UPDATE: Things have only gotten worse, and the extent and duration of the hacks has expanded significantly. The hack is not limited to the "supply chain" hack of SolarWinds; evidence is showing that Microsoft's source code may also be compromised, although MS's internal investigation has not uncovered anything yet.
AND, Trump fired the national security director and put in a crony... who has just cancelled all security briefings until the new year... just as the extent of this hack is growing significantly.
As most people are probably aware by now, not only were Microsoft, Google, and others taken down this week, but also the largest most sophisticated hack of the US Government by Russian hackers was discovered.
This hack is completely unique, and breaks new ground. And you should know why, even if yer not a techie.
SolarWinds makes a highly respected security app. It is in use at many government agencies, is well-respected, and trusted.
Hackers managed to hack SolarWinds own internal corporate structure, write new software, and insert it into SolarWinds final released product. Completely undetected.
This alone is an epic feat worthy of deep analysis (which all my security friends are currently chewing through). They had to social engineer a way into the company's internal network. Then they had to find the source code, figure it out, and determine how to modify it. This alone probably took a couple months of analysis.
Then they had to set up/control accounts that had permission to post new code into the code library, and those new pieces of code needed to go undetected... by the people responsible for writing the code in that section, by the integration testers that tested the code to make sure it worked and didn't cause any problems, and finally that no other LEGITIMATE changes to the source code didn't undo or break the work the Russian hackers inserted surreptitiously.
This version of the SolarWinds software was tested, finalized, released, and installed by their trusting customers. "A new update has been released. Please install version 2.1.68, to upgrade to the latest version" or whatever the release message said.
System Administrators in dozens of government agencies installed the update.
The Russians were then able to active their sneaky backdoors, and allow themselves into the networks of all these agencies, routing around all of the firewalls and security protections, and pretty much wander around the internal federal government networks undetected...
... for MONTHS.
Possibly even over a year. (The analysis is still ongoing.)
It's like someone duplicated your car keys and drove it everywhere, every day, for a year, and you never knew about it.
(#KBbatshittery angle: With incompetent Trump appointees at the head of most of these agencies, I could see many of them going to jail for failure to do their duty, and allow something like this to happen. Long shot, I know, but it'd be pretty sweet...)
The only reason this hack was discovered was because an internet security company - FireEye - watches all internet traffic constantly and looks for "weird shit", and investigates. Apparently some servers were talking to other servers that wouldn't normally talk to each other - like, "why is this server at the Pentagon talking to a Russian IP Address?" - and looked into it and saw patterns... all over the US government, from dozens of agencies...
Imagine being the dude sitting at his desk looking at traffic maps and seeing this one weird thing... looking for other instances of that one weird thing... and finding an enormous web of these "weird things" going back months and months and months, without interruption.
That has got to make the skin crawl up your back, over the top of your head, and land in your lap, man......