The scope of a hack engineered by one of Russia’s premier intelligence agencies became clearer on Monday, when some Trump administration officials acknowledged that other federal agencies — the State Department, the Department of Homeland Security and parts of the Pentagon — had been compromised. Investigators were struggling to determine the extent to which the military, intelligence community and nuclear laboratories were affected by the highly sophisticated attack.
United States officials did not detect the attack until recent weeks, and then only when a private cybersecurity firm, FireEye, alerted American intelligence that the hackers had evaded layers of defenses.
It was evident that the Treasury and Commerce Departments, the first agencies reported to be breached, were only part of a far larger operation whose sophistication stunned even experts who have been following a quarter-century of Russian hacks on the Pentagon and American civilian agencies.
About 18,000 private and government users downloaded a Russian tainted software update — a Trojan horse of sorts — that gave its hackers a foothold into victims’ systems, according to SolarWinds, the company whose software was compromised.
Among those who use SolarWinds software are the Centers for Disease Control and Prevention, the State Department, the Justice Department, parts of the Pentagon and a number of utility companies. While the presence of the software is not by itself evidence that each network was compromised and information was stolen, investigators spent Monday trying to understand the extent of the damage in what could be a significant loss of American data to a foreign attacker.
The National Security Agency — the premier U.S. intelligence organization that both hacks into foreign networks and defends national security agencies from attacks — apparently did not know of the breach in the network-monitoring software made by SolarWinds until it was notified last week by FireEye. The N.S.A. itself uses SolarWinds software.
Two of the most embarrassing breaches came at the Pentagon and the Department of Homeland Security, whose Cybersecurity and Infrastructure Security Agency oversaw the successful defense of the American election system last month.
Rut-roh
More likely it was Belgium or Peru:
Federal officials issued an urgent warning Thursday that the hackers who had penetrated deep into government systems also used other malware — and different attack techniques — that posed “a grave risk to the federal government.”
The warning, from the Department of Homeland Security’s cybersecurity arm, gave no details. But it confirmed suspicions voiced earlier this week by FireEye, a cybersecurity firm, that there were almost certainly other pathways that had been found for attack.
…
The discovery vastly complicates the challenge for federal investigators as they search through computer networks used by the Treasury, the Defense Department, the Commerce Department and nuclear laboratories, trying to assess the damage and understand what the hackers had stolen. It suggests that other software in the “supply chain” used by government agencies and companies are similarly corrupted, though it appears that investigators do not have a comprehensive list.
But it also raises the possibility that the goal of the hackers went beyond espionage, and that the Russian actors, once inside the systems, could alter data or use their access to take command of computer systems that run industrial processes. So far, though, there has been no evidence of that happening.
The alert also ramped up the urgency of government warnings. After playing the incident down — President Trump has said nothing and Secretary of State Mike Pompeo deflected the hacking as one of the many daily attacks on the federal government, suggesting China was the biggest offender — the new alert left no doubt the assessment had changed.
The warning came just days after Microsoft, which produces Windows software and monitors the global network of computers that make use of Windows, took emergency action along with FireEye to halt the communication between the SolarWinds network management software and a command-and-control center that the Russians were using to send instructions to their malware.
That shut off further penetration. But it is of no help to organizations that have already been penetrated, since the first software was corrupted with malware in March. And the key line in the warning said that the SolarWinds “supply chain compromise is not the only initial infection vector” that was used to get into federal systems. That suggests other software, also used by the government, has been infected and used for access by foreign spies.
Wait this is a GG thread?
Always has been.
/meme
President-elect Joseph R. Biden Jr. quickly released a statement stressing the gravity of the breach and promising strong action on cybersecurity, including possible retaliation against foreign attackers.
“A good defense isn’t enough,” Mr. Biden said in a statement. “We need to disrupt and deter our adversaries from undertaking significant cyber attacks in the first place.”
He added: “We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners. Our adversaries should know that, as President, I will not stand idly by in the face of cyber assaults on our nation.”
Gonna be hard to retaliate when we find out the nukes are defused and there’s no MAD.
The US government should install Kaspersky Antivirus.
Both the New York Times and American national security mouthpieces have basically zero credibility on this issue. I’ll wait till some more reliable info comes out
I work for an MSP and this is a total shitstorm. Glad we moved off Solarwinds MSP a while back and honestly if I was a CIO I’d be freaked the fuck out.
Russia Russia Russia
Hold up. Let’s wait to hear from Trump how strongly Putin denies this.
The password they apparently hacked was solarwinds123.
I’d like to think Putin invested heavily into a sophisticated hacking operation and was pissed when he found out they should have just tried companyname123.
smrk4
handsomeandrich123
Do your worst
I’m going to log in and change your password to:
brokeandugly000
Just for being too cocky.
This episode has a very good, and scary, discussion on the issue.
I talked with a security expert yesterday who basically said, Yes, it is all about money. They say Russia can/will use what it gets from the hack to profit in several market areas. I deal with the utility sector and what they said, essentially, is the primary goal isn’t to shut the lights off–at least right now.
A disruption like that could lead to significant casulties (think about hospitals losing power, for instance), and would elicit a strong response. Many people (security experts, politicians) say the US, Russia and China can all basically impact each other’s electrical grid if they want.
The SolarWinds hack has many people freaking out. Hackers were inside government agencies and companies so long that it is very likely other malware and access points have been left behind and finding those will be difficult and time consuming because of the nature of the initial breach. Basically, everything hackers did looked legitimate.
I’m not sure what you mean, but I read your post that you think these hacks are either about “giggles or to show-off that they have bigger dicks (are smarter).”
This was essentially a military operation. The sophistication and sprawl of this attack has shocked the security industry.
This may have been true 25 years ago, but these days hacking is very much about money and power. Even the white hats are doing it for the paycheck. There’s just way too much money in it. All the idealist notions of hacker culture that took hold in the 90’s have been destroyed by the monetization of the internet.