BMW Garage BMW Meets Register Search Today's Posts Mark Forums Read
BIMMERPOST Universal Forums Off-Topic Discussions Board Cyber hacking. Your thoughts?

Post Reply
 
Thread Tools Search this Thread
      05-10-2021, 02:21 PM   #1
TiMSport
Banned
Ukraine
12787
Rep
2,983
Posts

Drives: '21 M340i xDrive, '17 Audi S3
Join Date: Feb 2021
Location: ATL

iTrader: (0)

Cyber hacking. Your thoughts?

This most recent event involving Colonial Pipeline (based here in Alpharetta, GA) is the latest example but it's very concerning to say the least. With so much of our critical infrastructures dependent upon IT systems and their vulnerabilities. This case involves a ransomware group known as DarkSide, but there are plenty out there. It does seem that some experts are suggesting this particular group wasn't aiming to cause chaos as much as it was just trying to get money. I hope authorities can get to the bottom of this and nail these bastards no matter what.

With that being said, we really need to be prepared for this kind of thing as it's just going to happen more and more. We've all read the stories about corporations and even local municipalities getting shut down and being victimized by these so-called ransomware groups. I just wonder how many of them are in China or Russia. Perhaps even N. Korea. Of course they may very well be right here in our back yard as well. Scary thought.
Appreciate 0
      05-10-2021, 02:34 PM   #2
Buug959
Captain
Buug959's Avatar
Ukraine
16831
Rep
872
Posts

Drives: 335xi E90, GMC Sierra, VW Golf
Join Date: Jun 2020
Location: Nova Scotia

iTrader: (0)

You may find this article interesting TiMSport It seems that DarkSide is avoiding any IT system that the language is set to Russian.

https://www.bbc.com/news/business-57050690
__________________
Wha' da ya mean? No brakes never stopped anyone before!
Appreciate 2
TiMSport12786.50
Littlebear3508.50
      05-10-2021, 02:37 PM   #3
zx10guy
Brigadier General
5139
Rep
3,235
Posts

Drives: 2013 135i
Join Date: Feb 2014
Location: DC

iTrader: (0)

This crap is going to continue until there are fines and penalties (which may be as extreme as jail time) for critical industries to put money into INFOSEC. No one is talking about this. I've been harping about this for a long time both in various online forums and with my job as a technology advisor for various clients. These rules need to be similar to HIPAA, PCI, and FedRAMP.

Talking about beefing up security is not going to do a damn thing as putting money into security doesn't reflect in the balance sheets or ROI of executives. But what will is if they don't upgrade their systems to established minimum guidelines that those making decisions on implementation and budgeting get fined personally or thrown in jail. I bet you this whole thing will turn around within in a few months. I don't need to go that far back to bring up a classic example of the failure of how things are being done by bringing up Equifax. The idiots in management knew they had vulnerabilities in their systems and chose not to patch their systems.
__________________
Quote:
Originally Posted by Lups View Post
We might not be in an agreement on Trump, but I'll be the first penis chaser here to say I'll rather take it up in the ass than to argue with you on this.
Appreciate 0
      05-10-2021, 02:39 PM   #4
TheWatchGuy
Colonel
TheWatchGuy's Avatar
3905
Rep
2,524
Posts

Drives: 335xi
Join Date: Mar 2018
Location: CO

iTrader: (0)

as long as they keep hacking nudes, I'll allow it
__________________
@drunkcowatches on ig

Am I a watch guy, or do i watch guys?
Appreciate 3
TiMSport12786.50
BMWGUYinCO4046.00
Murf99314114.00
      05-10-2021, 02:41 PM   #5
4Hockey4
Banned
832
Rep
674
Posts

Drives: Pinto
Join Date: Aug 2019
Location: Here

iTrader: (0)

Quote:
Originally Posted by LemansE90335xi View Post
You may find this article interesting TiMSport It seems that DarkSide is avoiding any IT system that the language is set to Russian.

https://www.bbc.com/news/business-57050690
scary stuff, but more importantly thank you for getting your information from an actual news site, not our current propaganda entertainment stations.
Appreciate 1
Buug95916830.50
      05-10-2021, 02:46 PM   #6
vreihen16
Recovering Perfectionist
vreihen16's Avatar
Ukraine
14882
Rep
938
Posts

Drives: 2015 BMW i3 BEV
Join Date: Jun 2019
Location: Orange County, NY

iTrader: (0)

Garage List
Colonial Pipeline's IT architects should be unemployed on the spot if their control infrastructure was accessible for any type of remote exploit via the public Internet! This is a no-brainer, and the feds have been publishing warnings to utilities and others that all of their infrastructure needs to be air-gapped to prevent this very thing from happening.....
__________________
2015 BMW i3 BEV, Giga World (Lodge interior), Tech/Driving Assist Packages, 30K miles
Appreciate 5
jmack548.50
Buug95916830.50
paquet629.50
DETRoadster11446.00
      05-10-2021, 02:52 PM   #7
TiMSport
Banned
Ukraine
12787
Rep
2,983
Posts

Drives: '21 M340i xDrive, '17 Audi S3
Join Date: Feb 2021
Location: ATL

iTrader: (0)

Quote:
Originally Posted by zx10guy View Post
This crap is going to continue until there are fines and penalties (which may be as extreme as jail time) for critical industries to put money into INFOSEC. No one is talking about this. I've been harping about this for a long time both in various online forums and with my job as a technology advisor for various clients. These rules need to be similar to HIPAA, PCI, and FedRAMP.

Talking about beefing up security is not going to do a damn thing as putting money into security doesn't reflect in the balance sheets or ROI of executives. But what will is if they don't upgrade their systems to established minimum guidelines that those making decisions on implementation and budgeting get fined personally or thrown in jail. I bet you this whole thing will turn around within in a few months. I don't need to go that far back to bring up a classic example of the failure of how things are being done by bringing up Equifax. The idiots in management knew they had vulnerabilities in their systems and chose not to patch their systems.
F'n Equifax! Don't remind me of that. Argh. I agree there needs to be accountability and punishment for not securing critical infrastructures.
Appreciate 3
vreihen1614882.00
jmack548.50
      05-10-2021, 02:56 PM   #8
TiMSport
Banned
Ukraine
12787
Rep
2,983
Posts

Drives: '21 M340i xDrive, '17 Audi S3
Join Date: Feb 2021
Location: ATL

iTrader: (0)

Quote:
Originally Posted by TheWatchGuy View Post
as long as they keep hacking nudes, I'll allow it
LOL. Yeah keep up the good work with hacking celeb iPhones and continue "The Fappening" trend.

BTW, I saw your signature and was wondering what kind of hacked nudes you're hoping for...
Appreciate 1
      05-10-2021, 03:13 PM   #9
jmack
First Lieutenant
jmack's Avatar
549
Rep
384
Posts

Drives: OG M2, E70 X5M
Join Date: Oct 2018
Location: TN

iTrader: (0)

Quote:
Originally Posted by zx10guy View Post
This crap is going to continue until there are fines and penalties (which may be as extreme as jail time) for critical industries to put money into INFOSEC. No one is talking about this. I've been harping about this for a long time both in various online forums and with my job as a technology advisor for various clients. These rules need to be similar to HIPAA, PCI, and FedRAMP.

Talking about beefing up security is not going to do a damn thing as putting money into security doesn't reflect in the balance sheets or ROI of executives. But what will is if they don't upgrade their systems to established minimum guidelines that those making decisions on implementation and budgeting get fined personally or thrown in jail. I bet you this whole thing will turn around within in a few months. I don't need to go that far back to bring up a classic example of the failure of how things are being done by bringing up Equifax. The idiots in management knew they had vulnerabilities in their systems and chose not to patch their systems.
There are critical infrastructure regulations similar to HIPAA and PCI, it's called NERC CIP. But I absolutely agree that executives need to be held personally responsible for violations like this.
Appreciate 1
vreihen1614882.00
      05-10-2021, 03:15 PM   #10
unluky
Major
unluky's Avatar
7465
Rep
1,246
Posts

Drives: 04 z4 3.0 Sport & 15 X5 35i XD
Join Date: Aug 2013
Location: Sedalia, MO

iTrader: (0)

Garage List
We have no fingers to point here........

Great watch if you've never seen it!

https://www.imdb.com/title/tt5446858/
__________________
2015 X5 XDrive 35i - 2004 Z4 3.0 Sport
Appreciate 1
TiMSport12786.50
      05-10-2021, 03:26 PM   #11
EME_Bounce
New Member
85
Rep
7
Posts

Drives: 2021 X30e
Join Date: Mar 2021
Location: Earth

iTrader: (0)

The problem is, as a career field, IT is a dumpster fire that should be avoided at all costs. It intersects poor, ignorant management, skilled sales babes and smugly incompetent "IT" people put in charge of critical infrastructure. Hiring is generally done by certification and those doing the hiring couldn't determine if someone was competent if they tried.

There are good people but they're usually shunned away and can't stand the idiots and go to work for the places that don't get hacked.
Appreciate 2
vreihen1614882.00
paquet629.50
      05-10-2021, 03:34 PM   #12
EME_Bounce
New Member
85
Rep
7
Posts

Drives: 2021 X30e
Join Date: Mar 2021
Location: Earth

iTrader: (0)

Quote:
Originally Posted by zx10guy View Post
This crap is going to continue until there are fines and penalties (which may be as extreme as jail time) for critical industries to put money into INFOSEC. No one is talking about this. I've been harping about this for a long time both in various online forums and with my job as a technology advisor for various clients. These rules need to be similar to HIPAA, PCI, and FedRAMP.

Talking about beefing up security is not going to do a damn thing as putting money into security doesn't reflect in the balance sheets or ROI of executives. But what will is if they don't upgrade their systems to established minimum guidelines that those making decisions on implementation and budgeting get fined personally or thrown in jail. I bet you this whole thing will turn around within in a few months. I don't need to go that far back to bring up a classic example of the failure of how things are being done by bringing up Equifax. The idiots in management knew they had vulnerabilities in their systems and chose not to patch their systems.
You can make up a bunch of laws, rules, requirements, but if the person implementing them is nothing more than a button pushing monkey that doesn't understand aspects of how systems work and work together, this will always continue.

Laws/regulations/PCI/HIPPA all lag technology and are written by bureaucrats, not intelligent computer engineers. (yes, there is a HUGE difference between an IT weenie and a computer engineer). IT management is excited in nothing but reading blogs and the latest IT buzzword.

I've seen all of this first hand in commercial industry.

There are good people but for the most part it's a mess.
Appreciate 1
vreihen1614882.00
      05-10-2021, 03:40 PM   #13
Tommy-G
Captain
Tommy-G's Avatar
4467
Rep
694
Posts

Drives: 2015 435 Vert Alpine White
Join Date: Apr 2010
Location: Bradenton FL

iTrader: (0)

We had a scary one locally, you guys may or may not have heard about. Some hacker got into the water system computer and raised the amount of LYE by 100 times. It triggered an alarm but other areas don't have the same alarm system apparently

https://www.wired.com/story/oldsmar-...-utility-hack/
Appreciate 4
vreihen1614882.00
TiMSport12786.50
paquet629.50
      05-10-2021, 04:00 PM   #14
unluky
Major
unluky's Avatar
7465
Rep
1,246
Posts

Drives: 04 z4 3.0 Sport & 15 X5 35i XD
Join Date: Aug 2013
Location: Sedalia, MO

iTrader: (0)

Garage List
Quote:
Originally Posted by EME_Bounce View Post
The problem is, as a career field, IT is a dumpster fire that should be avoided at all costs. It intersects poor, ignorant management, skilled sales babes and smugly incompetent "IT" people put in charge of critical infrastructure. Hiring is generally done by certification and those doing the hiring couldn't determine if someone was competent if they tried.

There are good people but they're usually shunned away and can't stand the idiots and go to work for the places that don't get hacked.
I agree with all this. I know enough about IT to be mildly dangerous and watching my old boss interview potential IT people was embarrassing. He can barely run outlook or find a folder on the server - but he is trying to integrate these people about their IT knowledge. I was surprised many did just get up and leave.

It's be like me trying to hire Stephen Hawkins for a job he was qualified for - how in the hell would I be able to vet him?

Any real programmer has to be driven crazy by the request from their bosses - who always "know better".
__________________
2015 X5 XDrive 35i - 2004 Z4 3.0 Sport
Appreciate 2
paquet629.50
vreihen1614882.00
      05-10-2021, 04:54 PM   #15
TiMSport
Banned
Ukraine
12787
Rep
2,983
Posts

Drives: '21 M340i xDrive, '17 Audi S3
Join Date: Feb 2021
Location: ATL

iTrader: (0)

Quote:
Originally Posted by unluky View Post
We have no fingers to point here........

Great watch if you've never seen it!

https://www.imdb.com/title/tt5446858/
Didn't see it but I will now, thanks.
Appreciate 1
unluky7465.00
      05-10-2021, 05:11 PM   #16
BMWGUYinCO
Second Lieutenant
BMWGUYinCO's Avatar
4046
Rep
273
Posts

Drives: 22 M850 Convertible '23 X3 M40
Join Date: Apr 2020
Location: Colorado

iTrader: (0)

The problem is a combination of apathy and simple financials. I work in IT so I've seen it many times.

Companies are always reactive rather than proactive...and that's where the apathy as well as finances come in.

A good CISO will assess the vulnerabilities of the company and then propose a remediation plan. That cost will make the board swallow their tongues. So a small percentage will be allotted each year towards proactive measures and some in just maintaining services/support....until a major incident happens.

Then unfortunately, the blame has to fall on someone, - so the CISO usually has to fall on the sword and then miraculously the money is produced.
Appreciate 3
TiMSport12786.50
paquet629.50
vreihen1614882.00
      05-10-2021, 05:38 PM   #17
unluky
Major
unluky's Avatar
7465
Rep
1,246
Posts

Drives: 04 z4 3.0 Sport & 15 X5 35i XD
Join Date: Aug 2013
Location: Sedalia, MO

iTrader: (0)

Garage List
Quote:
Originally Posted by BMWGUYinCO View Post
The problem is a combination of apathy and simple financials. I work in IT so I've seen it many times.

Companies are always reactive rather than proactive...and that's where the apathy as well as finances come in.

A good CISO will assess the vulnerabilities of the company and then propose a remediation plan. That cost will make the board swallow their tongues. So a small percentage will be allotted each year towards proactive measures and some in just maintaining services/support....until a major incident happens.

Then unfortunately, the blame has to fall on someone, - so the CISO usually has to fall on the sword and then miraculously the money is produced.

That is why a good CISO always......ALWAYS keeps emails. LOL
__________________
2015 X5 XDrive 35i - 2004 Z4 3.0 Sport
Appreciate 2
BMWGUYinCO4046.00
vreihen1614882.00
      05-10-2021, 05:54 PM   #18
TiMSport
Banned
Ukraine
12787
Rep
2,983
Posts

Drives: '21 M340i xDrive, '17 Audi S3
Join Date: Feb 2021
Location: ATL

iTrader: (0)

Came across this explanation of what makes a good CISO. Don't know anything about BMT but this article sounded legit.

https://www.bmc.com/blogs/ciso-chief...curity%20risks.
Appreciate 0
      05-10-2021, 06:59 PM   #19
vreihen16
Recovering Perfectionist
vreihen16's Avatar
Ukraine
14882
Rep
938
Posts

Drives: 2015 BMW i3 BEV
Join Date: Jun 2019
Location: Orange County, NY

iTrader: (0)

Garage List
Quote:
Originally Posted by unluky View Post
That is why a good CISO always......ALWAYS keeps emails. LOL
...printed on paper!!!!!
__________________
2015 BMW i3 BEV, Giga World (Lodge interior), Tech/Driving Assist Packages, 30K miles
Appreciate 0
      05-10-2021, 07:10 PM   #20
Murf993
Major
Murf993's Avatar
14114
Rep
1,336
Posts

Drives: Porsche 993
Join Date: Mar 2020
Location: Dog Lake, South Frontenac, Ontario Canada

iTrader: (0)

Might be the rum talking but here goes. Why doesn't the command and control system for any infrastructure have a stand alone system for the expressed reason of avoiding hacking.
Appreciate 3
vreihen1614882.00
DETRoadster11446.00
BMWGUYinCO4046.00
      05-10-2021, 07:16 PM   #21
vreihen16
Recovering Perfectionist
vreihen16's Avatar
Ukraine
14882
Rep
938
Posts

Drives: 2015 BMW i3 BEV
Join Date: Jun 2019
Location: Orange County, NY

iTrader: (0)

Garage List
Quote:
Originally Posted by Murf993 View Post
Might be the rum talking but here goes. Why doesn't the command and control system for any infrastructure have a stand alone system for the expressed reason of avoiding hacking.
Even with the rum and zero professional IT experience, Murf gets the stupidity of Colonial Pipeline's IT architectural blunder!!!!!
__________________
2015 BMW i3 BEV, Giga World (Lodge interior), Tech/Driving Assist Packages, 30K miles
Appreciate 2
Murf99314114.00
BMWGUYinCO4046.00
      05-10-2021, 07:32 PM   #22
Murf993
Major
Murf993's Avatar
14114
Rep
1,336
Posts

Drives: Porsche 993
Join Date: Mar 2020
Location: Dog Lake, South Frontenac, Ontario Canada

iTrader: (0)

Quote:
Originally Posted by vreihen16 View Post
Even with the rum and zero professional IT experience, Murf gets the stupidity of Colonial Pipeline's IT architectural blunder!!!!!
Thank you. I mean I loved to google at work as much as the next guy but I'm thinking that you can't get hacked if you're not connected to the inter web right?

Might be the rum talking but maybe I should go into consulting.
Appreciate 1
vreihen1614882.00
Post Reply

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -5. The time now is 06:00 AM.




bmw
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
1Addicts.com, BIMMERPOST.com, E90Post.com, F30Post.com, M3Post.com, ZPost.com, 5Post.com, 6Post.com, 7Post.com, XBimmers.com logo and trademark are properties of BIMMERPOST