Chinese Hacked Pulse Secure VPN

Comments Off on Chinese Hacked Pulse Secure VPN

Over the past several months, Chinese government cyberespionage groups, have been breaking into the networks of government agencies, defense companies, hospitals and financial institutions from the United States of America and Europe by exploiting vulnerabilities in VPN appliances from zero-trust access provider Pulse Secure. The flaws date from 2019 and 2020, but one was unknown until this April 2021.

These attacks represent the latest cybersecurity crisis to hit the United States of America, following the SolarWinds intrusion campaign by Russia’s foreign intelligence service and massive attacks on server software exploits that Microsoft has attributed to Chinese state-sponsored hackers.

The attackers who exploited Pulse Secure are extremely sophisticated and used their access to steal account credentials and other sensitive data belonging to victim organizations, said Charles Carmakal, FireEye’s senior vice president.

“These actors are highly skilled and have deep technical knowledge of the Pulse Secure product,” Carmakal said.

 Pulse Secure Head in Sand

The .com was bad, today it is unimaginable. The rush to be first to market has created a hacker’s paradise.

As a software developer with over 25 years experience in technology, 20 of which in enterprise software development including cyber security with local, state, and federal governments, federal law enforcement and power companies this situation is horrible, and preventable.

I remember back in 1999 when I worked for Sierra computer systems (Accela) I set up a VPN between the west coast office in California with the new east coast office in Maryland to support the Y2K crisis upgrading government software systems to Y2K compliance. I worked with Cisco and Microsoft on their VPN software issues. We had a T1 in California and an ISDN in Maryland. The VPN was never compromised. This is not rocket science.

We as a nation cannot have people that clearly should not be in technology, have no clue on securing basic VPN systems, want to put any personal data in the cloud, giving any technology advice, sitting on any technology panels, patting themselves on the back, and thinking block chain is sustainable.

A few questions with regard to this horrible situation:

1) Are your development teams outsourced to China?
2) Open-Source code being used?
3) Are you a huge supporter of the Cloud?
4) Do you love VMware and Hypervisors?
5) Did you sell your soul to Venture Capital Investors like Siris Capital wanting huge returns on their investment of $250 million plus?

Obviously if your VPN software is compromised you have no business being in network security.

The rules of the internet have not changed. The rules to secure VPN systems regardless of what hardware is being used has not changed for the worst unless you allowed it to.

What has changed is the level of intelligence of the people in technology, the laziness of outsourcing instead of writing your own code from scratch, and impatient greed.

The Chinese are not stupid, just like any crook is not stupid. If you are going to park an expensive car in the ghetto it will most likely get stolen, especially if you leave the engine running and the car door unlocked.

The internet is the ghetto, your data is the car. These security systems like Pulse Secure appear to be a just make you feel good warning sticker in the car window that is obviously printed in China that does nothing, except give stupid people a false sense of security.

Stickers are cheap, real security systems are not. In this case it appears this Pulse Secure sticker was being represented as a real security system. This is not rocket science.

Sadly, I personally work more on cyber security over the last 2 years than anything else, we all joke that we will run out of good IP addresses, they all are bad! Version 4 and Version 6 all bad.

If a normal person would see just 24 hours of one of our production public web server’s TCP malicious traffic logs, I am confident he or she would probably rethink their use of the internet, especially placing any valued data in a cloud server.

I used to really think about how evil humans are when combating the millions and millions of daily attacks, and the huge resources being used in all of this.

The internet is evil, it is unsafe, just when you think you got it covered you get blindsided by attacks from Amazon web services, or Microsoft Cloud that the hackers are using.

Then you have all the sheep out there going to your systems with all their troll and spy bots following them, and then the denial-of-service attacks start rolling in.

The time is near to head off to the Atlas Mountains of Morocco and join the Berbers, because unless the United States gets its head out of the sand, it is game over for most of their government agencies and financial institutions.

References:

Reference 1: csoonline.com – Spy Groups Hack into companies

Reference 2: yahoo.com – China Linked Hackers Used Pulse

Reference 3: cnn.com – Fireeye Pulse Secure VPN Exploit

Reference 4: enterprisenetworkingplanet.com – Juniper Completes Sale of Junos Pulse Secure

Contact us today toll free 1-888-392-9623 to find out more on how Adept Technologies can save you money by utilizing our services and software technology.

Adept Media

Adept Technologies Inc.