> CISA's own joint advisory confirmed that Volt Typhoon actors maintained access inside some victim environments for at least five years, using living-off-the-land techniques that make them nearly invisible to traditional security tools.
According to CISA's joint advisory (AA24-038A), here's specifically how they stayed inside for 5 years:
Valid credentials and stolen accounts. They repeatedly dumped NTDS.dit (the Active Directory database) from domain controllers to harvest every credential in the environment. In one confirmed case they extracted NTDS.dit from three domain controllers over a four-year period. They kept coming back to re-dump so they always had current, valid passwords.
Only operated during normal business hours. They studied the victim's work patterns and only used compromised credentials when legitimate admins would be active, so authentication logs looked normal.
Targeted log deletion. They deleted specific logs to cover their tracks.
Routed traffic through compromised SOHO routers. Fortinet, Cisco RV320, Netgear, and other end-of-life home/small office routers. Made their traffic appear to originate from legitimate residential IPs, not foreign infrastructure.
Zero malware. Literally none. They used only wmic, ntdsutil, netsh, PowerShell, cmd.exe, certutil, ldifde, net, and other native Windows tools. Nothing for an EDR to signature match against.
Minimal activity between credential dumps. They got in, dumped creds, did light recon, then went silent. They weren't exfiltrating data. They were pre-positioning for future disruption. That silence is what made them invisible.
It's a term-of-art that means to use the tools that are already available on the target machine. So rather than shipping a custom binary/shellcode/etc which exfiltrates data or whatever, you string together existing powershell/unix/etc commands to do so. It's effective because it's hard to distinguish these from legitimate processes.
Traditional malware relies on delivery of “payload” with a custom program and data, and/or establishing persistence by installing files to local storage.
These behaviors generate distinctive evidence of compromise in-progress, active, and after the fact, so your AV software or forensics team can identify it.
“Living off the Land” means minimizing or eliminating the payloads and the system modifications, and leveraging anything and everything that is found already existing in the system.
Obviously while presenting extra logistical challenges, LOL can be stealthier and easier to deploy on your target systems.
Nah. Too often their "crimes" are actually basic freedoms that they just find it profitable to deny. So many laws are bought and paid for by corporations. There is no need to respect them or even recognize them as legitimate, let alone make them universal.
I have published an extension [1] that has 100k+ users and I've probably received hundreds of emails over the years asking me to sell out in one way or another. It's honestly relentless. For that reason I also only trust uBlock Origin, Bitwarden and my own extensions.
I'd also note that all this spam is via the public email address you're forced to add to your extension listing by Google. I don't think I've ever had a single legitimate email sent to it. So yeh, thanks Google.
Respect for not selling out. I have to admit though... If I had a browser extension and someone suddenly offered me a million dollars for it, I think I would take it.
This realization made me distrust any system where it is even possible to sell out. In order for a system to be trustworthy, it must be impossible for this sort of exploitation to ever occur, no matter how much money they put on the table.
I was just having a quick search and the only email I can find that offered a price range up front was for $0.1-0.4 per user, and that was from 2023. So I assume up to a dollar per user these days?
> The only extension I trust enough to install on any browser is uBlock Origin.
Note however that the origin of uBlock Origin is that the developer Raymond Hill transferred control of the original uBlock project to someone who turned out not to be trustworthy, and thus Hill had to fork it later.
I never transferred the extension in the Chrome store. The Chrome store extension has always been the one from the repository I control, and I've had full control of it since when I created it back in June 2014.
I often make the argument that uBlock Origin is so essential that it should be built into the browsers instead of being a separate extension. The restrictions imposed by manifest v3 are good, it's just that uBlock Origin is special enough that it should be able to bypass them.
Unfortunately, the huge conflicts of interest make this unrealistic. Can't trust developers funded by ad money to develop an ad blocker.
This doesn't even seem that far fetched at this point. The economic influence of the USA is being eroded at every turn. Their military capabilities could very well turn out to be their last hope one day. South America stands virtually no chance against even a decadent USA. It's actually embarrassing how weak South America is.
The problem is that the main military enemy of South America is Other Bits Of South America, especially internal enemies. That's why Costa Rica has no military: can't have a military coup without a military.
> all it did was lure western companies to move their production over and "learned" by copying
Yeah, and they fell for it. Handed over all their intellectual "property" to the chinese on a silver platter. Moved all their production to China, thereby deindustrializing their own countries and impoverishing their fellow citizens to the point of nearly wiping out the middle class.
I wonder if it's even possible for the west to save itself at this point.
What happened one way, can happen the other. Recently, I've watched a documentary about late 19th century steel maker. His approach was very similar to what many seem to consider "uniquely Chinese" for some reason.
He bought IP from people who didn't see value in it. He obtained state subsidies and convinced politicians to see his sector as a national priority. When he couldn't buy the know how, he had it reverse engineered from samples.
West just needs to go back to what used to work, and what still works. If China could industrialize itself from practically nothing, why couldn't western countries do something similar? Some of them already did after WWII.
It's just a matter of will. And accepting that there will have to be compromises and certain level of sacrifice.
The biggest reason as others have already discussed, manufacturing is inherently dirty work so better off shore and be concerned about the environment locally.
>Yeah, and they fell for it. Handed over all their intellectual "property" to the Chinese on a silver platter. Moved all their production to China
"Fell for it" looks a lot like "basically compelled by the economic impacts of public policy and political winds" so far as I can tell.
Some man in a C-suite in 2002 who was wrestling with a decision to refresh domestic factories with capital investments that would pay off over the next 15yr and be competitive for 30 or build new in China could only make that decision one way without being ousted by his own board. Even if the economics barely penciled out positively after compliance costs the political winds made it too risky.
I mean, yeah, someone fell for it. The public, the politicians, etc. etc. But it's not like anyone who didn't have to grapple with the numbers didn't know what they were doing was suspect at best, though many of course deluded themselves into believing in it.
How many decades and dollars did we spend shipping trash plastic overseas because they provided us with receipts saying they were recycling it when they were landfilling, burning or dumping it? Everyone who knew the chemistry and energy prices knew it didn't really work but still, it happened.
The US government fell for it too. China made it economically attractive to deindustrialize and destroy your own country? Tax them until it's no longer the case. I don't know. Do something. Respond to the situation. Tip the scales so that the ominous board of directors has no choice but to swallow the bitter pill and like it. Trump is trying it but looks like it's too little too late.
The fact is at some point the USA shifted from nation to an amalgamate of corporations. The US government serves the interests of corporations that have gone multinational, corporations that are barely american at this point, corporations that now kowtow before China lest they lose access to the chinese market and its growing middle class. Meanwhile China consistently demonstrates the ability to plan and execute long term strategies that advance the interests of the chinese civilization. I don't like it but I have to respect it. They're making democracies and their leaders look like complete idiots who care about nothing but muh reelection.
Ok, do your worst. I got on Discord cause they offered the best free service, I'll just as easily leave if that ever stops being the case. "Teen mode" seems not bad, I need something worse.
You will not leave easily. There's no point to you leaving if all your friends remain. Chances are they could not care less about these issues and would rather leave you instead of mass switching to a less convenient alternative.
I'd leave with or without them if it sucked. They can and will text me instead, just like they do since I left WhatsApp (because it sucked). The communities of randoms I don't even know irl can't, but that's exactly why it doesn't matter so much.
That and my friends probably care the same or more than me about privacy.
Yeah, we've seen time and time again that the network effect of social media makes it next to impossible to actually move to a different service. The Discord feature set is great and all, but it's the fact that your communities are there that keeps everyone on it. I'm hoping they get enough backlash / canceled Nitro from this because I don't want to lose the communities I'm in. Already did that with Facebook/Instagram/etc and it sucks.
I really don't like how the author minimizes the kernel anticheat situation. It's not "a lot of noise online".
It doesn't matter that user mode software is also vulnerable. We actually have mitigations against many of those user mode problems. Separate user accounts for example. Games can't exfiltrate your browser data if they can't read them.
Obviously kernel mode software can bypass all sorts of operating system controls. Bypassing those controls is the whole reason why they implement anticheat in kernel mode. If they can't bypass these controls, it means the operating system is more powerful than the anticheat, which means it can be defeated.
Yes, proprietary software is inherently untrustworthy and could be malware in disguise. Nobody disputes this, it's happened before and will happen again. It's a good idea to invest in a properly virtualized system where all those games are contained and kept completely separate from the real system. Yet another reason why we don't need idiotic anticheat software bitching about the fact it's been virtualized.
Pre LLMs I would have said the all-text format of HN probably kept the astroturfing low, but these days I'm less sure. It's still a much less engaging format than almost any other place on the web, although again, with LLMs you can even cheaply target the lowest value returns.
I wouldn't say it's entirely hopeless. Just gotta know who's behind the posts. Checking for conflicts of interest is essential. HN is valuable due the fact many notable hackers post here. Makes it easier to know who we are interacting with, what they stand for and who they work for. Invite only communities like lobsters are even better in that regard. Less random accounts adding noise. Some degree of elitism is a good thing.
What freaks me out is that in the long run everybody on the internet gets account problems at some point, and then when you're starting fresh, proof-of-humanity will be more difficult than it used to be.
Yeah I agree. The point I was trying to make is that you can't judge like the share of some actual collective agreeing to something from reading post on forums.
reply