The Daily Parker

Politics, Weather, Photography, and the Dog

Calmer today as the Derpnazis return home

We had a relatively quiet day yesterday, but only in comparison to the day before:

Meanwhile, here in Chicago:

Finally, Bruce Schneier advises the incoming administration on how to deal with the SolarWinds intrusion.

See? Yesterday was quiet.

What the hell happened yesterday?

Where to begin.

Yesterday, and for the first time in the history of the country, an armed mob attacked the US Capitol building, disrupting the ceremonial counting of Electoral Votes and, oh by the way, threatening the safety of the first four people in the presidential line of succession.

I'm still thinking about all of this. Mainly I'm angry and disgusted. And I'm relieved things didn't wind up worse. But wow.

Here are just some of the reactions to yesterday's events:

Meanwhile, amid the violence and the insanity, the United States set a new record for Covid-19 deaths in one day.

Oh, and also, now that you mention it, both Democratic candidates for US Senate in Georgia won their races.

Right-wing terrorism

The mayor of Washington DC and the Speaker of the House have requested the National Guard clear "protestors" from the Capitol grounds as Congress has evacuated the House chamber:

The request was made through the Capitol Police Board, a body that includes the chief of the Capitol Police, the House and Senate sergeants of arms, and the Architect of the Capitol.

A D.C. government official who spoke on the condition of anonymity because they were not authorized to comment publicly said troops are being deployed to the Capitol.

This is terrorism, plain and simple. The STBXPOTUS has enflamed the passions of his more addle-minded followers because, like most authoritarians who lose, he can't accept that he lost.

These infants, attempting to disrupt their own Congress while shouting "USA! USA!", embarrass me. The Republican Party embarrasses me. The STBXPOTUS just makes me sad.

Three minutes ago, the Times' headline: "Police draw guns inside the Capitol." The party of Law and Order my ass.

I'm screaming in my head

The Times continues its coverage of the SolarWinds breach, and adds a detail that explains why the Russians continue to eat our lunch:

Employees say that under [SolarWinds CEO Kevin] Thompson, an accountant by training and a former chief financial officer, every part of the business was examined for cost savings and common security practices were eschewed because of their expense. His approach helped almost triple SolarWinds’ annual profit margins to more than $453 million in 2019 from $152 million in 2010.

But some of those measures may have put the company and its customers at greater risk for attack. SolarWinds moved much of its engineering to satellite offices in the Czech Republic, Poland and Belarus, where engineers had broad access to the Orion network management software that Russia’s agents compromised.

So many things went wrong in this case that singling out one CEO for taking profits over security may seem myopic. But the SVR must love the poetry of it: a greedy American CEO tries to increase his paycheck by hiring engineers easy for them to compromise, leading to the largest network intrusion in history.

I want to see Congress investigate this, and I want to see Thompson reduced to penury for his greed. Not that anything will change; until we have rational regulation of software security—hell, until we have any regulation of software security—criminals and our adversaries will keep exploiting companies like SolarWinds.

Lazy Sunday morning reading

A couple of articles piqued my interest over the last day:

Finally, with only a few days left in December, we have now had 5 days this month with more Americans dead from Covid-19 than died on 9/11, and the STBXPOTUS won't sign even the miserly, half-assed recovery bill that Republicans in the Senate would agree to. January 20th can't come soon enough.

Erev Xmas Eve

It's 11°C outside and I have a fuzzy houseguest for the day, so there will be walks! At least until the 20°C temperature drop starts around 6pm... So while I'm enjoying the last above-freezing day of the year with a very sweet and very strong office companion, I've got a few things to occupy my time.

At the top of my list today, we find that the STBXPOTUS has pardoned 15 truly awful murderers and grifters, including the four assholes who slaughtered unarmed Iraqi civilians in 2007. It's possible these are the worst pardons ever granted by a US president. (I wonder if Bill Moyers would agree.)

Next we have Bruce Schneier explaining just how bad the SolarWinds penetration really is.

And finally, US Surgeon General Dr Jerome Adams said Chicago's coronavirus vaccine rollout was the best in the nation. Go us!

I will now finish my lunch, guarded vigilantly by my neighbor's dog who hopes against all evidence that some of my ham sandwich will find its way to her snout.

Major, ongoing network penetration

FireEye, a cybersecurity firm, revealed last week that unknown parties had penetrated its network and that its clients, including the US Government, were at risk. Bruce Schneier has technical details about the attack. Former Homeland Security Adviser Thomas Bossert lays out the scope of it:

The attackers gained access to SolarWinds software before updates of that software were made available to its customers. Unsuspecting customers then downloaded a corrupted version of the software, which included a hidden back door that gave hackers access to the victim’s network.

This is what is called a supply-chain attack, meaning the pathway into the target networks relies on access to a supplier. Supply-chain attacks require significant resources and sometimes years to execute. They are almost always the product of a nation-state. Evidence in the SolarWinds attack points to the Russian intelligence agency known as the S.V.R., whose tradecraft is among the most advanced in the world.

According to SolarWinds S.E.C. filings, the malware was on the software from March to June. The number of organizations that downloaded the corrupted update could be as many as 18,000, which includes most federal government unclassified networks and more than 425 Fortune 500 companies.

The magnitude of this ongoing attack is hard to overstate.

The Russians have had access to a considerable number of important and sensitive networks for six to nine months. The Russian S.V.R. will surely have used its access to further exploit and gain administrative control over the networks it considered priority targets. For those targets, the hackers will have long ago moved past their entry point, covered their tracks and gained what experts call “persistent access,” meaning the ability to infiltrate and control networks in a way that is hard to detect or remove.

The logical conclusion is that we must act as if the Russian government has control of all the networks it has penetrated.

Now, if only we had an administration that believed its experts and a majority party in the Senate that would pass a Defense Reauthorization Bill...

President-Elect of the United States Joe Biden

The Electoral College has voted, and with no surprises, as of 16:37 Chicago time Joe Biden has received the requisite 270 votes to be elected President of the United States. And yet, we had a few surprises today:

Finally, John le Carré died at 89 yesterday. Time to revisit Josephine Livingstone's review of "the glorious return of George Smiley," le Carré's 2017 novel A Legacy of Spies.

 

Yesterday got away from me

Just reviewing what I actually got up to yesterday, I'm surprised that I didn't post anything. I'm not surprised, however, that all of these articles piled up for me to read today:

While I'm reading all of that, I've got a stew going in my Instant Pot (on slow-cooker mode). Unfortunately, it seems I underestimated the bulkiness of stew ingredients. I think I'll have a lot of leftovers:

Sure Happy It's Thursday

So many things to read at lunchtime today:

Finally, a year ago today I made some predictions about what could happen in the 2020 election. Turns out, "Option C" is true, and we're still waiting to see on a few others.