IMicrosoft v. SVR. Kutheni le nto umthombo ovulekileyo kufuneka ube yinto eqhelekileyo

Diego Germán González

Imizuzu ye6

IMicrosoft kunye neSVR

Isenokuba yinoveli kaTom Clancy evela kuthotho lweNetForce, kodwa yincwadi Ibhalwe nguMongameli u-Microsoft u-Brad Smith ngembeko kuye nakwinkampani yakhe. Ngapha koko, ukuba umntu ufunda phakathi kwemigca (ubuncinci ngaphakathi isicatshulwa apho i-portal yayinokufikelela khona) kwaye yahlulahlula i-self pats ngasemva kunye neentonga kubakhuphiswano, okusalayo kunomdla kwaye kuyafundisa. Kwaye, ngombono wam othobekileyo, isampulu yezibonelelo zesoftware yasimahla kunye nemodeli yomthombo ovulekileyo.

Abalinganiswa

Yonke inoveli yokuhlola ifuna "umntu ombi" kwaye, kule meko akukho nto ingaphantsi kwe-SVR, omnye wemibutho eyaphumelela i-KGB emva kokuwa kwe-USSR. I-SVR ijongana nayo yonke imisebenzi yobukrelekrele eyenziwayo ngaphandle komda weRussian Federation. "Ixhoba elingenatyala" yayiyiSolarWinds, inkampani ephuhlisa isoftware yolawulo lwenethiwekhi.Isetyenziswa ziinkampani ezinkulu, abaphathi beziseko zophuhliso, kunye neearhente zikarhulumente zase-US. Ewe, sidinga iqhawe. Kule meko, ngokwabo, liSebe lezoBukrelekrele laseMicrosoft.

Kungenzeka njani ukuba kungenjalo, kwibali le-hacker, "ezimbi" kunye "ezilungileyo" zinegama. I-SVR yiYttrium (Yttrium). KwaMicrosoft, basebenzisa izinto ezingaqhelekanga kwitafile yamaxesha njengegama lekhowudi kwimithombo yokoyikisa. ISebe lezoBuntlola eliSongelayo yi-MSTIC Isichazi sayo kwisiNgesi, nangona ngaphakathi besibiza ukuba siyimfihlakalo (i-mystic) yokufana kwefonetiki. Emva koku, ukulungiselela, ndiza kuyisebenzisa le migaqo.

IMicrosoft v. SVR. Iinyani

Nge-30 kaNovemba ka-2020, iFireEye, enye yeenkampani eziphambili zokhuseleko lweekhompyuter e-US, yafumanisa ukuba ibikhe yanengxaki yokophula umthetho. Njengokuba bengakwazanga ukuzilungisa ngokwabo (ndiyaxolisa, kodwa andinakuyeka ukuthi "indlu yentsimbi, imela yokhuni") bagqibe kwelokuba bacele uncedo kwiingcali zikaMicrosoft. Kuba i-MSTIC ibilandele iinyawo ze-Yttrium, kwayeBabekrokrela kwangoko amaRashiya, uxilongo olwaqinisekiswa kamva ziinkonzo zobuntlola zase-US.

Njengoko iintsuku zihamba, uhlaselo lwafunyanwa lujolise kuthungelwano lweekhompyuter ezibuthathaka kwihlabathi liphela, kubandakanya noMicrosoft uqobo. Ngokwengxelo zosasazo, urhulumente wase-United States wayecacile ekuhlaselweni, liSebe likaNondyebo, iSebe likaRhulumente, iSebe lezoRhwebo, iSebe lezaMandla kunye neendawo zePentagon.imibutho emininzi echaphazelekayo kuluhlu lwamaxhoba. Oku kubandakanya ezinye iinkampani zetekhnoloji, iikontraki zikarhulumente, iitanki zokucinga kunye neyunivesithi. Olu hlaselo alujoliswanga kwi-United States kuphela njengoko luchaphazele iCanada, i-United Kingdom, iBelgium, iSpain, i-Israel kunye ne-United Arab Emirates. Kwezinye iimeko, ukungena kwinethiwekhi kuthabathe iinyanga ezininzi.

Imvelaphi

Yonke le nto iqale ngesoftware yolawulo lwenethiwekhi ebizwa ngokuba yiOrion kwaye yaphuhliswa yinkampani ebizwa ngokuba yiSolarWinds. Ngaphezulu kwama-38000 abaxhasi benkampani kwinqanaba eliphezulu, abahlaseli kuye kwafuneka ukuba bafake i-malware kuhlaziyo.

Nje ukuba ifakwe, i-malware iqhagamshelwe kwinto eyaziwa ngokuba ngumyalelo nolawulo (C2) iseva. Umncedisi we-C2 eYacwangciswa ukuba inike imisebenzi yekhompyuter edityanisiweyo njengokukwazi ukuhambisa iifayile, ukwenza imiyalelo, ukuqala kwakhona umatshini kunye nokukhubaza iinkonzo zenkqubo. Ngamanye amagama, iiarhente zeYttrium zifikeleleke ngokupheleleyo kwinethiwekhi yabo babefake uhlaziyo lwenkqubo yeOrion.

Emva koko ndiza kucaphula umhlathi wegama nezwi kwinqaku likaSmith

Akuthathanga xesha lide ukuba siyiqonde

ukubaluleka kokusebenza ngokubambisana kwezobugcisa kumashishini onke nakurhulumente
evela eUnited States. Iinjineli ezivela eSolarWinds, kwiFireEye, nakwiMicrosoft ziqale ukusebenza kunye kwangoko. Amaqela eFireEye kunye neMicrosoft ayesazi kakuhle, kodwa iSolarWinds yayiyinkampani encinci ejongene nengxaki enkulu, kwaye amaqela kuye kwafuneka akhawuleze akhe ukuthembana ukuba aza kusebenza.
Iinjineli zeSolarWinds zabelane ngekhowudi yemithombo yohlaziyo kunye namaqela okhuseleko ezinye iinkampani ezimbini,
etyhila ikhowudi yemvelaphi ye-malware uqobo. Amaqela ezobuchwephesha avela kurhulumente wase-US akhawuleza aqala ukusebenza, ngakumbi kwi-Arhente yoKhuseleko kaZwelonke (i-NSA) kunye ne-Arhente yoKhuseleko lweCybersecurity kunye neZiseko (CISA) yeSebe lezoKhuseleko lwaseKhaya.

Amagqabantshintshi ngawam. Ukusebenzisana kunye nokwabelana ngekhowudi yomthombo.Ngaba ayivakali iyinto kuwe?

Emva kokuvula umnyango ongasemva, I-malware yayingasebenzi iiveki ezimbini, ukunqanda ukudala ungeniso lwenethiwekhi oluya kulumkisa abalawuli. IpheNgeli xesha, yathumela ulwazi malunga nenethiwekhi eyayosulele umyalelo nolawulo lweseva. ukuba abahlaseli babenomboneleli wokubamba weGoDaddy.

Ukuba umxholo wawunomdla kwiYttrium, abahlaseli bangena ngomnyango wangasemva kwaye bafake ikhowudi eyongezelelweyo kwiseva ehlaselweyo ukuze banxibelelane nomyalelo wesibini kunye nolawulo lweseva. Le seva yesibini, eyahlukileyo kwixhoba ngalinye ukunceda ukuphepha ukufunyanwa, yabhaliswa kwaye yabanjwa kwiziko ledatha lesibini, rhoqo kwilifu leNkonzo zeWebhu zeAmazon (AWS).

IMicrosoft v. SVR. Ukuziphatha

Ukuba unomdla wokwazi ukuba amaqhawe ethu abanike njani abahlali babo oko kufanelekileyo, kwimihlathi yokuqala unawo amakhonkco kwimithombo yolwazi. Ndizokutsiba kanye ukuba kutheni ndibhalela ngale nto kwibhlog yeLinux. Ukungqubana kukaMicrosoft kunye ne-SVR kubonisa ukubaluleka kokuba ikhowudi ifumaneke ukuze ihlahlelwe, kwaye ulwazi ludibeneyo.

Kuyinyani, njengoko ingcali eyaziwayo yokhuseleko lwekhompyuter indikhumbuze ngale ntsasa, ukuba akunamsebenzi ukuba ikhowudi ivulwe ukuba akukho mntu uthatha inkathazo yokuyihlalutya. Kukho ityala elityatyisiweyo lokungqina. Kodwa, masiphinde. Abathengi abangama-38000 abaphezulu babhalisela isoftware yokuthengisa. Uninzi lwabo lufakele uhlaziyo lwe-malware oluveze ulwazi olubuthathaka kwaye lunika ulawulo lwezinto ezinobutshaba kwiziseko zophuhliso. Inkampani enoxanduva Wayenza kuphela ukuba ikhowudi ifumaneke kwiingcali xa wayenamanzi entanyeni yakhe. Ukuba abathengisi besoftware beziseko zophuhliso ezibalulekileyo kunye nabathengi abanovakalelo kufuneka Ukukhupha isoftware yakho uneelayisensi ezivulekileyo, kuba ukuba nomphicothi zincwadi wekhowudi yokuhlala (okanye iarhente yangaphandle esebenzela uninzi) umngcipheko wokuhlaselwa njengeSolarWinds ingaphantsi kakhulu.


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.

  1.   Diego Vallejo indawo yokubamba sitsho
    yenzayo 3 iminyaka

    Kungekudala, uM $ utyhola wonke umntu osebenzisa isoftware yasimahla yamakomanisi, njengakwiMcCarthyism.

    Phendula Diego Vallejo