they think I feel any better knowing all the info is on the cloud? When the Chinese ever get the humidity and instability how they want it in this cloud, I foresee a thunder-hackstorm throwing out information the size of golf balls.
Peak Stupidity has written before on the stupidity of a country that practically begs for espionage from the darker elements out of China - See ICE Jail Chinese Spy Si Chen* and Current-Era Espionage and Immigration. Instead of working from the mainland of China, how much easier would it be to create a back door, or the framing for one, in Microsoft software, as a Member of the Technical Staff? There's no end to the benefits of Diversity.
PS: "Oh, wait", you say, "there's only one guy in that picture who looks Chinese." Yeah, but that's because the rest are a bunch of slackers who would rather be paid in that diversity parade, rather than be on the Redmond campus that day hacking away.
* This is the post about the LA Woman, "LA Woman Si Chen", that is.