Jump to content
IGNORED

Anyone Having Garmin issues?


Recommended Posts

Garmin Connect app on my Samsung phone says this right now when I try to connect to my Vivoactive 3 watch:20200724_190042.thumb.jpg.ee092cc16e22eea35c0ed5b1926d8072.jpg

That's annoying but I'll be OK. I'll be quite upset if they don't figure it out though. I imagine there's something quite catastrophic happening right now for this kind of kerfuffle. Anything is possible with the state the world is in right now.

Link to comment
Share on other sites

Still down, but I don't care. The bigger deal is that if they are a victim of ransomware that leads me down the path of wondering what their data security and recovery plans are. 

Nothing makes you more uncomfortable about someone having your data than a company who has a primary web property like this go offline for several days based on (most likely) stupid end user mistakes. However, knowing that it took down web services this speaks to an even larger issue. If this were ransomware on a client system (which is always far more probable) you'd be asking why the client system is so intricately tied to some kind of web services. If it was the server then it speaks to the sheer stupidity of letting someone access that server with poor computing hygiene.

  • Like 3
Link to comment
Share on other sites

9 hours ago, AustinBike said:

Still down, but I don't care. The bigger deal is that if they are a victim of ransomware that leads me down the path of wondering what their data security and recovery plans are. 

Nothing makes you more uncomfortable about someone having your data than a company who has a primary web property like this go offline for several days based on (most likely) stupid end user mistakes. However, knowing that it took down web services this speaks to an even larger issue. If this were ransomware on a client system (which is always far more probable) you'd be asking why the client system is so intricately tied to some kind of web services. If it was the server then it speaks to the sheer stupidity of letting someone access that server with poor computing hygiene.

Yeah I'll be shocked if CTO and other heads don't roll there.

Link to comment
Share on other sites

I think it’s amazing that these hacker groups can still get away with these types of attacks. If Garmin just said “...here’s $10M world. Bring me these hackers.” Could it be done? Is their kungfu that much better than the law abiding programmers out there?


Sent from my iPhone using Tapatalk

Link to comment
Share on other sites

3 minutes ago, Tree Magnet said:

I think it’s amazing that these hacker groups can still get away with these types of attacks. If Garmin just said “...here’s $10M world. Bring me these hackers.” Could it be done? Is their kungfu that much better than the law abiding programmers out there?


Sent from my iPhone using Tapatalk

I thought that seemed familiar!  https://www.imdb.com/title/tt0117438/

Link to comment
Share on other sites

4 hours ago, Tree Magnet said:

I think it’s amazing that these hacker groups can still get away with these types of attacks. If Garmin just said “...here’s $10M world. Bring me these hackers.” Could it be done? Is their kungfu that much better than the law abiding programmers out there?

Or maybe they should have listened to the advice of the people with good kung fu at the beginning not begging for help after it happened. #biased

Link to comment
Share on other sites

Yeah, looks like $10M is the asking price:

https://www.forbes.com/sites/barrycollins/2020/07/25/will-garmin-pay-10m-ransom-to-end-two-day-outage/?fbclid=IwAR1uy3YbET4GdHqNg8EMP3kWIJwoG3qdXTB96ShXovyrGslM1mLaOP8DmQM#89dcef3164f3

And yes, if they gave a $10M reward someone would probably flip on the hackers, but it is unlikely that they would ever get their data back that way. Imagine a search, an arrest, months of imprisonment, a trial, and a last minute bargaining of dropping/lowering the charges if they unlock the data. Unlikely that such a deal would happen in the next 12 months. 12 months of systems being down would be way more in business impact than $10M.

Sadly, the best way to get out of this is to pay the ransom. The longer you wait the more expensive it becomes for you. The long term business impact might already be beyond the $10M right now, they are only making it worse at this point.

Link to comment
Share on other sites

And a new interesting vector added to this. If you had a credit card enrolled with Garmin Pay, then you potentially have a problem. I would recommend checking on your card if you have it. The only upside is that I don't think many people have Garmin Pay because few vendors accept it. Probably more critical for runners because they would be more likely to run with only the watch and possibly use Garmin Pay.

  • Like 2
Link to comment
Share on other sites

3 hours ago, AustinBike said:

And a new interesting vector added to this. If you had a credit card enrolled with Garmin Pay, then you potentially have a problem. I would recommend checking on your card if you have it. The only upside is that I don't think many people have Garmin Pay because few vendors accept it. Probably more critical for runners because they would be more likely to run with only the watch and possibly use Garmin Pay.

that's where I drew the line when I got my Garmin smart watch. they probably think it's safe, but you know there are people determined to stealing money from me by just getting a device close enough to my wrist. 

Link to comment
Share on other sites

  • 2 weeks later...
7 hours ago, AustinBike said:

Annnnndddd we have our answer:

Honestly I'm no major media denier. I don't rail against mainstream news. At all. I even enjoy some CNN. Shit, even a spot of MSNBC on occasion. 

But when a story is sourced by [quotes from article] "anonymous sources," or "people with knowledge of the matter, speaking to Sky News on the condition of anonymity," or "Sources with knowledge of the incident," or "Separate sources," well, then a rational man has to wonder the point of the story. 

It's one thing if anonymous sources can give you breaking and corroborate-able information. But if your "story" is based on, what?, 4 anonymous sources and a sack of explicit non corroboration,  then you don't have a story

And really, I don't doubt that Garmin probably did pay off the hackers. Hell, they were probably smart enough to not obviously run a foul of the sanctions too. But anyone could tell that story with 4 anonymous "sources." We may indeed have our answer, but this story isn't conclusive. Because in the "fake news" era, that story can gfis and that reporter (and that outfit) should try harder. 

Edited by Barry
I don't have an editor, unlike SKY News, one assumes.
Link to comment
Share on other sites

It is healthy to be skeptical. The BBC also reported on this: https://www.bbc.com/news/technology-53553576

Based on my work I have to spend a lot of time with network security, people that understand all of this way more than I ever could are all in pretty firm agreement that they paid. Whether they paid the full $9M is something we'll never know and the company is not saying anything (clearly worried about shareholders and other liability as well as bad PR).

In a world where >90% of the ransomware infections are not able to be remediated without paying *something* the odds are in their favor for payment here. And, payment is probably the smart thing to do. Imagine you built a building, installed a sprinkler, but never bothered to check it to see if it works. After a few years the building catches on fire. You pull the lever and find that the sprinkler was never properly connected this whole time. A guy is standing there with a pipe wrench in his hand that can connect it so you can put out the fire, but he wants a lot of money. Do you a.) give him the cash and save the building of b.) let it burn to the ground because you see his payment as "blackmail"?

Honestly, if your business is hit by ransomware there is very little thought about "how did this happen" and the focus is entirely on how to get it under control. I have no idea what the value of Garmin services were but I'd be willing to bet that if they were losing $1M/day and the ransom was $9M, by day 4 they'd be thinking long and hard about what to do and if by day 6 they did not have daylight on a solution they'd be opening the check book. Basically it is a business decision; the math is not "what has this cost us so far" and more about "what is the potential total cost to resolution." Ideally you'd not want to pay the ransom but if that is both the quickest and least expensive solution you actually risk a shareholder suit down the road if you don't pay it.

We'll ultimately find out because the hacking group has been sanctioned by the US government so even if they chose a third party exchange, they will run afoul of the DOJ. Could be an interesting couple of months as this continues to unfold. 

Link to comment
Share on other sites

24 minutes ago, AustinBike said:

It is healthy to be skeptical. The BBC also reported on this: https://www.bbc.com/news/technology-53553576

Based on my work I have to spend a lot of time with network security, people that understand all of this way more than I ever could are all in pretty firm agreement that they paid. Whether they paid the full $9M is something we'll never know and the company is not saying anything (clearly worried about shareholders and other liability as well as bad PR).

In a world where >90% of the ransomware infections are not able to be remediated without paying *something* the odds are in their favor for payment here. And, payment is probably the smart thing to do. Imagine you built a building, installed a sprinkler, but never bothered to check it to see if it works. After a few years the building catches on fire. You pull the lever and find that the sprinkler was never properly connected this whole time. A guy is standing there with a pipe wrench in his hand that can connect it so you can put out the fire, but he wants a lot of money. Do you a.) give him the cash and save the building of b.) let it burn to the ground because you see his payment as "blackmail"?

Honestly, if your business is hit by ransomware there is very little thought about "how did this happen" and the focus is entirely on how to get it under control. I have no idea what the value of Garmin services were but I'd be willing to bet that if they were losing $1M/day and the ransom was $9M, by day 4 they'd be thinking long and hard about what to do and if by day 6 they did not have daylight on a solution they'd be opening the check book. Basically it is a business decision; the math is not "what has this cost us so far" and more about "what is the potential total cost to resolution." Ideally you'd not want to pay the ransom but if that is both the quickest and least expensive solution you actually risk a shareholder suit down the road if you don't pay it.

We'll ultimately find out because the hacking group has been sanctioned by the US government so even if they chose a third party exchange, they will run afoul of the DOJ. Could be an interesting couple of months as this continues to unfold. 

I'm an IT Director for a Berkshire Hathaway company, I live in this world daily. According to my sources, it's more like >40%, not 90%. Also, that number reflects companies that are infected. Infection means that they either didn't protect themselves, or did a really shitty job of it. There are no excuses for letting it happen with all of the amazing tools available.

 

There are many layers of protection that should be in place.

Anti-virus/malware for workstations, servers, and cloud providers. This includes Edge protection for web traffic and email. In addition DNS services that can prevent exposure. 

DLP (Data Loss Prevention) solutions that protect data at rest, and in motion. Blocking access to external file sharing, and even USB drives. Data written to USB drives from domain member/Intune (Endpoint Protection) managed devices is encrypted to prevent access by non-authorized users.

Protecting backups, and ensuring that EVERYTHING is not only backed up...it's also tested, and restores are verified.

Using encryption (BitLocker, FileVault, etc.) on all laptops, desktops, and phones/tablets, etc.

Requiring VPN for all internal network access for internet based devices. 

Requiring MFA (Multi Factor Auth) for all services, even web mail access.

We don't even allow email forwarding rules on mailboxes. Any companies we do business with have to submit a security audit, and be verified prior to us allowing connections to their resources.

We use a company that sends test emails to our users, looking for people that do click on those bad links. All email from outside of the company has a large banner stating that across the top. Anyone that fails one of these tests has their emails reformatted to remove live links for one year. Anyone that fails three times is history. Our email clients have buttons at the top for reporting suspected phishing. It quarantines the email, and alerts our security people. With a couple clicks, the emails is removed from all users mailboxes.

Any company that is a ransomeware victim is at fault. They didn't do their part properly. If a workstation gets infected, we have Cisco ISE, and SourceFire inline (along with DLP) to watch, and block any activity that would allow the infection to spread. We use ISE (Identity Services Engine) to manage/monitor/protect every single switch port. If your device doesn't have the proper certificate, that post is shutdown. Wireless is even more strict.

A company like Garmin has NO excuse for falling victim to this.

  • Like 1
Link to comment
Share on other sites

9 hours ago, Barry said:

Honestly I'm no major media denier. I don't rail against mainstream news. At all. I even enjoy some CNN. Shit, even a spot of MSNBC on occasion. 

But when a story is sourced by [quotes from article] "anonymous sources," or "people with knowledge of the matter, speaking to Sky News on the condition of anonymity," or "Sources with knowledge of the incident," or "Separate sources," well, then a rational man has to wonder the point of the story. 

When a major news outlet like NYT or BBC reports from anonymous sources, you can be pretty confident that they have verified the identity of the source as a knowledgable insider and are reporting facts. It's pretty basic journalistic ethics, and it would sink the reputation of these outlets substantially if they were caught reporting an unreliable or false source. I highly doubt the media is colluding with Garmin's competitors in this case. Most likely, it is a group of verified employees that don't want to lose their jobs.

I have no doubt there is corruption in news media, but it usually takes form of selective reporting and exaggeration. Very rarely do overt falsehoods get reported by the major media players.

  • Like 2
Link to comment
Share on other sites

18 minutes ago, cody said:

It's pretty basic journalistic ethics, and it would sink the reputation of these outlets substantially if they were caught reporting an unreliable or false source.

I came in here to say basically the same thing. As someone with a degree and a quasi-career in journalism, this is key to the job. I've had to do this on at least one occasion while writing for a newspaper and it was a tough call. if readers don't trust the journalist or the outlet, then they will not trust that the "unanimous source" is legit. if the journalist has any professional ethics, they will only quote verified sources and protect their identity and then back it up with facts or print a retraction later. journalists have been jailed and killed for not revealing the name of their sources. however, they also have to maintain credibility, or their readers' trust and ability to use unnamed sources will be compromised.

there are conspiracy theory outlets that someone maintain credibility in other ways by playing to their readers' ignorance, but they regularly abuse the practice of quoting anonymous sources by citing known liars and making up quotes out of thin air. that's the scary media landscape we live in, where conspiracy theory hucksters are amplified in the public conversation.

none of that applies to the Garmin story. I doubt there are a lot of scary secrets behind that.

Edited by mack_turtle
  • Like 3
Link to comment
Share on other sites

I appreciate that journalistic integrity is on the line with anonymous sources. And I don't have a problem with anonymous sources in general. And like I said, I don't doubt the story is probably correct. My problem with the story is that it sounds like they have 4 separate anonymous sources, and nothing in the story is falsifiable, and as such, it's a bit of a garbage piece. 

Link to comment
Share on other sites

  • 1 month later...

Sept. 15, 2020

We are on a Garmin Flex plan for an InReach Explorer and I needed to update the CC billing number. 

Garmin log-in page recognizes my email, but not my password.  Set up a new password, it just cycles back to the log-in page with no other feedback. 

Sheesh. I'M TRYING TO GIVE THEM MONEY. 

Next, customer support by phone.  Did the competent, cheerful customer service rep come on the line to HELP ME GIVE THEM MONEY? No, no s/he didn't. "We are experiencing technical difficulties and are disconnecting this call." 

There it is. I've been ghosted by Garmin. 

Deja vu all over again? 

Edited by June Bug
Link to comment
Share on other sites

They have had several notable outages since the ransomware issues. And I have seen a couple "down for maintenance" messages when I try to upload after a ride.

This is too bad. I really like Garmin devices a lot. There is a value for me in watching my progress through a ride, when I don't have one on my bars I feel naked. Luckily I am not competitive so if there are issues it is an annoyance and not critical.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...