bodyType

customContents

entityId

printArticlePageQuery

filter

article

body

urlAlias

articleSectionsContent

articleSeoArticle

articleSourceHeaderArticle

contentSchemaRenderContent

contentSubHeadlineContent

contentHeadlineContent

mainImagePrintArticleArticle

authorBlockPrintArticleArticle

contentSponsorTagContent

articlePianoPaywallContent

scmpYoutubeContent

hooksTrackPageViewArticle

query printArticlePageQuery(
  $entityId: String!
  $customContents: [CustomContentInput]
  $bodyType: BodyFormatTypeEnum
) {
  article(filter: {entityId: $entityId}) {
    entityId
    body(customContents: $customContents, type: $bodyType) {
      json
    }
    urlAlias
    ...articleSectionsContent
    ...articleSeoArticle_3o8td4
    ...articleSourceHeaderArticle
    ...contentSchemaRenderContent
    ...contentSubHeadlineContent
    ...contentHeadlineContent
    ...mainImagePrintArticleArticle
    ...authorBlockPrintArticleArticle
    ...contentSponsorTagContent
    ...articlePianoPaywallContent
    ...scmpYoutubeContent
    ...hooksTrackPageViewArticle
    id
  }
}

fragment articlePianoPaywallContent on Content {
  __isContent: __typename
  ...hooksPaywallPromiseContent
}

fragment articleSectionsContent on Content {
  __isContent: __typename
  sections {
    value {
      ...helpersCheckIfNewsSectionInFirstIndexSection
      ...entityLink
      name
      id
    }
  }
}

fragment articleSeoArticle_3o8td4 on Article {
  ...hooksArticleSeoArticle
  ...helpersCheckIsPostiesArticle
  ...helpersGetArticleTypeArticle
  entityId
  publishedDate
  updatedDate
  summary {
    text
  }
  subHeadline {
    text
  }
  body(customContents: $customContents, type: $bodyType) {
    text
  }
  keywords
  sections {
    value {
      name
      id
    }
  }
  topics {
    name
    entityId
    id
  }
  urlAlias
  authors {
    name
    id
  }
  images {
    style(filter: {style: "768x768"}) {
      url
    }
  }
  readingTime
}

fragment articleSourceHeaderArticle on Article {
  urlAlias
  ...entityLink
}

fragment authorBlockPrintArticleArticle on Article {
  ...defaultArticleDateContent
  ...authorNamesArticle
}

fragment authorNameAuthor on Author {
  ...entityLink
  name
  entityUuid
}

fragment authorNamesArticle on Article {
  authorLocations
  authors {
    entityId
    location
    ...authorNameAuthor
    id
  }
}

fragment blockquoteQuoteContent on Content {
  __isContent: __typename
  ...contentShareWidgetContent
}

fragment checkersCheckContentContainsStarlingImageContent on Content {
  __isContent: __typename
  topics {
    entityId
    id
  }
}

fragment contentHeadlineContent on Content {
  __isContent: __typename
  headline
  socialHeadline
  ...contentHeadlineTagContent
  ...helpersUseContentSponsorContent
}

fragment contentHeadlineTagContent on Content {
  __isContent: __typename
  ...hooksContentHeadlineTagContent
}

fragment contentNewsletterWidgetContent on Content {
  __isContent: __typename
  topics {
    relatedNewsletters {
      ...helpersMassageToNewsletterItemNewsletter
      id
    }
    id
  }
  sections {
    value {
      relatedNewsletters {
        ...helpersMassageToNewsletterItemNewsletter
        id
      }
      id
    }
  }
  ... on Article {
    relatedNewsletters {
      ...helpersMassageToNewsletterItemNewsletter
      id
    }
  }
}

fragment contentSchemaRenderContent on Content {
  __isContent: __typename
  ...blockquoteQuoteContent
  ...imageContent
  ...inlineWidgetContent
  ...photoGalleryWidgetContent
  ...scmpYoutubeContent
}

fragment contentShareWidgetContent on Content {
  __isContent: __typename
  entityId
  urlAlias
  shortUrl
  socialHeadline
  headline
}

fragment contentSponsorTagContent on Content {
  __isContent: __typename
  ...helpersUseContentSponsorContent
}

fragment contentSubHeadlineContent on Content {
  __isContent: __typename
  subHeadline {
    json
  }
  summary {
    json
  }
  ...contentSchemaRenderContent
}

fragment defaultArticleDateContent on Content {
  __isContent: __typename
  ...hooksArticleDateUtilsContent
}

fragment entityLink on BaseWithApplicationAndUrlAlias {
  __isBaseWithApplicationAndUrlAlias: __typename
  __typename
  entityId
  entityUuid
  urlAlias
  urlRedirect {
    toUrl
    id
  }
  application {
    entityId
    id
  }
  ... on Section {
    fullSectionPath {
      entityId
      id
    }
    parentSection
  }
  ...helpersAppBarVariantBase
  ...helpersApplicationBase
  ...helpersCheckIsPlusArticle
  ...helpersStyleSectionContent
}

fragment helpersAppBarVariantBase on BaseWithApplicationAndUrlAlias {
  __isBaseWithApplicationAndUrlAlias: __typename
  ...helpersCheckIsLiveArticle
  ...helpersCheckIsPlusPage
  ...helpersCheckIsPostiesArticle
  ...helpersCheckIsPostiesPage
  ...helpersCheckIsPostMagazineArticle
  ...helpersCheckIsStyleArticle
  ...helpersSectionContent
  ...helpersStyleSectionContent
}

fragment helpersApplicationBase on BaseWithApplicationAndUrlAlias {
  __isBaseWithApplicationAndUrlAlias: __typename
  ...helpersCheckIsPostiesArticle
  ...helpersCheckIsPostiesPage
  ...helpersCheckIsPlusPage
}

fragment helpersCheckIfNewsSectionInFirstIndexSection on Section {
  name
}

fragment helpersCheckIsAmpEnabledArticle on Article {
  entityId
  types {
    value {
      entityId
      id
    }
  }
  sections {
    value {
      entityId
      id
    }
  }
  disableOffPlatformContent
  sponsorType
  published
  ...helpersCheckIsPlusArticle
  ...helpersCheckIsPostiesArticle
}

fragment helpersCheckIsLiveArticle on Article {
  flattenTypeIds
  liveArticle {
    status
    id
  }
}

fragment helpersCheckIsMainTopicContent on Content {
  __isContent: __typename
  topics {
    entityId
    id
  }
}

fragment helpersCheckIsPlusArticle on Content {
  __isContent: __typename
  ... on Article {
    paywallTypes {
      entityUuid
      id
    }
  }
}

fragment helpersCheckIsPlusPage on Page {
  urlAlias
}

fragment helpersCheckIsPostMagazineArticle on Article {
  sections {
    value {
      entityId
      id
    }
  }
}

fragment helpersCheckIsPostiesArticle on Article {
  sections {
    value {
      entityId
      id
    }
  }
}

fragment helpersCheckIsPostiesPage on Page {
  urlAlias
}

fragment helpersCheckIsStyleArticle on Content {
  __isContent: __typename
  sections {
    value {
      entityId
      id
    }
  }
}

fragment helpersGetArticleTypeArticle on Content {
  __isContent: __typename
  ... on Article {
    types {
      value {
        entityId
        id
      }
    }
  }
}

fragment helpersMassageToNewsletterItemNewsletter on Newsletter {
  entityId
  name
  alternativeName
  description {
    text
  }
  summary {
    text
  }
  homepageDescription {
    text
  }
}

fragment helpersSanitizeArticleTypeEntityIdsArticle on Article {
  types {
    value {
      entityId
      id
    }
  }
}

fragment helpersSanitizeAuthorTypesArticle on Article {
  authors {
    types
    id
  }
}

fragment helpersSanitizedAuthorEntityIdsArticle on Article {
  authors {
    entityId
    id
  }
}

fragment helpersSectionContent on Section {
  fullSectionPath {
    entityId
    id
  }
}

fragment helpersStyleSectionContent on Section {
  fullSectionPath {
    entityId
    id
  }
}

fragment helpersUseContentSponsorContent on Content {
  __isContent: __typename
  topics {
    entityId
    sponsor {
      ...sponsorTagSponsor
      name
      type
      id
    }
    id
  }
  ... on Article {
    sponsorType
  }
  ...helpersCheckIsMainTopicContent
}

fragment hooksArticleDateUtilsContent on Content {
  __isContent: __typename
  createdDate
  publishedDate
  updatedDate
}

fragment hooksArticleSeoArticle on Article {
  ...helpersCheckIsPostiesArticle
  ...helpersCheckIsPostMagazineArticle
  ...helpersCheckIsStyleArticle
  ...hooksContentHeadlineTagContent
  ...helpersCheckIsAmpEnabledArticle
  entityId
  headline
  socialHeadline
  types {
    value {
      entityId
      id
    }
  }
  authors {
    entityId
    id
  }
  images {
    generic_og: style(filter: {style: "og_image_scmp_generic"}) {
      url
    }
    styles(filter: {styles: ["og_image_posties_article", "og_postmag", "og_image_style", "og_image_scmp_analysis", "og_image_scmp_explainer", "og_image_scmp_editorial", "og_image_scmp_fact_check", "og_image_scmp_debate", "og_image_scmp_live", "og_image_scmp_obituary", "og_image_scmp_opinion", "og_image_scmp_review", "og_image_scmp_series", "og_image_scmp_generic"]}) {
      url
      style
    }
    type
  }
  urlAlias
}

fragment hooksContentHeadlineTagContent on Content {
  __isContent: __typename
  __typename
  ... on Article {
    types {
      value {
        name
        entityId
        description {
          text
        }
        id
      }
    }
    ...helpersCheckIsStyleArticle
  }
  flag
  sections {
    value {
      name
      id
    }
  }
  ...hooksContentHelperContent
}

fragment hooksContentHelperContent on Content {
  __isContent: __typename
  ...helpersSanitizeArticleTypeEntityIdsArticle
  ...helpersSanitizeAuthorTypesArticle
  ...helpersSanitizedAuthorEntityIdsArticle
  flag
}

fragment hooksPaywallPromiseContent on Content {
  __isContent: __typename
  entityId
  ...helpersCheckIsPostiesArticle
}

fragment hooksTrackPageViewArticle on Article {
  entityId
  publishedDate
  headline
  sections {
    value {
      name
      id
    }
  }
  urlAlias
  authors {
    name
    id
  }
  entityUuid
}

fragment imageContent on Content {
  __isContent: __typename
  headline
  ...checkersCheckContentContainsStarlingImageContent
}

fragment inlineWidgetContent on Content {
  __isContent: __typename
  ...contentNewsletterWidgetContent
}

fragment mainImagePrintArticleArticle on Article {
  images {
    title
    url
    isSlideshow
    size_652x446: style(filter: {style: "652x446"}) {
      url
    }
  }
}

fragment photoGalleryDialogContent on Content {
  __isContent: __typename
  __typename
  ...contentShareWidgetContent
}

fragment photoGalleryWidgetContent on Content {
  __isContent: __typename
  ...photoGalleryDialogContent
}

fragment scmpYoutubeContent on Content {
  __isContent: __typename
  entityId
  urlAlias
  publishedDate
}

fragment sponsorTagSponsor on Sponsor {
  name
  type
  images {
    url
  }
}


sections

types

disableOffPlatformContent

sponsorType

published

headline

socialHeadline

authors

images

publishedDate

updatedDate

summary

subHeadline

keywords

topics

readingTime

authorLocations

entityUuid

Reuters

A former security adviser at the IT monitoring and network management company SolarWinds said he warned management of cybersecurity risks and laid out a plan to improve it that was ultimately ignored.
In a 23-page PowerPoint presentation reviewed by Bloomberg News, Ian Thornton-Trump recommended to company executives in 2017 that SolarWinds appoint a senior director of cybersecurity, and said he told them that “the survival of the company depends on an internal commitment to security”.
The following month, he terminated his relationship with the company, saying he believed its leadership wasn’t interested in making changes that would have “meaningful impact.”
Thornton-Trump, as well as a former SolarWinds software engineer who talked to Bloomberg News, said that given the cybersecurity risks at the company, they viewed a major breach as inevitable. Their concerns about SolarWinds are shared by several cybersecurity researchers, who discovered what they described as glaring security lapses at the company, whose software was used in a suspected Russian hacking campaign.
“My belief is that from a security perspective, SolarWinds was an incredibly easy target to hack,” said Thornton-Trump, now the chief information security officer at threat intelligence firm Cyjax.
Joe Biden aide promises severe response to Russia hacking
Last week, the Austin, Texas-based SolarWinds found itself at the centre of the largest cybersecurity attack in recent memory. Suspected Russian hackers breached the internal networks of at least 200 customers, including US government agencies and an as-yet-unknown number of private companies, a cybersecurity firm and people familiar with the investigation told Bloomberg.
In an operation that cybersecurity experts have described as very sophisticated and hard to detect, the hackers installed malicious code in updates to SolarWinds’s widely used Orion software, which was sent to as many as 18,000 customers.
The malicious code provided the hackers access to the customers’ computer networks and, as clients around the world continue to comb their systems for signs of the Russian hackers, the list of victims is expected to grow.
In a statement posted on the SolarWinds website on Friday, Kevin Thompson, the company’s chief executive officer, said that the company’s top priority was “to ensure that our and our customers’ environments are secure.”
“Security and trust in our software are the foundations of our commitment to our customers,” he said. “We strive to implement and maintain appropriate safeguards, processes, and procedures designed to protect our customers.”
‘Collaborating closely’
Responding to Bloomberg News’ questions about the 2017 presentation and other security issues identified by researchers, a SolarWinds spokesperson said in a statement: “Our top priority is our work with our customers, our industry partners and government agencies to determine whether a foreign government orchestrated this attack, best understand its full scope, and to help address any customer needs that develop. We are doing this work as quickly and transparently as possible. There will be plenty of time to look back and we plan to do that in a similarly transparent way.”
In addition, the company said it is collaborating with law enforcement and “will continue gathering all relevant information to ensure an incident like this does not happen again”.
Thornton-Trump was working at LogicNow, a UK-based cloud computing company, when it was acquired by SolarWinds in June 2016. With nearly two decades of experience in cybersecurity, Thornton-Trump said he helped LogicNow build its brand in the security market.
The security adviser delivered the 2017 PowerPoint to at least three SolarWinds executives, on both the marketing and technology sides of the company, he said.
There was a lack of security at the technical product level, and there was minimal security leadership at the top
Ian Thornton-Trump, former SolarWinds security adviser
Thornton-Trump said that in his experience SolarWinds did not put enough investment into building a cybersecurity culture within the company. In an email explaining his reasons for leaving that he sent to a SolarWinds executive on May 15, 2017, which was seen by Bloomberg News, Thornton-Trump said that he had “lost faith in the leadership” of the company, who he said appeared “unwilling to make the corrections” he believed were necessary to continue support for the security brand he had built at LogicNow.
“There was a lack of security at the technical product level, and there was minimal security leadership at the top,” Thornton-Trump said in an interview. “We knew in 2015 that hackers were looking for any route into a business. But SolarWinds did not adapt. That’s the tragedy. There were plenty of lessons to learn, but SolarWinds wasn’t paying attention to what was going on.”
About two months after Thornton-Trump left SolarWinds, the company recruited Tim Brown, a former chief technology officer at Dell Security, to take on the position of vice-president of security architecture.
In an interview with a trade publication last year, Brown said that he was working to secure SolarWinds’ systems from attack. “We test our incident response process every day – in case something happens to us from the outside that is major,” he said. “We have been lucky, and it’s great.” When companies are hacked, Brown added, it was often their own fault. “If you look at the attacks that have been successful, most of them have been silly mistakes,” he said.


A former SolarWinds employee, who worked as a software engineer at one of the company’s US offices, said SolarWinds appeared to prioritise the development of new software products over internal cybersecurity defences. The employee, who requested anonymity due to having signed a non-disclosure agreement, said it was not uncommon for some of the company’s computer systems to be operating out-of-date web browsers and operating systems, which could make them more vulnerable to hackers.
Cybersecurity researchers also said they had discovered flaws with SolarWinds’ security practices.
One of them, Vinoth Kumar, said he notified SolarWinds in 2019 that the password to one of its servers had leaked online. The password, according to Kumar, was “solarwinds123”. SolarWinds told Kumar that the password had been visible due to a “misconfiguration” and removed it.
In addition, until recently SolarWinds advised its customers on its website to disable virus scanning for Orion platform products so those products could run more efficiently, according to several cybersecurity researchers who posted about it on Twitter. The SolarWinds web page has subsequently been removed from public view.
Jake Williams, a former hacker for the US National Security Agency who is now president of cybersecurity firm Rendition Infosec, said technology companies such as SolarWinds that build and produce computer code often “don’t do security well”.
How US agencies’ trust in untested software opened the door to hackers
“Security is a cost centre, not a profit centre,” Williams said. “I think that probably has a lot to do with it. An underlying problem at SolarWinds has probably crept in through some missing security best practice.”
Even if SolarWinds had robust cybersecurity practices, however, it might not have deterred the alleged Russian hackers, who US authorities described as highly skilled, patient and well resourced, showing “complex tradecraft” in their attacks.
“The reality is that sophisticated threat actors, no matter how good the defences, will eventually succeed,” said Costin Raiu, director of global research and analysis at the cybersecurity firm Kaspersky. “If the cost justifies the effort, the breach will happen.”
Success in obscurity
Though it is not a household name, SolarWinds’ software is popular in IT departments in the US and elsewhere, with more than 320,000 customers, providing technology that monitors the performance of computers within a network. Company officials appear to be content with maintaining a low profile. “We operate behind the scenes,” said John Pagliuca, president of SolarWinds’ managed service providers division, during an October earnings call. “We’ve thrived under relative obscurity.”
Since it was founded in 1999, SolarWinds and its partners have been awarded contracts with the US government worth more than US$230 million, according to sales records reviewed by Bloomberg News. Its software is ubiquitous among federal government agencies. The US military, the FBI, the Secret Service, the National Nuclear Security Administration, Veterans Affairs, and the Department of Homeland Security are among those to have bought SolarWinds’ software, the records show.
The software had been approved for use in the US government. In August 2019, for instance, a version of the Orion software was signed off for use by the Defense Information Systems Agency, which tests software for cybersecurity issues.

According to SolarWinds, its Orion platform generates 45 per cent of the company’s revenue.
Disclosure of the attack came at the end of a year with several financial milestones for SolarWinds. In the second quarter, the company closed the largest commercial deal in its history, and its annual revenue was expected to top US$1 billion for the first time, according to its third-quarter results.
Despite the economic uncertainty caused by the Covid-19 pandemic, sales were growing, according to company records.
SolarWinds gained a foothold in the government marketplace many years ago because it was regarded as “idiot proof”, and was the first software of its kind, said Williams, the former NSA hacker. “Orion is to network management systems what Kleenex is to tissue,” he said. “Other products are laughably complex and bad by comparison. It was the first actually easy-to-use network management system, and took off like wildfire as a result.”
After 14 years at SolarWinds, Thompson, the CEO, is due to retire on December 31. Participating in his final earnings call in October, he said his farewells to colleagues and investors, not realising what was on the horizon. “We’re still the best story in software,” Thompson said. “Keep believing, as there’s still a lot of special things left to accomplish at SolarWinds.”
In the past week, since the suspected Russian hack was first reported, shares in SolarWinds have shed 40 per cent of their value, closing Friday at US$14.18 to round out a five-day losing streak. Friday’s 19 per cent decline was the biggest one-day decline since October 2018.


Former SolarWinds adviser says he warned of lax security years before suspected Russian hack

Texas-based SolarWinds is at the centre of the largest cybersecurity attack in recent memory. Photo: Reuters

(FILES) In this file photo taken on March 3, 2020, Evegnii Nessirio of Seattle, a Russian citizen who was scheduled for his citizenship interview, stands outside following a two-week closure of a Department of Homeland Security (DHS) building and US Citizenship and Immigration Services (USCIS) field office because of an employee who may be infected with the novel coronavirus in Tukwila, Washington. - The US Department of Homeland Security reportedly became the third federal department to be targeted by hackers, US media reported on December 14, 2020 a day after Washington revealed a major cyberattack which may have been coordinated by a foreign government. (Photo by Jason Redmond / AFP)

Tech

Enterprises

Policy

News

World

United States & Canada

Business

Companies


Former SolarWinds security adviser Ian Thornton-Trump says he warned management of cybersecurity risks and laid out a plan to improve it in 2017 but was ignored
‘My belief is that from a security perspective, SolarWinds was an incredibly easy target to hack,’ Thornton-Trump says



Former SolarWinds security adviser Ian Thornton-Trump said he warned management of cybersecurity risks and laid out a plan to improve it that was ultimately ignored.


Former SolarWinds adviser says he warned of lax security years before suspected Russian hack

Former SolarWinds security adviser Ian Thornton-Trump says he warned management of cybersecurity risks and laid out a plan to improve it in 2017 but was ignored ‘My belief is that from a security perspective, SolarWinds was an incredibly easy target to hack,’ Thornton-Trump says

Former SolarWinds security adviser Ian Thornton-Trump says he warned management of cybersecurity risks and laid out a plan to improve it in 2017 but was ignored

‘My belief is that from a security perspective, SolarWinds was an incredibly easy target to hack,’ Thornton-Trump says