I work at the courts and manage our ECF system. Our government was very quick to respond, but not sure it matters considering Russians were in the system for 8 months. On top of that, several vendors were exploited VMware and Microsoft. I’ve fought for the federal government to create instead of buy. I continue to fail. It’s becoming increasing obvious the United States needs a privacy branch for data breaches and also for a whole bunch of engineers building out the next generation of apps for a better/smarter government. This is my life’s work, and I will keep trying.
> On top of that, several vendors were exploited VMware and Microsoft.
I haven't really kept up on the latest news about this hack so perhaps I missed an "official announcement" but I had assumed that both Microsoft and VMware were likely additional "attack vectors" as well (after initially "getting in" via Orion).
Microsoft had that NETLOGON issue (CVSS 10.0) a while back and VMware has had at least two (CVSS ~9.8+) "critical" (a.k.a. "drop everything and patch now") issues that I know of in the last several months as well.
Any one of those issues would almost certainly have given an attacker "the keys to the kingdom" (and, from my own experience at least, domain controllers, ESXi hypervisors, and vCenter servers don't typically get updated immediately!).
> I’ve fought for the federal government to create instead of buy.
Unfortunately, that just leads to the Government paying way too much for designed by committee software that isn't compatible with anything that anyone else uses. We've been there before and, IMO, the shift to COTS software was one of the best things to ever happen to U.S. Government agencies.
(On a side note, I've lost a lot of faith in VMware. For something they claim to be "secure by default", there sure have been a shitload of CVEs in the last year or two! Also, just a few months ago, they had to "re-release" patches for a 9.8 because the original patches didn't completely fix the issue!)
The federal government should not create its own operating system, or log system, but it should pour all of its resources into properly securing the systems it uses; weighted by its security risk. Systems running in root or hypervisor space deserve the most scrutiny and sandboxing. A JS app, less so, assuming its run in a secure sandboxed browser in a secure sandboxed operating system.
Attack vectors like Intel ME must die. (There are already DoD- mandated high-assurance flags to disable parts of ME; but megabyte blobs running on ring -1 must go completely so we can secure ring 0).
Isn't that what the NSA is supposed to do? They failed. They seem to have a big enough budget. I don't think they are incompetent. If they stopped stockpiling vulnerabilities and instead actually tried to defend the country, we might get somewhere. I don't think it is for lack of resources, but lack of principle that we are in this problem.
They don't need to create it...just have a variant of Linux. It's what the Chinese government does, and there's probably a good reason for it. However, as long as some Microsoft lobbyist can line the pockets of politicians, or politicians say it's "creating jobs" and government should not interfere w/ private sector business...it won't happen.
Yep, it seems like 90% or more of "their" products are simply open-source code with a web-based front-end that they've slapped on (which is why I refuse to give them any money).
Can we just designate Russia as a rogue state and sanction the fuck out of them already? Annexing Crimea, shooting down MH17, Meddling in the '16 US election, meddling in the Brexit vote, poisoning Navalny, meddling in the '20 US election and now this massive hack. A government should not be able to act like that and still get to to interact normally with the rest of international society.
> Can we just designate Russia as a rogue state and sanction the fuck out of them already?
I have two points on this.
One. The power to sanction is losing the zest it once had. Russia has been building relationships that surpass mere political ties. They'll be fine.
Two. Maybe you don't know you're governments history. Maybe you don't care. I would say ask the middle east and South Americas, the history of any non-EU country that tried building national infrastructure using loans from the world bank and dead democratically elected presidents all over the Levant, Douth Americas and Africa.
Should I especially mention Libya? Did the US want to help Libya from being a top African/Arab nation? What about Venezuela? They're much closer. Are they helping Venezuela?
To your first point: If you look at the kind of reaction the Magnitsky Act got from the Kremlin (cf. that meeting with Don Jr to discuss getting rid of it), it seems that sanctions very much do have an effect on the Putin regime.
To your second point: What kind of whataboutism is this? The US does plenty of dirty deeds and should be called out for it by the rest of the world. That's no reason not to do so with Russia as well. I'm currently reading "The Divide", so I happen to recognize all those coups and dirty deeds you mention - and they are terrible, but also completely inpertinent to the question of holding Russia accountable for its actions on the world stage.
> should be called out for it by the rest of the world
The rest of the world isn't really calling the US out on this out of fear of retaliation. Why aren't you doing it? Are you also afraid of repercussions inside your own country if you call them out? Knowing it's a crime and keeping quiet makes you complicit. Unless you don't actually care about the crime, just the perpetrator, which invalidates the premise of your comment which was:
> A government should not be able to act like that and still get to to interact normally with the rest of international society.
Obviously it can. Other government and the hundreds of millions of people they represent prove it.
> Why aren't you doing it? Are you also afraid of repercussions inside your own country if you call them out?
I am, regularly and to anyone that will listen. And no, I live in a western democracy, so I'm not afraid of the repercussions here for doing so. Please stop your unfounded ad hominem attacks. But for the moment I would like to avoid this whataboutism - if a thread pops up criticizing the transgressions of the US rather than Russia, such as is the topic of this one, then I'll gladly participate there too.
> Can we just designate Russia as a rogue state and sanction the fuck out of them already?
I found my comment and question (which was as honest as possible) rather relevant and in no way an ad hominem attack. Based on your comments I highlighted the fact that it's a biased opinion, thus on very shaky ground and open to be challenged. An opinion that follows people/countries rather than actions/facts is not worth the pixels it's displayed with.
> completely inpertinent to the question of holding Russia accountable for its actions on the world stage
You wave the "whataboutism" flag to get out of any pinch but refuse to accept it's not whataboutism if it hits at your premise. The pertinent reason we can't/shouldn't hold one country (as per your statement) accountable on the world stage is that we don't plan on applying the same treatment fairly to everyone . This degrades the claimed intention of justice, and simply makes this look a blunt tool to be used by some countries against others in order to increase their power, legitimizing any attacks as "defensive" ("They're right to do it after being unfairly punished").
So it's exactly what I said when you "took it personally": we punish the country not the deeds, and this looks less like justice and more like something that justifies any response as defensive. Sure, you can punish selectively with the gun to everyone else's head but it just further strengthens my point.
I stand by my challenge and if you feel that taking it personally or claiming whataboutism at every step helps your case feel free to do it.
And I'll be clear on my position: all superpowers act the same to keep their power. Which is why none of them has to be allowed to get the upper hand over the others. With no checks and balances there's no superpower that will act "decently". At this point the US is the one on top of the pile trying to increase the distance. This makes me feel uneasy not because of the country (of the 3 I feel most comfortable with them there) but because of that "too much power" issue.
> What kind of whataboutism is this? The US does plenty of dirty deeds and should be called out for it by the rest of the world.
If you havent figured out why "the world" doesnt call out the US, then I don't know what to tell you. Perhaps you really do think/believe all that defense spending is just to fight brown people who just a year perviously were herding goats or studying. Maybe you think those gunships and M16s are water cannons and squirt guns respectively.
I don't really know.
> so I happen to recognize all those coups and dirty deeds you mention - and they are terrible,
Do you though?
And who must punish the US and what must the punishment be? Last I checked the US isn't accountable to the ICC or the UN. If you can recommend punishment for a sovereign state on the otherside of planet and claim to understand your shortcomings, what punishment do you deserve and how must it be carried out?
People take a punish the enemy rather than a punish the deed approach so your argument will never make a dent in that. You're fighting against a level of double standards that we haven't seen since the peak of the Cold War. At best you'll be accused of whataboutism.
But this is pervasive in some cultures so it's taken for granted as a valid approach, look at judges even in free, democratic societies who punish people based on color rather than the crime. It's a similar problem albeit with different motives behind it.
US is a hegemony and the strongest nation in every respect. Who would dare slap sanctions on US without being retaliated upon? Consider the Nord Stream[1] for instance - Russians and Germans want it, US does not want it so Nord Stream is dead in the water (literally in this case).
There is not a nation on this planet that could so much as think of sanctioning US and come out ahead.
That would take the USD falling from world currency reserve status - which would be the end of modern finance. That kind of economic collapse would make sanctions irrelevant.
Absolutely, the world should not tolerate aggression or deceitfulness like that from any country. Oh, I nearly forgot about Russia's polonium poisoning in the UK, and the massive state-funded doping program for the 2014 Sochi Winter Olympics where the majority of Russian athletes were doped. It really does feel like the past 7 years, Putin has really been testing the limits of what he can get away with, and sadly the answer so far is "as much backstabbing as he wants". Time for that to change
If you think these are bad, you should see the list of things they did during the Cold War.
Also, how many other countries behave badly and should be "sanctioned the fuck out of"? Once you start looking at each country under a microscope, your list of countries that deviate from "interact normally" is going to get so long that you're really just walling off the G7 from the rest of the world economy - which is something Russia would love us to do.
It should work like the criminal system in most countries do - do a crime, go to prison for X years. Don't do the crime again, and you get to stay out of prison. Sure it might sting a bit until countries learned that doing things like that hurts them more than it gains them. But slightly longer term, the preventive effects should kick in, and we might get some semblance of civility in international affairs. So we wouldn't wall off the G7 from the rest of the world unless they were very stupid and kept committing crimes.
Either way, this system is not feasible without basically a UN replacement. Until then, remember the US' long list of crimes before you call for economically crippling the Russian citizens.
Da comrade, we must discuss the US's transgressions before it would make sense to discuss Russia's.
Edit: Tostino, in case it wasn't clear, this was meant sarcastically, and I precisely wanted to call out the whataboutism, since that is doing Putin's errand, whether trough ignorance or malice.
You are calling to "sanction the fuck out of" Russia, not discuss the country. Before wishing suffering and death upon the Russian people, remember that we are guilty of equivalent or worse crimes.
Here's a hypothetical. Imagine the the Solarwinds hack had been performed by the NSA against a Russian company and the equivalent sections of government Would you call for sanctions against the US?
Yes, I believe all countries that invade, murder or interfere in elections should be sanctioned by the rest of the world in proportion to their transgression. There should be a club for those who play by the rules - and those who don't shouldn't get invited. Practically speaking, currently the rest of the world is too dependent on the US and China to be able to effectively sanction them, and I also hope this will change in the future, because sanctions sure are justified. I wish no suffering upon the Russian people, but they are the only ones that can legitimately (i.e. without invasions) replace their government with one that will play by the rules of international law. The rest of the world has no right to change their government, but we do have a choice of whether we will trade with them or not. So yes, basically any government that acts like a terrorist organization should have the same sanctions heaped on them. And finally, the Magnitsky Act shows that we can actually effectively target those in power in Russia without unduly targeting the economy of the Russian people - so I concede that pursuing that line first would be in order for humanitarian reasons.
We're already doing these things with North Korea and Iran. I don't see any compelling argument why the actions of the Russian government shouldn't land them in the same boat.
> There should be a club for those who play by the rules - and those who don't shouldn't get invited
What are the rules and who writes them? Is supporting hardliner religious fighters in Syria against a dictator but also against every minority is "playing by the rules" or not?
>I believe all countries that invade, murder or interfere in elections should be sanctioned by the rest of the world in proportion to their transgression
So sanction the fuck out of the US too, as we still regularly engage in all three.
>And finally, the Magnitsky Act shows that we can actually effectively target those in power in Russia
>It really does feel like the past 7 years, Putin has really been testing the limits of what he can get away with, and sadly the answer so far is "as much backstabbing as he wants".
The evidence that Magnitsky acts work is dubious in the first placez as your earlier comment shows, but I really don't trust politicians issuing punishments without a trial.
>We're already doing these things with North Korea and Iran. I don't see any compelling argument why the actions of the Russian government shouldn't land them in the same boat
Decades of sanctions in those countries has never led to the kind of political upheaval you're calling for, while causing several hundred thousand deaths. Why subject Russia or yourself to that fate.
No. It makes sense to discuss Russia's as well as the US's. Stop cutting in while we are doing the former. Start your own thread about how terrible the US is. Stop with the whataboutism.
Every single one of the "superpowers" is guilty of this, not just Russia. Russia's just easy to target because it's obviously authoritarian, and thus villainous by default.
The problem is obvious. The solution is not. Sanctions won't help, but I'm not knowledgeable enough to say what WOULD help.
Russia's an easy target because of its history and its positioning against the west, the same is true of China. It's obvious that they're taking advantage of this situation - it directly weakens NATO which directly increases their power. It's not because "they're the big bad." It's because it makes the most logical sense and there is a lot of pretty easily verifiable smoke.
Rouge state? Do you mean like invading sovereign nations? Without being provoked? Without declaring war prior to invasion? And ultimately killing thousands of civilians in the process?
Iraq and Afghanistan - who got super power'ed twice - would certainly agree with you. But their most recent concerns are not Russia.
p.s. The USA has quite a history of election meddling as well.
Absolutely, election meddling and invasions are terrible and should be punished no matter who does them. Currently Russia seems to be the primary perpetrator, so they are the ones that we should be discussing sanctions for. (They also did the most recent invasion, in Crimea). All this "but the US also!" is exactly the kind of whataboutism that Glavset trolls routinely engage in, and it's not constructive at all. Yes, the US plays dirty, as does China, but that's no reason to let Russia do so too.
So you understand every state uses similar dirty tools of power. Where do you start changing that? There is no upside for any big state to unilaterally respect and build international law / UN while others take advantage. It is a mere toothless idea now, these states don't have much incentive to follow it.
As long as they can get everyone to trust them every time they shout "Russia" this won't happen. Step one is to not listen to the propaganda machine, otherwise we'll just exchange one broken system with another. I'm amazed at how almost everyone seems to distrust the government except when it points at Russia. If the government points at Russia, PRC or NK I would take a step back and disregard all information from anyone associated with them and then make up my mind. I don't believe for a second that Russia is behind this unless NSA etc. already knew and did nothing for whatever reason and that's far worse than having Russia access your systems.
"Russia" has turned into an "airhorn" term, one that when deployed stops all further thought. Others: "terrorist", "white supremacist/racist", "sex trafficker" and the perennial favorite, "What about the children?"
In 2016 I believed the conservative talking point that Russia was just an excuse the Democrats were using for losing the 2016 election.
Then Paul Manafort went on TV and gave the most unconvincing denial in the history of denials (That's what I sai... that's what he sai... that's, uhh, obviously what our position is.) Then Trump Jr preemptively tweeted soon-to-be-leaked emails detailing that they had in fact met with the Russians. Then the Muller investigation turned over a hundred other connections. Then, over the next four years, POTUS lifted the Magnitsky sanctions and turned a stubbornly blind eye every time Russia did something stinky, often directly contradicting public statements made minutes before/after from his own office.
Anyway, point is: there's an extremely powerful propaganda machine dead set on deflecting attention away from Russia, and that's concerning. More proof one way or another is always better, but this whole "there is no amount of evidence that can convince me Russia did it" trend is a problem.
> Officials and others w/ knowledge have said the evidence of Russian culpability is overwhelming and that the view in the admin is "pretty unanimous."
Russia seems to be the go-to nation to be blamed for hacking activity, and so I am by default skeptical. Is there actual evidence of it being a Russian state attack or was Russia
blamed out of habit?
Skepticism of course stems from decades of government lies and misrepresentations of truth in order to justify horrendous actions ie. what was done to Iraq, Lybia, Syria.
While I do agree that Russia is use a lot as a scapegoat for the embarrassing failures of our political system; on terms of pure espionage Russia is probably the true culprit. They have been our equals in spycraft through the cold war, and due to the current Russian president being ex-KGB it's safe to say they are probably very favored in their current administration. Espionage is one of Russia's core competencies, it's just how it is.
(Note I'm talking about espionage in the information gathering sense, not the overthrowing of regimes action movie sense)
> . Espionage is one of Russia's core competencies, it's just how it is.
I really question this assessment. Russia is not USSR, not by a long shot. Russia has lost an entire generation of the most educated people it did have, and I see no evidence that it ever recovered or will ever recover. Economically tiny and outright insignificant Russia simply isn't capable of developing serious technological capabilities to rival that of the US.
By focusing on digital warfare, Russia can have a larger impact than their GDP would have you think.
It's not that the USA couldn't match them, it's just that Russia has made it more of a priority. Tactically speaking, it's an excellent force multiplier with (varying degrees of) plausible deniability.
It's not just the federal government — the problems with ransomware in healthcare are the same problem. Similar issues are emerging at the state level in places like universities, which used to roll out platforms all the time, individually or collectively.
This solarwinds breach feels like it might spiral into one of the major new stories this year with it’s likely legs. Really depends on how much data was snapped up. It’s like an onion each layer bringing more tears.
Teams in particular recent had a massive security breach where the client could be drive through exploited to own whole orgs and any org connected via guests, right?
Same here. I do understand disliking Teams if you have used the more clunky alternatives, Skype for business for example. Overall though, I find it more useful than before if only because the cultural change it’s leading in my company where more direct communication is now being encouraged instead of Japanese business emails with 10 extra lines of boilerplate and extreme business language tacked on.
Honestly wouldn't expect much from government systems that are built by whichever contractor has the best connections and lowest price rather than best code.
That is a negative, not a positive. The amount of breaches, fraud, etc. that has happened in that category is insane. Would you say the same if it were Equifax?
I'm still trying to decide if its like the Equifax one and its back to business as usual in months or if they lose credibility entirely. Depends how locked in their customers are.
Since Equifax is one of three credit reporting agencies it's basically invincible. Solarwinds doesn't really have that kind of protection from the US government. Especially not since this has been directly affecting them.
I don’t disagree but what is the government’s alternative here? I just don’t see them being able to quickly pull off such a massive change in vendors if Solarwinds goes under. They’re like the government contract equivalent of “too big to fail”.
Good point. The fact that Equifax is back to business is so disappointing - one would have hoped that the industry would get an overhaul. I agree with another commentator that the market structure is fundamentally different though so it seems, on the surface, that this could sink the ship.
>Developed by network and systems engineers who know what it takes to manage today's dynamic IT environments, SolarWinds has a deep connection to the IT community.
>The result? IT management products that are effective, accessible, and easy to use.
If you read an indictment such as this Indian tech support scam from last month, they nabbed multiple guys in different airports on different flights, presumedly using sealed court orders combined with scanning names of aircraft passenger lists, then having appropriate federal or local police at the airport to handle the arrest upon boarding or deboarding.
The Russians or whoever it was could use this to warn individuals (ie state hackers) from flying because of sealed arrest warrants for very serious cases.
This is very serious indeed. And that’s only one scenario.
> over a nine-month period beginning in August 2018, he routed nearly 20,000 “Tech Fraud” scheme calls to call centers in India. Many of the callers hung-up shortly after making contact with a call center operator. However, approximately 7,524 callers remained on the line with call center operators for more than 20 minutes.
30% made it to >20 mins? Even on my best day, I can’t keep them on for more than 5 minutes.
Indeed, IIRC some of his work has exposed spreadsheets showing people being scammed out of hundreds of thousands of dollars, and these call centers easily make 5 figures a month just extracting money from the unknowing.
"Kitboga" on YT manages to keep scammers on call for hours and hours, quite amusing that in the end he's the one gaining monetarily as his videos sometimes get millions of views.
> "Kitboga" on YT manages to keep scammers on call for hours and hours, quite amusing that in the end he's the one gaining monetarily as his videos sometimes get millions of views.
At some point, you begin to wonder if they’ve started to script calls for max lols.
I believe they're referring to a popular image of conspiracy theorists who have corkboards with newspaper clippings, pictures, and maps pinned on it, and red yarn connecting various things.
Like what? I'm not a lawyer, but I can only think that if they have any intelligence assets that were about to get slapped with charges, they can whisk them out before the alphabet soup boys come and round them up.
They could go to anyone important who is under investigation/has been indicted but doesn’t know it yet, tell them, then have them do things (data dump from your employer, etc) in exchange for help fleeing the US to Russia.
Blackmail. Virtually all sealed court records are sealed because someone would be harmed if revealed. How many elected officials are out there with sealed depositions alleging sexual assault, etc...?
Sealed documents for ongoing cases being on a server, fine. But for closed cases? Those should only be in hard copy. Indices, at most, could be digital.
An air gap would significantly increase security, but it would also significantly increase the cost of reviewing the sealed documents. I’m unsure how frequently those files should be read, but an air gapped disk storage would make sense for highly sensitive or rarely accessed and sensitive documents.
Pretty much none of the library controllers have options to prompt the user before moving a tape. That is after all the advantage of a _robot_ vs just having a human take it off the shelf and stick it in the drive.
So, no "air gapping" a tape library is called tape export, where the tapes are ejected into a port for the operator to stick on the shelf, or ship to cold storage.
> Under the AO’s new procedures, highly sensitive court documents filed with federal courts will be accepted for filing in paper form or via a secure electronic device, such as a thumb drive
Related: JBIG2[0]. Xerox had some scanners that compressed the image to JBIG2, but the compression algorithm was so aggressive, numbers would be corrupted. Very bad for things dealing with money.
Correct! You can't even open a detailed scan or picture of a bill in Photoshop (gave me quite a shock when I tried it and was greeted with a very serious looking warning). See this video: https://www.youtube.com/watch?v=ajm1Rgu-0x0, the work that goes into fiat currencies is tremendous.
Why are we only hearing about these breaches in the US? Whoever exploited this weakness, must have attacked all targets in Europe, Asia, etc. Are they keeping it quiet somehow? Or maybe they aren't as good at identifying the breaches?
I guess they are just slower or more incompetent. The German federal government is still counting the number of Solarwinds installations, not all ministries have answered their questions yet...
And from everything I've seen from government policy, they actually don't want to defend because that would mean securing common software that "the enemy" also uses, closing their own avenues of attack. You can't really have an arsenal of exploits at hand without acknowledging that by keeping them secret, you're making your own people less safe.
There's a couple of interesting problems in Law that come up, as a result of this.
In order to explain them more effectively, let's suppose that for the purposes of discussion that you are Mark Zuckerberg and that you run Facebook...
OK, so when you start Facebook, you make a promise to users, and that is, that their data that will be confidential, that is, only shared with parties that they give explicit permission to share that data with, and no one else, never.
In other words, that you will respect users' privacy.
This becomes part of the agreement you make with all new users, it becomes part of the user agreement -- the CONTRACT you made with them.
You engineer the system such that it will respect those rules, and you assume that nothing possible can go wrong.
But then later on, you realize that all of this was not as foolproof as you had once thought.
That's because Government, via it's Police and Lawyers, and it's NSL's and other legal instruments -- are now requesting information from you about your users, to solve criminal cases, but they're asking you to keep silent about user data you give them, basically because you were coerced by their Lawyers.
You begrudgingly turn over the data and keep silent about it, that is, you respect the Law -- but deep in your mind, in your conscience -- you know that something about this whole thing is very, very wrong.
You see, the problem that now occurs, legally, lawfully, morally and ethically -- is now that basically YOU'VE VIOLATED THAT CONTRACT YOU MADE WITH YOUR USERS.
You broke that CONTRACT.
And you also destroyed that trust.
You told people that a future set of events was going to happen (that their data would be kept private), that they relied on in making the decision of whether to give you their business or not, to give you their eyeballs or not, and YOU BETRAYED THAT TRUST.
YOU BROKE THAT CONTRACT
You didn't do it intentionally -- you had no way of knowing what future circumstances would turn out to be, but nonetheless, those circumstances resulted in YOUR BREACH OF CONTRACT.
That's because explicity or implicity or in both ways, YOU AGREED TO THAT RESPONSIBILITY.
THAT YOU WOULD PROTECT USERS
And because of circumstances, YOU DIDN'T
But nonetheless, YOU AGREED TO THAT RESPONSIBILITY.
Now, if you understand all of that... then here's the next piece of understanding...
The sealed court records -- are no different than Facebook user data in the above example.
The Court -- had a CONTRACT -- implicit, explicit (heck, I'll let Lawyers figure it out) -- TO KEEP THOSE DOCUMENTS SEALED.
Even though it was a third party, a set of circumstances, that caused the breach of that CONTRACT,
THERE STILL WAS A BREACH OF CONTRACT.
See?
Even though the players and the parts and the modes and the mechanisms are different, THERE STILL WAS A BREACH OF CONTRACT.
The Court contracted, CONTRACTED that it would keep these records confidential (compare Attorney-Client privilege), and they basically BROKE THAT CONTRACT.
What you have here is grounds for a super-big-ass CLASS ACTION LAWSUIT.
I'll let all of the Lawyers (aka "Bar Association Members") attend to that.
My point is simply this:
If you're running an online service in this day and age, if you have users, you cannot, CANNOT make any guarantees of privacy to them. Your best bet is to be honest and tell them that you'll take all the security best practices you can on your end, but at the end of the day, even that is no guarantee against a data breach, wanted or unwanted, done via lawful or unlawful means, executed by the Government or hacker group, or whomever.
YOU CANNOT GUARANTEE PRIVACY IN THIS DAY AND AGE.
It would be simpler just to be honest and up-front to all of your users and simply tell them that, EVEN IF as a result of this they stopped doing business with you, or using your website, or whatever.
You'd get a lot more sleep at night -- if you had a clear conscience...
If the Court (or any other entity, Government, Corporation, Person) makes promises to anyone else, implicitly or explicity, while those promises might not be written down, those promises constitute a CONTRACT.
Jetbrains says they had not been contacted by law enforcement.
On yesterday's thread it said that Team city was only used, in the intended fashion, as the delivery mechanism for the malicious payload. Kinda like blaming ftp when a hacker uses it to upload a payload.
I'm sure that Solarwinds uses many more developer tools than what Jetbrains supplies. But only Jetbrains was "founded by Russians" so the NYT leads with that.
Though they've provided no reason to suspect JetBrains, nor have they said who is "investigating" the company, the article does say they may be compromised. If you rely on their software, it's probably a good idea to make sure you have a mitigation plan ready.
There is a somewhat higher chance of a critical security issue being announced for their software over the next month compared to January of last year. The accusation is unreliable, but it's a good idea to ensure you are prepared.
