Yes, people can actually play Halo: CE in CS:GO. A few dedicated mod creators have taken the time to create weapon models, characters, and sounds that resemble a graphically enhanced Halo game. Even the interface has the Halo radar and death feed.
Cs 16 Sound Hack TOP
In addition to that, the mod adds realistic animations in movement, weapons, and grenades. The mod also improves the sound system in-game. Hellstrike's full release is currently TBD on the official page, but according to comments, the fully-functional version of the mod should release this year.
The Oldschool Offensive mod takes the Counter-Strike: Global Offensive back to the bloodhound era, giving players access to 23 maps instead of just 13. The mod also adds classic gloves, radar, and knives as well as sounds, which make players feel like they are playing the old version of CS:GO.
So much so, that people started recording their heroics in the form of fragmovies, a showcase of skill and domination which is now a much loved part of the CS community. But fragmovies are more than just a compilation of kills: Editors spend hundreds of hours perfecting each timing, each sound, and each graphic to match their vision.
An NPR investigation into the SolarWinds attack reveals a hack unlike any other, launched by a sophisticated adversary intent on exploiting the soft underbelly of our digital lives. Zoë van Dijk for NPR hide caption
By design, the hack appeared to work only under very specific circumstances. Its victims had to download the tainted update and then actually deploy it. That was the first condition. The second was that their compromised networks needed to be connected to the Internet, so the hackers could communicate with their servers.
SolarWinds CEO and President Sudhakar Ramakrishna inherited the attack. He was hired shortly before the breach was discovered and stepped into the job just as the full extent of the hack became clear. Demetrius Freeman/Pool/AFP via Getty Images hide caption
When cybersecurity experts talk about harm, they're thinking about something like what happened in 2017, when the Russian military launched a ransomware attack known as NotPetya. It, too, began with tainted software, but in that case the hackers were bent on destruction. They planted ransomware that paralyzed multinational companies and permanently locked people around the world out of tens of thousands of computers. Even this much later, it is considered the most destructive and costly cyberattack in history.
Intelligence officials worry that SolarWinds might presage something on that scale. Certainly, the hackers had time to do damage. They roamed around American computer networks for nine months, and it is unclear whether they were just reading emails and doing the things spies typically do, or whether they were planting something more destructive for use in the future.
The SolarWinds attackers ran a master class in novel hacking techniques. They modified sealed software code, created a system that used domain names to select targets and mimicked the Orion software communication protocols so they could hide in plain sight. And then, they did what any good operative would do: They cleaned the crime scene so thoroughly investigators can't prove definitively who was behind it. The White House has said unequivocally that Russian intelligence was behind the hack. Russia, for its part, has denied any involvement.
Meyers is the vice president for threat intelligence at the cybersecurity firm CrowdStrike, and he's seen epic attacks up close. He worked on the 2014 Sony hack, when North Korea cracked into the company's servers and released emails and first-run movies. A year later, he was on the front lines when a suspected Kremlin-backed hacking team known as "Cozy Bear" stole, among other things, a trove of emails from the Democratic National Committee. WikiLeaks then released them in the runup to the 2016 election.
After that initial success, the hackers disappeared for five months. When they returned in February 2020, Meyers said, they came armed with an amazing new implant that delivered a backdoor that went into the software itself before it was published.
To understand why that was remarkable, you need to know that finished software code has a kind of digital factory seal. If you break that seal, someone can see it and know that the code might have been tampered with. Meyers said the hackers essentially found a way to get under that factory seal.
Under normal circumstances, developers take the code out of the repository, make changes and then check it back in. Once they finish tinkering, they initiate something called the build process, which essentially translates the code a human can read to the code a computer does. At that point, the code is clean and tested. What the hackers did after that was the trick.
They would create a temporary update file with the malicious code inside while the SolarWinds code was compiling. The hackers' malicious code told the machine to swap in their temporary file instead of the SolarWinds version. "I think a lot of people probably assume that it is the source code that's been modified," Meyers said, but instead the hackers used a kind of bait-and-switch.
But this, Meyers said, was interesting, too. The hackers understood that companies such as SolarWinds typically audit code before they start building an update, just to make sure everything is as it should be. So they made sure that the switch to the temporary file happened at the last possible second, when the updates went from source code (readable by people) to executable code (which the computer reads) to the software that goes out to customers.
The technique reminded Meyers of old fears around trick-or-treating. For decades, there had been an urban myth that kids couldn't eat any Halloween candy before checking the wrapper seal because bad people might have put razor blades inside. What the hackers did with the code, Meyers said, was a little like that.
"Imagine those Reese's Peanut Butter Cups going into the package and just before the machine comes down and seals the package, some other thing comes in and slides a razor blade into your Reese's Peanut Butter Cup," he said. Instead of a razor blade, the hackers swapped the files so "the package gets sealed and it goes out the door to the store."
Meyers said it's hard not to admire just how much thought the hackers put into this operation. Consider the way they identified targets. The downside of breaking into so many customer networks all at once is that it is hard to decide what to exploit first. So the hackers created a passive domain name server system that sent little messages with not just an IP address, which is just a series of numbers, but also with a thumbnail profile of a potential target.
The hackers also reverse-engineered the way Orion communicated with servers and built their own coding instructions mimicking Orion's syntax and formats. What that did is allow the hackers to look like they were "speaking" Orion, so their message traffic looked like a natural extension of the software.
And there is something else that Einstein doesn't do: It doesn't scan software updates. So even if the hackers had used code that Einstein would have recognized as bad, the system might not have seen it because it was delivered in one of those routine software updates.
The National Security Agency and the military's U.S. Cyber Command were also caught flat-footed. Broadly speaking, their cyber operators sit in foreign networks looking for signs of cyberattacks before they happen. They can see suspicious activity in much the same way a satellite might see troops amassing on the border. Critics said they should have seen the hackers from the Russian intelligence service, the SVR, preparing this attack.
In that case, according to SolarWinds' Ramakrishna, the security teams at SolarWinds and Palo Alto worked together for three months to try to pick up the thread of the problem and walk it back. "None of us could pinpoint a supply chain attack at that point," Ramakrishna told NPR. "The ticket got closed as a result of that. If we had the benefit of hindsight, we could have traced it back" to the hack.
The first indication that hackers had found their way into FireEye's networks came in an innocuous way. Someone on the FireEye security team had noticed that an employee appeared to have two phones registered on his network, so she called him. "And that phone call is when we realized, hey, this isn't our employee registering that second phone, it was somebody else," Mandia said.
What his team discovered over the course of several weeks was that not only was there an intruder in its network, but someone had stolen the arsenal of hacking tools FireEye uses to test the security of its own clients' networks. FireEye called the FBI, put together a detailed report, and once it had determined the Orion software was the source of the problem, it called SolarWinds.
The tainted code had allowed hackers into FireEye's network, and there were bound to be others who were compromised, too. "We were hearing that different reporters had the scoop already," Mandia said. "My phone actually rang from a reporter and that person knew and I went, OK, we're in a race."
Ron Plesco, a lawyer with the firm DLA Piper, has made cybercrimes a specialty of his practice. "I've been in situations where, while you're in there doing the investigation, [hackers are] watching your email, they're compromising your phone calls or your Zooms," he said. Kriston Jae Bethel for NPR hide caption
To investigate a hack, you have to secure a digital crime scene. Just as detectives in the physical world have to bag the evidence and dust for prints for the investigation later, SolarWinds had to pull together computer logs, make copies of files, ensure there was a recorded chain of custody, all while trying to ensure the hackers weren't inside its system watching everything they did. 2ff7e9595c
Comments