It's True- Microsoft Hacked Too!

[Judge]

This story has been floating around for a few days now. Microsoft finally confirmed it. Lapsus$ strikes again. Though allegedly no customer data was stolen. Looks like source code for Bing, Bing Maps, and Microsoft Cortana were all taken though.

https://www.ign.com/articles/microsoft-hacked-by-group-involved-in-nvidias-data-breach

 

[Judge]

I wonder who would even want that source. Only reason of interest i can think of is that there could be privacy invasive lines of code in there.

Perhaps the real story is just having the ability to penetrate Microsoft. And the fallout that may ensue. Of course any intellectual property relative to defense contracts that was actually stolen, I doubt the government would allow MS to comment about it.

Wondering how the Pentagon feels right now. Jeff Bezos may be lurking in the wings...licking his chops. But then who knows? Amazon may be on the hacker's "hit list" as well.

 

[Judge]

It is very likely there is a component of social engineering involved in these attacks, having someone on the inside.

Yep, that's the rumor.

 

[Forest Cat]

I always asssume that everything that is made by people, can be hacked or broken into or messed with by other people. Everything. Always. So I'm not surprised.

 

[Judge]

I always asssume that everything that is made by people, can be hacked or broken into or messed with by other people. Everything. Always. So I'm not surprised.

Personally I'm more concerned about the timing of it all. And whether or not we are witnessing asymmetrical acts of cyberwarfare as MIT warned about a few months back.

But are they state actors or simply private parties taking advantage of the situation ?

Going after Nvidia? -Meh. But Samsung and Microsoft, now we're talking about key infrastructure targets.

 

[Forest Cat]

Personally I'm more concerned about the timing of it all. And whether or not we are witnessing asymmetrical acts of cyberwarfare as MIT warned about a few months back.

Yeah I think we should assume that the internet is completely out of control and nothing is safe. Everything I see point to that. North Korea alone have probably stolen every little bit of data in the US already. We might as well just accept it and relax.

 

[Judge]

Yeah I think we should assume that the internet is completely out of control and nothing is safe.

Our military already does and has for some time.

 

[Forest Cat]

Our military already does and has for some time.

Yeah that too I gave up on the internet a long time ago, it's just a mess.

 

[Judge]

Yeah that too I gave up on the internet a long time ago, it's just a mess.

No matter what anyone does, hackers always seem perpetually one step ahead. That it's a game of pure offense where defense doesn't count for much.

 

[Forest Cat]

No matter what anyone does, hackers always seem perpetually one step ahead. That it's a game of pure offense where defense doesn't count for much.

I have said for a long time that the internet is still in its childhood, it's crude and simple and easy to abuse. But we treat it like very special techology given to us by the Gods themselves. It has disaster written all over it, I think we overestimate it and rely on it too much. But we have already put our lives and all our secrets into it.

 

[Judge]

I think we overestimate it and rely on it too much. But we have already put our lives and all our secrets into it so now we are just along for the ride.

Wouldn't be the first time considering nuclear energy and fossil fuels.

But mother nature will give us only so much rope to hang humanity with. That we may be due for another "dark age" in the near future.

When ya got humanity, who needs floods and arks?

 

[maycontainthunder]

If I were Microsoft I wouldn't have the real software source codes online... I think you can see where this is going!

 

[Suzette]

If I were Microsoft I wouldn't have the real software source codes online... I think you can see where this is going!

No, of course not.

Hackers don't need the internet. They just need to know a back door into internal servers.

You are thinking of the access problem like opening a known safe. But they do it by taking advantage of the other places people aren't looking. Crawling through a sewer is easier than walking through the front door if you want to remain hidden.

 

[Nervous Rex]

I wonder who would even want that source. Only reason of interest i can think of is that there could be privacy invasive lines of code in there.

With the source code, it's much easier to search for vulnerabilities and bugs.

 

[Nervous Rex]

No matter what anyone does, hackers always seem perpetually one step ahead. That it's a game of pure offense where defense doesn't count for much.

Being in IT security has to be a lot like being a soccer goalie: If you do your job well, no one knows. But if you fail once, everyone blames it all on you.

I don't think it's a "one step ahead" situation. It's more like "all or nothing". To be secure, an organization must prevent or close every possible vulnerability. To hack them, an attacker only needs to find one vulnerability they can exploit.

 

[Judge]

Being in IT security has to be a lot like being a soccer goalie: If you do your job well, no one knows. But if you fail once, everyone blames it all on you.

I don't think it's a "one step ahead" situation. It's more like "all or nothing". To be secure, an organization must prevent or close every possible vulnerability. To hack them, an attacker only needs to find one vulnerability they can exploit.

Absolutely. However I believe your statement strictly reflects a position relative to defense. When I say "one step ahead", I mean what hackers do. Which is strictly in terms of offense.

Logically speaking, if there was an absolute and universal method of keeping hackers from penetrating networks, there would be no hacking. Yet we continue to hear of supposedly secure networks that eventually get hacked. Reflecting a continuance of the notion that hackers remain "one step ahead" in this game. Hackers offensively ahead of this curve, and defenders behind it.

We also know from past incidents that not everyone chooses to allocate the same re$ources to combat hacking, and they have paid for it, along with their customers. That's on them.

But these big names in high tech getting hacked...that's alarming. Especially if and when the government sees fit to contract with them over various technologies.

 

[Nervous Rex]

Absolutely. However I believe your statement strictly reflects a position relative to defense. When I say "one step ahead", I mean what hackers do. Which is strictly in terms of offense.

Yes - the offense find something that the defense missed. I think we're on the same page and I could have phrased my reply with a little less opposition.

 

[Aspychata]

I read on the internet that everything is safe to do online. Apparently MS thinks the same.

 

[Ken]

The business I worked for shared a building with another business that produced software, firmware and even some hardware for extreme security systems, used by government, military, banks, etc.

I often met their primary technical person passing in the halls. I learned from him that there is no such thing as security on the internet. His fix is to never be connected to the internet. No internet is used in any of their development. Everyday, he went home carrying their digital work stored in his pocket on a hard disk. It came back each morning for continued work. Perhaps he could get mugged, but that wouldn't go unnoticed. The hard disks were designed to destroy all data if the disk was attempted to be read by any hardware other than their development hardware. The disk would also mechanically destroy the disk if disassembly was attempted. Thus, both hardware and digital data would have to be hacked and any hacking would have to be physically in person, not in some little room in a remote location.

Of course, none of their customers shared that method of security.

 

[Judge]