Hacking

Subterms

    More stories

    • 188 Shares159 Views

      in US Politics

      What we know – and still don’t – about the worst-ever US government cyber attack

      by

      Nearly a week after the US government announced that multiple federal agencies had been targeted by a sweeping cyber attack, the full scope and consequences of the suspected Russian hack remain unknown.Key federal agencies, from the Department of Homeland Security to the agency that oversees America’s nuclear weapons arsenal, were reportedly targeted, as were powerful tech and security companies, including Microsoft. Investigators are still trying to determine what information the hackers may have stolen, and what they could do with it.Donald Trump has still said nothing about the attack, which federal officials said posed a “grave risk” to every level of government. Joe Biden has promised a tougher response to cyber attacks but offered no specifics. Members of Congress are demanding more information about what happened, even as officials scrambling for answers call the attack “significant and ongoing”.Here’s a look at what we know, and what we still don’t, about the worst-ever cyber attack on US federal agencies.What happened?The hack began as early as March, when malicious code was snuck into updates to a popular software called Orion, made by the company SolarWinds, which provides network-monitoring and other technical services to hundreds of thousands of organizations around the world, including most Fortune 500 companies and government agencies in North America, Europe, Asia and the Middle East.That malware in the updates gave elite hackers remote access to an organization’s networks so they could steal information. The apparent months-long timeline gave the hackers ample opportunity to extract information from many targets, including monitoring email and other internal communications.Microsoft called it “an attack that is remarkable for its scope, sophistication and impact”.Who has been affected so far?At least six US government departments, including the energy, commerce, treasury and state departments, are reported to have been breached. The National Nuclear Security Administration’s networks were also breached, Politico reported on Thursday.Dozens of security and other technology firms, as well as non-governmental organizations, were also affected, Microsoft said in a statement Thursday. While most of those affected by the attack were in the US, Microsoft said it had identified additional victims in Canada, Mexico, Belgium, Spain, the United Kingdom, Israel and the United Arab Emirates.“It’s certain that the number and location of victims will keep growing,” Microsoft added.Who is responsible for the attack?While the US government has not yet officially named who is responsible for the attack, US officials have told media outlets they believe Russia is the culprit, specifically SVR, Russia’s foreign intelligence outfit.We must act as if the Russian government has control of all the networks it has penetratedAndrei Soldatov, an expert on Russia’s spy agencies and the author of The Red Web, told the Guardian he believes the hack was more likely a joint effort of Russia’s SVR and FSB, the domestic spy agency Putin once headed.Russia has denied involvement: “One shouldn’t unfoundedly blame the Russians for everything,” a Kremlin spokesman said on Monday.The infiltration tactic involved in the current hack, known as the “supply-chain” method, recalled the technique Russian military hackers used in 2016 to infect companies that do business in Ukraine with the hard-drive-wiping NotPetya virus – the most damaging cyber-attack to date.What information has been stolen, and how is it being used?That’s remains deeply unclear.“This hack was so big in scope that even our cybersecurity experts don’t have a real sense yet in the terms of the breadth of the intrusion itself,” Stephen Lynch, the head of the House of Representatives’ oversight and reform committee, said after attending a classified briefing Friday.Thomas Rid, a Johns Hopkins cyberconflict expert, told the Associated Press that it was likely that the hackers had harvested such a vast quantity of data that “they themselves most likely don’t know yet” what useful information they’ve stolen.What can be done to fix the networks that have been compromised?That’s also unclear, and potentially very difficult.“Removing this threat actor from compromised environments will be highly complex and challenging for organizations,” said a statement from the Cybersecurity and Infrastructure Security Agency (Cisa) on Thursday.One of Trump’s former homeland security advisers, Thomas Bossert, has already said publicly that a real fix may take years, and be both costly and challenging.“It will take years to know for certain which networks the Russians control and which ones they just occupy,” Bossert wrote in a New York Times op-ed on Wednesday. “The logical conclusion is that we must act as if the Russian government has control of all the networks it has penetrated.”“A ‘do-over’ is mandatory and entire new networks need to be built – and isolated from compromised networks,” he wrote.How has Trump responded?As of Friday afternoon, the US president had still said nothing to address the attack.The Republican senator and former presidential candidate Mitt Romney has criticized Trump’s silence as unacceptable, particularly in response to an attack he said was “like Russian bombers have been repeatedly flying undetected over our entire country”.“Not to have the White House aggressively speaking out and protesting and taking punitive action is really, really quite extraordinary,” Romney said.How has Biden responded?So far, there’s been tough talk but no clear plan from the president-elect.“We need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place,” Biden said. “We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners.”“There’s a lot we don’t yet know, but what we do know is a matter of great concern,” Biden said.Could this attack have been prevented or deterred?“What we could have done is had a coherent approach and not been at odds with each other,” said Fiona Hill, a Russia expert and former Trump National Security Council member, to PBS NewsHour this week, criticizing conflict and dysfunction within the Trump administration and between the US and its allies on Russia-related issues.If “we don’t have the president on one page and everybody else on another, and we’re working together with our allies to push back on this, that would have a serious deterrent effect”, Hill said.Other cybersecurity experts said the federal government could also do more to simply keep up to date on cybersecurity issues, and said the Trump administration had failed on this front, including by eliminating the positions of White House cybersecurity coordinator and state department cybersecurity policy chief.“It’s been a frustrating time, the last four years. I mean, nothing has happened seriously at all in cybersecurity,” said Brandon Valeriano, a Marine Corps University scholar and adviser to a US cyber defense commission, to the Associated Press.What options does the US have to respond politically to this kind of attack?Some experts are arguing that the US government needs to do more to punish Russia for its apparent interference. The federal government could impose formal sanctions on Russia, as when the Obama administration expelled Russian diplomats in retaliation for Kremlin military hackers’ meddling in Donald Trump’s favor in the 2016 election. Or the US could fight back more covertly by, for instance, making public details of Putin’s own financial dealings.But, as the Guardian’s Luke Harding pointed out, cyber attacks are “cheap, deniable, and psychologically effective”, and Biden’s options for responding to Russia’s aggression are limited.“The answer eluded Barack Obama, who tried unsuccessfully to reset relations with Putin. The person who led this doomed mission was the then secretary of state, Hillary Clinton, herself a Russian hacking victim in 2016,” Harding wrote.What are other potential consequences of the hack?SolarWinds may face legal action from private customers and government entities affected by the breach. The company filed a report with the Securities and Exchange Commission on Tuesday detailing the hack.In it, the company said total revenue from affected products was about $343m, or roughly 45% of the firm’s total revenue. SolarWinds’ stock price has fallen 25% since news of the breach first broke.Moody’s Investors Service said Wednesday it was looking to downgrade its rating for the company, citing the “potential for reputational damage, material loss of customers, a slowdown in business performance and high remediation and legal costs”.The Associated Press contributed reporting. More

    • 200 Shares129 Views

      in US Politics

      Orion hack exposed vast number of targets – impact may not be known for a while

      by

      If there is one silver lining to the months-long global cyber-espionage campaign discovered when a prominent cybersecurity firm learned it had been breached, it might be that the sheer numbers of potentially compromised entities offers them some protection.By compromising one piece of security software – a security tool called Orion developed by the Texan company SolarWinds – the attackers gained access to an extraordinary array of potential targets in the US alone: more than 425 of the Fortune 500 list of top companies; all of the top 10 telecommunications companies; all five branches of the military; and all of the top five accounting firms.But they are just a fraction of SolarWinds’ 300,000 global customers, which also include UK government agencies and private sector companies.For now, we only have only confirmation from investigators that the US Treasury and commerce departments were attacked. The hack, attributed to Russian state actors, took the form of a so-called supply chain attack. Rather than directly attacking the US government, the attackers succeeded in compromising the automatic update function built into Orion.That breach provided the foothold the attackers needed to begin monitoring internal emails at the departments. By hacking SolarWind and inserting weaknesses into the Orion software at source, the attackers simply had to wait until their targets downloaded and ran a fake software security update.Thankfully, even then, the full attack was a technically challenging manoeuvre. In order to stay below the radar of the US government’s own security teams, the update was programmed to sit silently for two weeks after it was installed, and then to only upload stolen data in small quantities so that it could be disguised as normal Orion traffic.That, investigators say, means it is unlikely that the perpetrators made the most of the widespread access they could have gained. Rather than exfiltrating untold gigabytes of stolen data to peruse at their leisure, the attackers had to operate in a much more labour-intensive fashion, navigating through the government network as quietly as possible, and only uploading data already presumed to be valuable.At the moment it is not clear how much information was taken, and what other departments and entities the hackers chose to enter.Nevertheless, the US Cybersecurity and Infrastructure Security Agency issued an emergency directive late on Sunday night advising all federal civilian agencies to “review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately”. The acting director, Brandon Wales, said the compromise “poses unacceptable risks” to the security of federal networks.The long-term impact of the hack is unlikely to be known for a while, if at all. Although journalists and the public think about the impact of attacks simply in terms of any striking secrets revealed, cyber-warfare tends to have multiple goals.As well as looking for ill-guarded secrets of individuals, this sort of attack can be used to map how organisations work and their structural vulnerabilities, with a view to potentially exploiting them at a later point..More broadly, cyber operations like this undermine confidence in existing security measures and hand a propaganda coup to the country directing the attack.Silently eavesdropping on high-value targets is a labour-intensive job – particularly if the attacker wants to stay hidden, and for now it appears that the temptation to eavesdrop on internal communications at the US treasury and commerce departments was the most compelling.If other customers of SolarWinds do not find evidence that they were under surveillance, they will take solace in the fact that the US government was too big a target to pass up. More

    • 113 Shares99 Views

      in US Politics

      US treasury hacked by foreign government group – report

      by

      Hackers backed by a foreign government have been monitoring internal email traffic at the US treasury department and an agency that decides internet and telecommunications policy, according to people familiar with the matter.“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” said national security council spokesman John Ullyot.There is concern within the US intelligence community that the hackers who targeted the treasury department and the commerce department’s national telecommunications and information administration used a similar tool to break into other government agencies, according to three people briefed on the matter. The people did not say which other agencies.The hack is so serious it led to a national security council meeting at the White House on Saturday, said one of the people familiar with the matter.The hack involves the NTIA’s office software, Microsoft’s Office 365. Staff emails at the agency were monitored by the hackers for months, sources said.A Microsoft spokesperson did not immediately respond to a request for comment.The hackers are “highly sophisticated” and have been able to trick the Microsoft platform’s authentication controls, according to a person familiar with the incident, who spoke on condition of anonymity because they were not allowed to speak to the press.“This is a nation state,” said a different person briefed on the matter. “We just don’t know which one yet.“The full scope of the hack is unclear. The investigation is still in its early stages and involves a range of federal agencies, including the FBI, according to the three people familiar with the matter.The FBI, homeland security department’s cybersecurity division, known as CISA, and US national security agency did not immediately respond to a request for comment. More

    • 138 Shares169 Views

      in US Politics

      Russian hackers targeting US political campaigns ahead of elections, Microsoft warns

      by

      The same Russian military intelligence outfit that hacked the Democrats in 2016 has attempted similar intrusions into the computer systems of organizations involved in the 2020 elections, Microsoft said Thursday.Those efforts, which have targeted more than 200 organizations including political parties and consultants, appear to be part of a broader increase in targeting of US political campaigns and related groups, the company said.“What we’ve seen is consistent with previous attack patterns that not only target candidates and campaign staffers but also those who they consult on key issues,” Tom Burt, a Microsoft vice-president, said in a blogpost.Most of the infiltration attempts by Russian, Chinese and Iranian agents were halted by Microsoft security software and the targets notified, he said. The company would not comment on who may have been successfully hacked or the impact.Microsoft did not assess which foreign adversary poses the greater threat to the integrity of the November presidential election. The consensus among cybersecurity experts is that Russian interference is the gravest. Senior Trump administration officials have disputed that, though without offering any evidence.Intelligence officials have found that – as in 2016 – the Russian government is attempting to undermine the Democratic candidate and boost Donald Trump’s chances of winning. In 2016, actors working on behalf of the Russian government hacked email accounts of the Democratic National Committee and publicly released stolen files and emails. The Russian government also funded “troll farms” in St Petersburg where nationals pretending to be from the US would post misinformation online to sow unrest.“This is the actor from 2016, potentially conducting business as usual,” said John Hultquist, the director of intelligence analysis at the cybersecurity firm FireEye. “We believe that Russian military intelligence continues to pose the greatest threat to the democratic process.”The subject of Russian interference has been an ongoing frustration for Trump, who has disputed the country’s meddling in the 2016 elections despite extensive evidence, calling it a “witch hunt”. Trump loyalists at the Department of Homeland Security have also manipulated and fabricated intelligence reports to downplay the threat of Russian interference, a whistleblower claimed on Wednesday.A spokeswoman for the Trump campaign said it takes cybersecurity threats “very seriously” and does not publicly comment on specific efforts it is making.“As President Trump’s re-election campaign, we are a large target, so it is not surprising to see malicious activity directed at the campaign or our staff,” she said. “We work closely with our partners, Microsoft and others, to mitigate these threats.”The attempted hacks come at a time when election security concerns are remarkably high, given that many people will be voting with mail-in ballots due to the Covid-19 pandemic. An international body in August called these “the most challenging” US election in recent decades.Campaigns are also at a heightened risk for hacking given that many employees are now working from home without heightened security measures that may exist on workplace computers, said Bob Stevens, the vice-president of mobile security firm Lookout.“Mobile devices now exist at the intersection of our work and personal lives,” he said. “Considering how reliant we are on them to support all aspects of our lives, bad actors have taken note.”The Microsoft revelations on Thursday show that Russian military intelligence continues to pursue election-related targets undeterred by US indictments, sanctions and other countermeasures, Hultquist said.Microsoft, which has visibility into these efforts because its software is both ubiquitous and highly rated for security, did not address whether US officials who manage elections or operate voting systems have been targeted by state-backed hackers this year. US intelligence officials say they have so far not seen no evidence of that. More