01 January 2025
Fifteen Minute County
Advanced Persistent Threat
Afternoon! A disjointed start to what we hope will be a more jointed year than the one just passed!
N-o complete word on the vehicle attack down on Bourbon Street. It was not as bad as the one in Germany last week, but that is now last year’s news. We will have more on this one once we figure out what sort of terror was supposed to be generated.
Some of the Boomers had lowered the ball on 2024 just after the sun went down and the prescribed medications administered. They were gone shortly thereafter. Some of the younger ones watched Fox and drank Brandy until the fireworks went off down the block and they realized there wasn’t going to be a ball falling on the Big Screen because the New Year’s special was taped before Christmas.
So, by the time all the watches were checked and a replay of the Times Square went down, the ladies were coming back with Eddie and Jack from the Clarendon Ballroom. That is what the story was going to be about. The Ballroom had been a fixture in Clarendon since the DIA operated the big building at 3160 on the Boulevard.
The Ballroom was a convenient place, like Carpool, but closed in 2020 the last time the Fifteen Minute County changed management.
It is back open with management who used to run Bravo's “Real Housewives of Potomac.” There will be more on that but none of the young people are up yet.
Instead, we are going to talk about Anne Neuberger, is the White House’s deputy national security adviser for cyber and emerging technology. She is one of Kristina’s heroes, and a woman Melissa follows as part of career building in this town, since she has done some that crosses the trajectory of the two younger women in the de facto community who are replacing the boomers who had a wild time with the legacy of the Greatest of whom there are now, thankfully none left to remind us of how foolish we are.
That job has fallen to a third-party software service company, BeyondTrust, notified the Treasury Department before Happy Hour yesterday that hackers had obtained a security key permitting remote access to certain departmental workstations and the documents contained.
No specifics were provided, except that was not a classified network. The incident was attributed to China-sponsored Advanced Persistent Threat (APT) actors and is considered a major cybersecurity incident.
The admission by the Department comes at a particularly sensitive moment as the Biden White House is also dealing with one of the most far-reaching compromise of the digital age.
Which leads us to the term “Salt Typhoon.” It is one you should know about. Hacks from this organization started this round of messaging for at least two years.
This round began with the recent specific revelation of compromise at subcontractor BeyondTrust at Treasury. They claim to be a multi-identity cyber and access control authority. That was only the start. Nine major US telecommunications companies along with dozens in other countries had been penetrated. So, this is something a little larger than just Uncle Sam’s piggy bank having a crack in it.
It is our phones, too.
Anne says the breaches occurred in large part due to industry failures to implement rudimentary cybersecurity measures across their IT infrastructure. We turned off our phones for a while to be safe.
Anne would know something about safety. She came into Government just at the time the Boomers currently in the group were retiring from honorable service to concentrate on the social side. Her grandparents survived the Holocaust and left Europe for Boro Park in Brooklyn, and that is where the American adventure began. She came out of Columbia with honors and the creds to gain a White House Fellowship, and ten years of a meteoric rise in the National Security Agency.
That would require a treatise on how and why things work the way they do at Fort Meade, but suffice it to say that she was selected as the first Risk Officer in a multi-thousand person organization devoted to preventing exactly that.
With a decade of that international experience, she did time with financial organizations at risk.
In her recent briefing, she shared more details on some of the flaws that have been uncovered in telecom systems, which allowed the threat actors to carry out their attacks.
In one response case the hackers obtained credentials to a ‘system administrator’ account with access to over 100,000 routers. Not computers. The routers that connect them. The group erased logs of their actions, and the logs that did remain were inadequate to trace back the full dimensions of the campaign.
So, we start the new year with the idea that Anne will probably be looking for some sort of position on the other side of the revolving door of regulators and regulated here in town. Anne already has a home, but may want to go back to New York City, which is an easy ride of the Acela out of Union Station. Melissa has sworn to check.
There may be time for some folks to relax soon with other people getting real busy, and that is not just the APL folks, you know? It’s a new year. We have to get rolling! It is a New Year!
Copyright 2025 Vic Socotra
www.vicsocotra.com