Oops
10 replies (most recent on top)
@gz How so? I'm curious how Incident management would get any type of fallback here... Dell was hacked. Nothing was taken offline and nothing went down so I'm honestly curious how this would have affected you?
@eg let's not forget either that incident management has to deal with the fallout too
@eg what's new... really could happen at anytime in Dell but remember what it was like before the factories were locked down with the possibility of sending infected PCs to customers?
@ad lol yeah but, that's just what DELL is saying. For all anybody knows they DID get a ton of valuable data. Most companies would never admit to having valued data stolen so, while it may have been fake data; we will never actually know.
If dell were to admit that a hacker(s) did in fact steal a lot of valuable info/data then it'd tank their stock. It'd make clients lose trust and they'd lose clients. It'd cause a financial chaos.
But, since we don't actually know... I feel it's more safe to assume that the hacker(s) DID steal sh-t and dell is just saying it was fake to save face.
@ad Yeah because they hacked their way into a honeypot. But in order to do that you still need to find out and figure out internal networks and how they work... at least to some extent. Meaning, while they may have ended up at a fake network/computer/whatever that had a load of fake data, they still managed to get past the VPN's, and loads of other devices; which means they figured out how to bypass/enumerate, and exploit vulns within dell.
You can't get to a "honeypot" without first breaking through the initial barrier, which assuming it's an external threat... would be the VPN. Now that the hackers are aware they got a bunch of fake stuff since dell stupidly chose to announce lol,
they'll devise a new plan but already know how to get through the "barrier." They know and have dells internal IP ranges/networks at this point - or at least a very good idea of them. They know what systems are fake now. They know what users are fake. They know a lot of things. They likely know a LOT of things at this point and again, since dell stupidly chose to confirm a security breach and said everything "stolen" was "fake.." Which was D-MB AF lol. I could go on and on with this because I have been a cyber engineer for 15 years at dell (and various companies,) IMPO dell shouldn't have confirmed anything.
Like I said, this likely could have been prevented if dell gave cyber a real budget to you know... improve sh-t? But nope. Cyber isn't bringing in money so let's forget about the one group who quite literally protects EVERYTHING at a company!
@c0 lol no, this happened like 90 days ago at least as we got an email about it and, nothing was "stolen." (at least that's what we were told..)
the hackers hacked into a honeypot ( a realistic looking network that is full of fake data, users, accounts, etc...) which is common in any half decent company because if you don't have a honeypot then, you have a dogpoop security team/company lmfao.
Now obviously, nobody will ever ACTUALLY know if this data was legit or not because why would they admit to it?
It was a security breach nonetheless and regardless of if it was all fake data or not; they penetrated Dell and got far enough into dell to get to the honeypot. Which is never a good thing.
Idk, maybe... just MAYBE if dell quit being penny pinching j ews and ponied up a budget for cyber, this could have been easily prevented... But nope, year after year after year, cyber is told "sorry, you don't have a budget this year" but then, when something like this happens... guess who's fault it is?
Give us money to improve our infrastructure, firewalls, get licenses for better/updated technology, etc... I mean sure, we may not make a penny for dell but guess who's protecting every single penny from being stolen? Guess who's doing their best with a SH-T budget to protect hackers from stealing info and data? It's not sales or marketing.
Of course they didn't. This is Dell after all.
this happened a couple weeks ago.
maybe they can fix all the code and sell it back to us.
@OP it doesn’t seem like they got anything of value, still, not great they got anything at all.