More stories

  • in

    Preparing for Retaliation Against Russia, U.S. Confronts Hacking by China

    AdvertisementContinue reading the main storySupported byContinue reading the main storyPreparing for Retaliation Against Russia, U.S. Confronts Hacking by ChinaThe proliferation of cyberattacks by rivals is presenting a challenge to the Biden administration as it seeks to deter intrusions on government and corporate systems.Jake Sullivan, President Biden’s national security adviser, last month. He said on Thursday that the White House was “closely tracking” reports that the vulnerabilities exploited in the Microsoft hacking were being used in “potential compromises of U.S. think tanks and defense industrial base entities.”Credit…Stefani Reynolds for The New York TimesDavid E. Sanger, Julian E. Barnes and March 7, 2021Updated 9:42 p.m. ETWASHINGTON — Just as it plans to begin retaliating against Russia for the large-scale hacking of American government agencies and corporations discovered late last year, the Biden administration faces a new cyberattack that raises the question of whether it will have to strike back at another major adversary: China.Taken together, the responses will start to define how President Biden fashions his new administration’s response to escalating cyberconflict and whether he can find a way to impose a steeper penalty on rivals who regularly exploit vulnerabilities in government and corporate defenses to spy, steal information and potentially damage critical components of the nation’s infrastructure.The first major move is expected over the next three weeks, officials said, with a series of clandestine actions across Russian networks that are intended to be evident to President Vladimir V. Putin and his intelligence services and military but not to the wider world.The officials said the actions would be combined with some kind of economic sanctions — though there are few truly effective sanctions left to impose — and an executive order from Mr. Biden to accelerate the hardening of federal government networks after the Russian hacking, which went undetected for months until it was discovered by a private cybersecurity firm.The issue has taken on added urgency at the White House, the Pentagon and the intelligence agencies in recent days after the public exposure of a major breach in Microsoft email systems used by small businesses, local governments and, by some accounts, key military contractors.Microsoft identified the intruders as a state-sponsored Chinese group and moved quickly to issue a patch to allow users of its software to close off the vulnerability.But that touched off a race between those responsible for patching the systems and a raft of new attackers — including multiple other Chinese hacking groups, according to Microsoft — who started using the same exploit this week.The United States government has not made public any formal determination of who was responsible for the hacking, but at the White House and on Microsoft’s campus in Redmond, Wash., the fear is that espionage and theft may be a prelude to far more destructive activity, such as changing data or wiping it out.The White House underscored the seriousness of the situation in a statement on Sunday from the National Security Council.“The White House is undertaking a whole of government response to assess and address the impact” of the Microsoft intrusion, the statement said. It said the response was being led by Anne Neuberger, a former senior National Security Agency official who is the first occupant of a newly created post: deputy national security adviser for cyber and emerging technologies.The statement said that national security officials were working throughout the weekend to address the hacking and that “this is an active threat still developing, and we urge network operators to take it very seriously.”Jake Sullivan, Mr. Biden’s national security adviser, said on Twitter on Thursday that the White House was “closely tracking” the reports that the vulnerabilities in Microsoft Exchange were being used in “potential compromises of U.S. think tanks and defense industrial base entities.”The discovery came as Mr. Biden’s national security team, led by Mr. Sullivan and Ms. Neuberger, has moved to the top of its agenda an effort to deter attacks, whether their intent is theft, altering data or shutting down networks entirely. For the president, who promised that the Russian attack would not “go unanswered,” the administration’s reactions in the coming weeks will be a test of his ability to assert American power in an often unseen but increasingly high-stakes battle among major powers in cyberspace.A mix of public sanctions and private actions is the most likely combination to force a “broad strategic discussion with the Russians,” Mr. Sullivan said in an interview on Thursday, before the scope of the Chinese attack was clear.“I actually believe that a set of measures that are understood by the Russians, but may not be visible to the broader world, are actually likely to be the most effective measures in terms of clarifying what the United States believes are in bounds and out of bounds, and what we are prepared to do in response,” he added.From the first day of the new administration, Mr. Sullivan has been reorganizing the White House to fashion such responses. The same order he issued on Jan. 20, requiring the military to advise the White House before conducting drone strikes outside war zones, contained a paragraph with separate instructions for dealing with major cyberoperations that risk escalating conflict.The order left in place, however, a still secret document signed by President Donald J. Trump in August 2018 giving the United States Cyber Command broader authorities than it had during the Obama administration to conduct day-to-day, short-of-war skirmishes in cyberspace, often without explicit presidential authorization.Under the new order, Cyber Command will have to bring operations of significant size and scope to the White House and allow the National Security Council to review or adjust those operations, according to officials briefed on the memo. The forthcoming operation against Russia, and any potential response to China, is likely to fall in this category.The hacking that Microsoft has attributed to China poses many of the same challenges as the SolarWinds attack by the Russians that was discovered late last year.Credit…Swayne B. Hall/Associated PressAmerican officials continue to try to better understand the scope and damage done by the Chinese attack, but every day since its revelation has suggested that it is bigger, and potentially more harmful, than first thought.“This is a crazy huge hack,” Christopher C. Krebs, the former director of the Cybersecurity and Infrastructure Security Agency, wrote on Twitter on Friday.The initial estimates were that 30,000 or so systems were affected, mostly those operated by businesses or government agencies that use Microsoft software and run their email systems in-house. (Email and others systems run on Microsoft’s cloud were not affected.)But the breadth of the intrusion and the identities of the victims are still unclear. And while the Chinese deployed the attack widely, they might have sought only to take information from a narrow group of targets in which they have the highest interest.There is little doubt that the scope of the attack has American officials considering whether they will have to retaliate against China as well. That would put them in the position of engaging in a potentially escalating conflict with two countries that are also its biggest nuclear-armed adversaries.It has become increasingly clear in recent days that the hacking that Microsoft has attributed to Beijing poses many of the same challenges as the SolarWinds attack conducted by the Russians, although the targets and the methodology are significantly different.Like the Russians, the Chinese attackers initiated their campaign against Microsoft from computer servers — essentially cloud services — that they rented under assumed identities in the United States. Both countries know that American law prohibits intelligence agencies from looking in systems based in the United States, and they are exploiting that legal restriction.“The Chinese actor apparently spent the time to research the legal authorities and recognized that if they could operate from inside the United States, it takes some of the government’s best threat-hunters off the field,” Tom Burt, the Microsoft executive overseeing the investigation, said on Friday.The result was that in both the SolarWinds and the more recent Chinese hacking, American intelligence agencies appeared to have missed the evidence of what was happening until a private company saw it and alerted the authorities.The debate preoccupying the White House is how to respond. Mr. Sullivan served as Mr. Biden’s national security adviser while he was vice president, as the Obama administration struggled to respond to a series of attacks.Those included the Chinese effort that stole 22.5 million security-clearance records from the Office of Personnel Management in 2014 and the Russian attack on the 2016 presidential election.In writings and talks over the past four years, Mr. Sullivan has made clear that he believes traditional sanctions alone do not sufficiently raise the cost to force powers like Russia or China to begin to talk about new rules of the road for cyberspace.But government officials often fear that too strong a response risks escalation.That is a particular concern in the Russian and Chinese attacks, where both countries have clearly planted “back doors” to American systems that could be used for more destructive purposes.American officials say publicly that the current evidence suggests that the Russian intention in the SolarWinds attack was merely data theft. But several senior officials, when speaking not for attribution, said they believed the size, scope and expense of the operation suggested that the Russians might have had much broader motives.“I’m struck by how many of these attacks undercut trust in our systems,” Mr. Burt said, “just as there are efforts to make the country distrust the voting infrastructure, which is a core component of our democracy.”Russia broke into the Democratic National Committee and state voter-registration systems in 2016 largely by guessing or obtaining passwords. But they used a far more sophisticated method in the SolarWinds hacking, inserting code into the company’s software updates, which ushered them deep into about 18,000 systems that used the network management software. Once inside, the Russians had high-level access to the systems, with no passwords required.Similarly, four years ago, a vast majority of Chinese government hacking was conducted via email spear-phishing campaigns. But over the past few years, China’s military hacking divisions have been consolidating into a new strategic support force, similar to the Pentagon’s Cyber Command. Some of the most important hacking operations are run by the stealthier Ministry of State Security, China’s premier intelligence agency, which maintains a satellite network of contractors.Beijing also started hoarding so-called zero-days, flaws in code unknown to software vendors and for which a patch does not exist.In August 2019, security researchers got their first glimpse of how these undisclosed zero-day flaws were being used: Security researchers at Google’s Project Zero and Volexity — the same company in Reston, Va., that discovered the Microsoft attack — found that Chinese hackers were using a software vulnerability to spy on anyone who visited a website read by Uighurs, an ethnic minority group whose persecution has drawn international condemnation.For two years, until the campaign was discovered, anyone who visited the sites unwittingly downloaded Chinese implants onto their smartphones, allowing Beijing to monitor their communications.Kevin Mandia of FireEye, Sudhakar Ramakrishna of SolarWinds and Brad Smith of Microsoft testified last month in a Senate Intelligence Committee hearing on the Russian hacking.Credit…Drew Angerer/Agence France-Presse, via Pool/Afp Via Getty ImagesThe Chinese attack on Microsoft’s servers used four zero-days flaws in the email software. Security experts estimated on Friday that as many as 30,000 organizations were affected by the hacking, a detail first reported by the security writer Brian Krebs. But there is some evidence that the number could be much higher.AdvertisementContinue reading the main story More

  • in

    Biden to Restore Homeland Security and Cybersecurity Aides to Senior White House Posts

    #masthead-section-label, #masthead-bar-one { display: none }The Coronavirus OutbreakliveLatest UpdatesMaps and CasesA Future With CoronavirusVaccine InformationF.A.Q.TimelineAdvertisementContinue reading the main storySupported byContinue reading the main storyBiden to Restore Homeland Security and Cybersecurity Aides to Senior White House PostsThe two appointments illustrate how the president-elect appears determined to rebuild a White House national security team to focus on threats that critics say were ignored by President Trump.The headquarters of the National Security Agency at Fort Meade, Md. President-elect Joseph R. Biden Jr. is expected to take a harder stand against Russian hacking.Credit…T.J. Kirkpatrick for The New York TimesJan. 13, 2021Updated 7:51 a.m. ETPresident-elect Joseph R. Biden Jr., facing the rise of domestic terrorism and a crippling cyberattack from Russia, is elevating two White House posts that all but disappeared in the Trump administration: a homeland security adviser to manage matters as varied as extremism, pandemics and natural disasters, and the first deputy national security adviser for cyber and emerging technology.The White House homeland security adviser will be Elizabeth Sherwood-Randall, according to transition officials. She is a longtime aide to Mr. Biden who served under President Barack Obama as senior director for Europe and then deputy secretary of energy, where she oversaw the modernization of the nuclear arsenal.And for the complex task of bolstering cyberoffense and defense, Mr. Biden has carved out a role for Anne Neuberger, a rising official at the National Security Agency. She ran the Russia Small Group, which mounted a pre-emptive strike on the Kremlin’s cyberactors during the 2018 midterm elections, part of an effort to counter Moscow after its interference in the 2016 presidential election.For the past 15 months, she has overseen the agency’s Cybersecurity Directorate, a newly formed organization to prevent digital threats to sensitive government and military industry networks. But it has also been an incubator for emerging technologies, including the development of impenetrable cryptography — the National Security Agency’s original mission nearly 70 years ago — with a new generation of quantum computers.Taken together, the two appointments show how Mr. Biden appears determined to rebuild a national security apparatus that critics of the Trump administration say withered for the past four years. The new White House team will focus on threats that were battering the United States even before the coronavirus pandemic reordered the nation’s challenges.Transition officials say that Ms. Sherwood-Randall and Ms. Neuberger will be given new powers to convene officials from around the government to deal with emerging threats. Both are expected to begin their jobs on Jan. 20, since neither position requires Senate confirmation.Ms. Sherwood-Randall will have to oversee the effort to contain right-wing groups that laid siege to the Capitol last week, and Ms. Neuberger will face the aftermath of the most unnerving cyberbreach to affect the federal government. She will, senior officials say, have to help determine how to make good on Mr. Biden’s vow that the hackers behind the recent intrusion, which has spread across government networks, “will pay a price.”Ms. Sherwood-Randall, a Rhodes Scholar who in recent years has been a professor at the Georgia Institute of Technology, had been considered a candidate for secretary of energy. The job went to Jennifer Granholm, a former governor of Michigan.She will serve as the White House homeland security adviser, a position created by President George W. Bush that became more powerful under Mr. Obama, and is distinct from the secretary of the Department of Homeland Security, who sits in the cabinet.“We’re going to be dealing at once again with border security, biosecurity, global public health and strengthening the resilience of our own democracy,” she said in a brief interview. “The last of those have grown more urgent.”The Coronavirus Outbreak More

  • in

    Biden Assails Trump Over Handling of Russia Hack

    #masthead-section-label, #masthead-bar-one { display: none }The Presidential TransitionliveLatest UpdatesElectoral College ResultsBiden’s CabinetInaugural DonationsAdvertisementContinue reading the main storySupported byContinue reading the main storyBiden Assails Trump Over Handling of Russia Hack“This assault happened on Donald Trump’s watch when he wasn’t watching,’’ President-elect Joseph R. Biden Jr. said.“The attacker succeeded in catching the federal government off guard and unprepared,” President-elect Joseph R. Biden Jr. said on Tuesday at a news conference in Wilmington, Del.Credit…Amr Alfiky/The New York TimesDec. 22, 2020Updated 9:54 p.m. ETWASHINGTON — President-elect Joseph R. Biden Jr. accused President Trump on Tuesday of “irrational downplaying” of the widespread hack of the federal government and American industry, saying that the current administration was denying him needed intelligence and warning Russia that he would not allow the intrusion into American systems to “go unanswered” after he takes office.“This assault happened on Donald Trump’s watch when he wasn’t watching,’’ Mr. Biden said at a news conference in Delaware. “It is still his responsibility as president to defend American interests for the next four weeks, but rest assured that even if he does not take it seriously, I will.”The direct critique was a remarkable departure from the usual one-president-at-a-time tradition, in which incoming presidents are careful about not second-guessing the actions of the incumbent. But Mr. Trump’s refusal to recognize Mr. Biden’s Electoral College victory, and his effort to subvert the results, has clearly poisoned elements of the transition process.In recent days Mr. Biden’s aides have come to realize that the scope of the intrusion — which landed the Russians inside the email system used by top Treasury officials, and won them access to the networks of the Energy, Commerce and Homeland Security Departments and dozens of American companies — could pose a threat in the opening days of the new administration.Mr. Biden acknowledged as much, indirectly, when asked about his statement that he could not ensure government systems could be trusted when he take office.“Of course I can’t,’’ he said. “I don’t know what the state of them is. They’re clearly not safe right now.”Privately, members of his staff have said that while they have received briefings on the subject, they have been bare-bones. And the shutdown of recent cooperation between the transition team and the Defense Department has encompassed the National Security Agency and United States Cyber Command — the quasi-civilian and military sides of the nation’s foreign offensive and defensive operations.“There’s still so much we don’t know including the full scale of the breach or the extent of the damage it has caused,’’ Mr. Biden said. He was alluding to the quiet internal warnings that Russia may have been able to place “back doors” in government systems and, in the worst case, manipulate data or sabotage systems.“It was carried out by using sophisticated cybertools, and the attacker succeeded in catching the federal government off guard and unprepared,” Mr. Biden said.Unlike Mr. Trump, he left no doubt he believed that Russia was responsible, noting that both Secretary of State Mike Pompeo and Attorney General William P. Barr have said as much publicly, even if Mr. Trump would not. And he said once there was a formal determination of responsibility, a task that could take intelligence agencies weeks, “we will respond and probably respond in kind.”The Presidential TransitionLatest UpdatesUpdated Dec. 22, 2020, 9:33 p.m. ETTrump demands changes to coronavirus relief bill, calling it a ‘disgrace.’Birx says she will retire after Biden transition.In a shift, Twitter won’t transfer followers of official White House accounts when Biden takes office.That vow is likely to prove easier to issue from the Wilmington stage than it will be to execute from the Situation Room. Mr. Biden’s first encounter with President Vladimir V. Putin of Russia will be on another topic: The two men will have 16 days to negotiate an extension of up to five years of New Start, the nuclear arms control treaty that expires in early February.That will force Mr. Biden to be striking a deal to prevent one threat — a nuclear arms race — while simultaneously threatening retaliation on a newer type of threat.Moreover, while the United States is awash in digital targets, Russia is a far less connected society, making an “in kind” response more difficult. And it is hardly a state secret that the United States already spies on Russian systems, and has turned off computers at the Internet Research Agency, the Kremlin-backed disinformation group that was involved in the 2016 election interference. Last year, The New York Times reported that the U.S. had also implanted malware into Russia’s electric power grid — as a warning to Moscow after the discovery that Russia had put malware in the U.S. grid.“Of course the U.S. intelligence community does these every day and twice on Sundays,’’ Dmitri Alperovitch, the chairman of Silverado Policy Accelerator, a think tank, and the former chief technology officer of the cybersecurity firm CrowdStrike, where he specialized in Russian cyberoperations.Speaking on Deep State Radio, a podcast, he said, “we have all used supply chain attacks, and we can’t say it’s OK for us and not for others.”In fact, the Russians often cite such U.S. operations to argue that American outrage over espionage and even more extensive cyberattacks is manufactured.Mr. Biden said that the United States should be “getting together with our allies to try to set up an international system that will constitute appropriate behavior in cyberspace” and “hold any other country liable for breaking out of those basic rules.”Such efforts are hardly new. Mr. Obama tried a basic agreement with President Xi Jinping of China late in his term, after the Chinese were caught removing 22.5 million security clearance files from the Office of Personnel Management, another hack that went largely undetected for a year. The accord quickly fell apart after Mr. Obama left office.A parallel effort inside the United Nations also quickly frayed. While another one is expected to issue a report in 2021, much of the debate has been hijacked by Russia and China to focus on limiting dissent on the internet and pressing for the “true identity” of everyone online — which would make it easier for them to sniff out dissidents.But the more immediate problem for Mr. Biden may be finding, and securing, vulnerable elements of the software supply chain that Russia exploited when it bored into network management software made by SolarWinds, an Austin, Texas firm, and corrupted its updates with malware. That is one of several ways Russia is believed to have entered such an array of agencies and corporations.Amid the investigation into the Russian hack, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency released a report based on a two-year, still unfinished review of the risks to the United States of a supply chain attack.The report concluded that supply chain risks “could have far-reaching and potentially devastating impacts,” a bit of an understatement as the government feverishly digs through its systems for evidence of Russian compromise.Nicole Perlroth contributed reporting.AdvertisementContinue reading the main story More

  • in

    Trump Administration Is Criticized Over Proposal to Split Cyberoperations Leadership

    @media (pointer: coarse) {
    .nytslm_outerContainer {
    overflow-x: scroll;
    -webkit-overflow-scrolling: touch;
    }
    }

    .nytslm_outerContainer {
    display: flex;
    align-items: center;
    /* Fixes IE */
    overflow-x: auto;
    box-shadow: -6px 0 white, 6px 0 white, 1px 3px 6px rgba(0, 0, 0, 0.15);
    padding: 10px 1.25em 10px;
    transition: all 250ms;
    -ms-overflow-style: none;
    /* IE 10+ */
    scrollbar-width: none;
    /* Firefox */
    background: white;
    margin-bottom: 20px;
    z-index: 1000;
    }

    @media (min-width: 1024px) {
    .nytslm_outerContainer {
    margin-bottom: 0px;
    padding: 13px 1.25em 10px;
    }
    }

    .nytslm::-webkit-scrollbar {
    display: none;
    /* Safari and Chrome */
    }

    .nytslm_innerContainer {
    margin: unset;
    display: flex;
    align-items: center;
    }

    @media (min-width: 600px) {
    .nytslm_innerContainer {
    margin: auto;
    min-width: 600px;
    }
    }

    .nytslm_title {
    padding-right: 1em;
    border-right: 1px solid #ccc;
    }

    @media (min-width: 740px) {
    .nytslm_title {
    max-width: none;
    font-size: 1.0625rem;
    line-height: 1.25rem;
    }
    }

    .nytslm_spacer {
    width: 0;
    border-right: 1px solid #E2E2E2;
    height: 45px;
    margin: 0 1.4em;
    }

    .nytslm_list {
    font-family: nyt-franklin, helvetica, arial, sans-serif;
    display: flex;
    width: auto;
    list-style: none;
    padding-left: 1em;
    flex-shrink: 0;
    align-items: baseline;
    justify-content: center;
    }

    .nytslm_li {
    margin-right: 1.4em;
    flex-shrink: 0;
    font-size: 0.8125rem;
    line-height: 0.8125rem;
    font-weight: 600;
    padding: 1em 0;
    }

    #nytslm .nytslm_li a {
    color: #121212;
    text-decoration: none;
    }

    #nytslm .nytsmenu_li_current,
    #nytslm .nytslm_li a:hover,
    #nytslm .nytslm_li a:active,
    #nytslm .nytslm_li a:focus {
    color: #121212;
    border-bottom: 2px solid #121212;
    padding-bottom: 2px;
    }

    .nytslm_li_live_loud:after {
    content: ‘LIVE’
    }

    .nytslm_li_live_loud {
    background-color: #d0021b;
    color: white;
    border-radius: 3px;
    padding: 4px 6px 2px 6px;
    margin-right: 2px;
    display: inline-block;
    letter-spacing: 0.03rem;
    font-weight: 700;
    }

    .nytslm_li_upcoming_loud {
    border: 1px solid #d0021b;
    color: #d0021b;
    border-radius: 3px;
    padding: 4px 6px 2px 6px;
    margin-right: 2px;
    display: inline-block;
    letter-spacing: 0.03rem;
    font-weight: 700;
    }

    .nytslm_li_upcoming_loud:before {
    content: ‘Upcoming’
    }

    .nytslm_li_loud a:hover,
    .nytslm_li_loud a:active,
    .nytslm_li_loud a:focus {
    border-bottom: 2px solid;
    padding-bottom: 2px;
    }

    .nytslm_li_updated {
    color: #777;
    }

    #masthead-bar-one {
    display: none;
    }

    .electionNavbar__logoSvg {
    width: 80px;
    align-self: center;
    display: flex;
    }

    @media(min-width: 600px) {
    .electionNavbar__logoSvg {
    width: 100px;
    }
    }

    .nytslm_notification {
    border-left: 1px solid #ccc;
    font-family: nyt-franklin, helvetica, arial, sans-serif;
    padding-left: 1em;
    }

    .nytslm_notification_label {
    color: #D0021B;
    text-transform: uppercase;
    font-weight: 700;
    font-size: 0.6875rem;
    margin-bottom: 0.2em;
    letter-spacing: 0.02em;
    }

    .nytslm_notification_link {
    font-weight: 600;
    color: #121212;
    display: flex;
    align-items: center;
    }

    .nytslm_notification_headline {
    font-size: 0.875rem;
    line-height: 1.0625rem;
    }

    .nytslm_notification_image_wrapper {
    position: relative;
    max-width: 75px;
    margin-left: 10px;
    flex-shrink: 0;
    }

    .nytslm_notification_image {
    max-width: 100%;
    }

    .nytslm_notification_image_live_bug {
    position: absolute;
    text-transform: uppercase;
    bottom: 7px;
    left: 2px;

    font-size: 0.5rem;
    background-color: #d0021b;
    color: white;
    border-radius: 3px;
    padding: 4px 4px 2px 4px;
    font-weight: 700;
    margin-right: 2px;
    letter-spacing: 0.03rem;
    }

    /* No hover state on in app */
    .Hybrid .nytslm_li a:hover,
    .Hybrid .nytslm_li_loud a:hover {
    border-bottom: none;
    padding-bottom: 0;
    }

    .Hybrid #TOP_BANNER_REGION {
    display: none;
    }

    .nytslm_st0 {
    fill: #f4564a;
    }

    .nytslm_st1 {
    fill: #ffffff;
    }

    .nytslm_st2 {
    fill: #2b8ad8;
    }

    Electoral College Results

    Election Disinformation

    Full Results

    Biden Transition Updates

    “),e+=””+b+””,e+=””,d&&(e+=””,e+=””,e+=”Live”,e+=””),e+=””,e}function getVariant(){var a=window.NYTD&&window.NYTD.Abra&&window.NYTD.Abra.getAbraSync&&window.NYTD.Abra.getAbraSync(“STYLN_elections_notifications”);// Only actually have control situation in prd and stg
    return[“www.nytimes.com”,”www.stg.nytimes.com”].includes(window.location.hostname)||(a=”STYLN_elections_notifications”),a||”0_control”}function reportData(){if(window.dataLayer){var a;try{a=dataLayer.find(function(a){return!!a.user}).user}catch(a){}var b={abtest:{test:”styln-elections-notifications”,variant:getVariant()},module:{name:”styln-elections-notifications”,label:getVariant(),region:”TOP_BANNER”},user:a};window.dataLayer.push(Object.assign({},b,{event:”ab-alloc”})),window.dataLayer.push(Object.assign({},b,{event:”ab-expose”})),window.dataLayer.push(Object.assign({},b,{event:”impression”}))}}function insertNotification(a,b){// Bail here if the user is in control
    if(reportData(),”0_control”!==getVariant()){// Remove menu bar items or previous notification
    var c=document.querySelector(“.nytslm_innerContainer”);if(c&&1 30 * 60 * 1000) return restoreMenuIfNecessary();
    // Do not update DOM if the content won’t change
    if(currentNotificationContents!==a.text&&window.localStorage.getItem(“stylnelecs”)!==a.timestamp)// Do not show if user has interacted with this link
    // if (Cookie.get(‘stylnelecs’) === data.timestamp) return;
    {expireLocalStorage(“stylnelecs”),currentNotificationContents=a.text;// Construct URL for tracking
    var b=a.link.split(“#”),c=b[0]+”?action=click&pgtype=Article&state=default&module=styln-elections-notifications&variant=1_election_notifications&region=TOP_BANNER&context=Menu#”+b[1],d=formatNotification(c,a.text,a.kicker,a.image);insertNotification(d,function(){var b=document.querySelector(“.nytslm_notification_link”);return b?void(b.onclick=function(){window.localStorage.setItem(“stylnelecs”,a.timestamp)}):null})}})}(function(){navigator.userAgent.includes(“nytios”)||navigator.userAgent.includes(“nyt_android”)||window.stylnelecsHasLoaded||(// setInterval(getUpdate, 5000);
    window.stylnelecsHasLoaded=!0)})(),function(){try{if(navigator.userAgent.includes(“nytios”)||navigator.userAgent.includes(“nyt_android”)){var a=document.getElementsByClassName(“nytslm_title”)[0];a.style.pointerEvents=”none”}}catch(a){}}(); More

  • in

    Trump Contradicts Pompeo Over Russia’s Role in Hack

    AdvertisementContinue reading the main storySupported byContinue reading the main storyTrump Contradicts Pompeo Over Russia’s Role in HackHours after the secretary of state said that Moscow was behind the vast cybersecurity breach, the president suggested it might have been China and downplayed the severity of the attack.Secretary of State Mike Pompeo at the White House last week. In an interview on “The Mark Levin Show,” Mr. Pompeo called the attack a “very significant effort.”Credit…Oliver Contreras for The New York TimesDavid E. Sanger and Dec. 19, 2020Updated 3:54 p.m. ETHours after Secretary of State Mike Pompeo told a conservative radio show host that “we can say pretty clearly that it was the Russians” behind the vast hack of the federal government and American industry, he was contradicted on Saturday by President Trump, who sought to muddy the intelligence findings by raising the possibility that China was responsible.Defying the conclusions of experts inside and outside the government who say the attack was a cybersecurity breach on a scale Washington has never experienced, Mr. Trump also played down the severity of the hack, saying “everything is well under control,” insisting that the news media has exaggerated the damage and suggesting, with no evidence, that the real issue was whether the election results had been compromised.“There could also have been a hit on our ridiculous voting machines during the election,” he wrote on Twitter in his latest iteration of that unfounded conspiracy theory. He tagged Mr. Pompeo, the latest cabinet member to anger him, in his Twitter post. With 30 days left in office, Mr. Trump’s dismissive statements made clear there would be no serious effort by his administration to punish Russia for the hack, and national security officials say they are all but certain to hand off the fallout and response to President-elect Joseph R. Biden Jr.So in the midst of a global pandemic, Mr. Biden will inherit a government so laced with electronic tunnels bored by Russian intelligence that it may be months, years even, before he can trust the systems that run much of Washington. And in his first days in office, even as he has to deal with Russia on arms control and other issues, he will have to confront a quandary that has confounded his predecessors for a quarter of a century: Retaliation for cyber intrusions often results in escalation.As Michael Sulmeyer, now a senior adviser to United States Cyber Command, put it before he entered government, America “lives in the glassiest of glass houses.” The United States is more reliant than almost any other nation on fragile computer networks that make the government and economy hum, making it an especially ripe target for short-of-war attacks like the one executed by the Kremlin.In contrast to Mr. Trump, who has always been reluctant to confront Moscow and President Vladimir V. Putin, Mr. Biden has signaled that he will not let the intrusion, whose full extent is not yet known, go unanswered.“A good defense isn’t enough,’’ Mr. Biden said Thursday, vowing to impose “substantial costs on those responsible for such malicious attacks.”He will not find that easy.Mr. Trump’s tweet was his first comment on the hack, which came to light a week ago. Privately, the president has called the hack a “hoax” and pressured associates to downplay its significance and push alternate theories for who is responsible, two people familiar with the exchanges said. Larry Kudlow, his economic adviser, told reporters on Friday, “People are saying Russia. I don’t know that. It could be other countries.”The president’s unexplained reluctance to blame Russia — which through its embassy in Washington has denied complicity in the attack — has only complicated the response, investigators say. The government only learned of the hack from FireEye, a cybersecurity company, after the firm was itself breached. And Microsoft’s president, Brad Smith, said Thursday that government agencies are approaching Microsoft — not the national security establishment — to understand the extent of the Russian breach.“This is the most consequential cyberespionage campaign in history and the fact that the government is absent is a huge problem for the nation,” said Dmitri Alperovitch, a co-founder of CrowdStrike, a security firm, who is now chairman of Silverado Policy Accelerator, a think tank.“The response has been a total disaster, not just because of the president, but because whoever is left is just polishing up their resumes,” he said. “There’s no coordination and every agency is just doing whatever they can to help themselves.”Mr. Trump’s comments on Saturday had echoes of his stance toward the hacks during 2016 presidential campaign, when he contradicted intelligence findings to claim it was China, or a “400 pound” person “sitting on his bed,” not Russia, who interfered in that election. Two years later, Mr. Trump’s own Justice Department indicted 12 Russian intelligence officers.“Never has there been a President work so hard to provide cover for Russia,” said Clint Watts, a former F.B.I. special agent and Russian information warfare expert at the Foreign Policy Research Institute. All countries spy on each other, of course, and — for now — that appears to have been the first objective of the Russian campaign, one that researchers said on Friday appears to date back to October 2019, six months earlier than initially believed.That was when hackers, presumed to be working for the SVR, one of the most elite and talented of the Russian spy agencies, first broke into the SolarWinds network management software, which is used across the federal government and by three-quarters of the nation’s Fortune 500 companies.The theory is that the Russians were trying to figure out whether they could get into the “supply chain” of software that would give them broad access to the array of systems that make America tick.What no one in the Trump administration wants to address, at least publicly, is how the Russians managed to evade billions of dollars in American-built defenses designed to alert agencies to foreign intrusions. That question, too, now seems certain to be left to Mr. Biden to answer.From their new cyber command center in Fort Meade, Md., the NSA and Cyber Command monitor incoming attacks, the way generations of American military officials jammed underground command centers to look for incoming missile attacks. In this case, the sensors never went off, and the commander of those cyber forces, Gen. Paul M. Nakasone, one of the nation’s most experienced cyber warriors, has said not one word in public about what went wrong.The private sector will face hard questions as well. The majority of infections, Microsoft said, were of private firms, many of them cybersecurity companies. FireEye only detected the attack after Russians cleaned it out too, taking the “Red Team” tools the firm uses to probe corporate and government systems for vulnerabilities.The Russian attack was carefully calibrated to avoid cybersecurity defenses. It gained access to the updates of the SolarWinds software — akin to the updates Apple and other phone makers push onto cellphones as they charge overnight — betting that small changes in code would not be noticed.By compromising the updates, they gained access to 18,000 government agencies and companies. From there they planted “back doors” into the networks of some 40 companies, government agencies and think tanks, according to Microsoft, that allowed them to come and go, steal data and — though it apparently has not happened yet — alter data or conduct destructive attacks.“This was a cybersecurity superspreading event,’’ Mr. Smith said in an interview on Thursday evening, calling it “a moment of reckoning.” While Mr. Trump began his time in office with a strong cybersecurity team in the White House, his third national security adviser, John R. Bolton, ousted them and eliminated the post of a cyber czar with direct access to the president.The new National Defense Authorization Act, which Mr. Trump is threatening to veto for other reasons, would recreate such a post. Yet until Mr. Pompeo, who ran the C.I.A. for the first two years of the Trump administration, made his assessment in an interview on “The Mark Levin Show,” the administration had all but ignored the attack in public — perhaps realizing that an administration that came into office on the heels of Russian interference in the 2016 election was leaving as the victim of one of Russia’s most well-executed cyberattacks.“This was a very significant effort,” Mr. Pompeo said, adding that “we’re still unpacking precisely what it is.” He said he expected most of the details would remain classified.“Given the gravity of this breach, it’s concerning that President Trump is paying so little attention to it,” said Senator Martin Heinrich, the Democrat from New Mexico, home to the Los Alamos nuclear lab that Russians breached in the attack.He and other Democrats have pushed for an aggressive response. “We have failed to deter the Russians,” Senator Chris Coons of Delaware, a Democrat who is close to Mr. Biden, said on Thursday. “We are only going to see Putin stop this action when we stop him.” But if history is any guide, finding the right way to retaliate will be difficult. The United States conducts its own spying missions. America has carried out supply chain attacks, too, including against Iran’s nuclear centrifuges and its missile program. It has been running them against North Korea for years.“The U.S. government has no principled basis to complain about the Russia hack, much less retaliate for it with military means, since the U.S. government hacks foreign government networks on a huge scale every day,” Jack Goldsmith, a Harvard Law School professor who worked in the Bush administration.“Indeed, a military response to the Russian hack would violate international law.” he added. “The United States does have options, but none are terribly attractive.”That is the core of Mr. Biden’s problem. In the first 16 days of his presidency he will have to deal with Mr. Putin to address the renewal of New START, the nuclear arms control treaty that expires on Feb. 5. Mr. Biden has said he favors a clean renewal of the agreement, which can be extended five years without having to return to the Senate for approval.But he will be conducting that negotiation while also dealing with the question of how to retaliate to an ongoing attack whose full extent is still unknown.“They had unfettered access for nine months,” said Stephen Boyer, an executive at BitSight, a cybersecurity firm. “We may never know what we lost.” Reporting was contributed by Steve Kenny, Eric Schmitt and Julian Barnes.AdvertisementContinue reading the main story More

  • in

    Pompeo Says Russia Was Behind Cyberattack on U.S.

    AdvertisementContinue reading the main storySupported byContinue reading the main storyPompeo Says Russia Was Behind Cyberattack on U.S.Secretary of State Mike Pompeo is the first member of the Trump administration to publicly link the Kremlin to the hacking of dozens of government and private systems.Secretary of State Mike Pompeo at the White House last week. In an interview on the Mark Levin Show, Mr. Pompeo called the attack a “very significant effort.”Credit…Oliver Contreras for The New York TimesDec. 19, 2020Updated 8:12 a.m. ETSecretary of State Mike Pompeo said Friday it was clear that Russia was behind the widespread hacking of government systems that officials this week called “a grave risk” to the United States.Mr. Pompeo is the first member of the Trump administration to publicly link the Kremlin to the cyberattack, which used a variety of sophisticated tools to infiltrate dozens of government and private systems, including nuclear laboratories, the Pentagon, and the Treasury and Commerce Departments.“I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity,” Mr. Pompeo said in an interview on “The Mark Levin Show.”“This was a very significant effort,” he said, adding that “we’re still unpacking precisely what it is.”President Trump has yet to address the attack, which has been underway since spring and was detected by the private sector only a few weeks ago. Until Friday, Mr. Pompeo had played down the episode as one of the many daily attacks on the federal government.But intelligence agencies have told Congress that they believe it was carried out by the S.V.R., an elite Russian intelligence agency. As evidence of the attack’s scope piled up this week, the Cybersecurity and Infrastructure Security Agency sent out an urgent warning on Thursday that the hackers had “demonstrated an ability to exploit software supply chains and shown significant knowledge of Windows networks.”The agency added that it was likely that some of the attackers’ tactics, techniques and procedures had “not yet been discovered.” Investigators say it could take months to unravel the extent to which American networks and the technology supply chain have been compromised.Microsoft said it had identified 40 companies, government agencies and think tanks that the hackers had infiltrated. Nearly half are private technology firms, Microsoft said, many of them cybersecurity firms, like FireEye, that are charged with securing vast sections of the public and private sector.“There are more nongovernmental victims than there are governmental victims, with a big focus on I.T. companies, especially in the security industry,” Brad Smith, Microsoft’s president, said in an interview on Thursday.FireEye was the first to inform the government that the hackers had infected the periodic software updates issued by a company called SolarWinds since at least March. SolarWinds makes critical network monitoring software used by the government, hundreds of Fortune 500 companies and firms that oversee critical infrastructure, including the power grid.The national security adviser, Robert C. O’Brien, cut short a trip to the Middle East and Europe on Tuesday and returned to Washington to run crisis meetings to assess the situation. The F.B.I., the Cybersecurity and Infrastructure Security Agency and the Office of the Director of National Intelligence formed an urgent response group, the Cyber Unified Coordination Group, to coordinate the government’s responses to what the agencies called a “significant and ongoing cybersecurity campaign.”The Russians have denied any involvement. The Russian ambassador to the United States, Anatoly I. Antonov, said Wednesday that there were “unfounded attempts by the U.S. media to blame Russia” for the recent cyberattacks.According to a person briefed on the attack, the S.V.R. hackers sought to hide their tracks by using American internet addresses that allowed them to conduct attacks from computers in the very city — or appearing so — in which their victims were based. They created special bits of code intended to avoid detection by American warning systems and timed their intrusions not to raise suspicions.The attacks, said the person briefed on the matter, shows that the weak point for the American government computer networks remains administrative systems, particularly ones that have a number of private companies working under contract.President-elect Joseph R. Biden Jr. said Thursday that his administration would impose “substantial costs” on those responsible.“A good defense isn’t enough; we need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place,” Mr. Biden said, adding, “I will not stand idly by in the face of cyberassaults on our nation.”Investigators and other officials say they believe the goal of the Russian attack was traditional espionage, the sort the National Security Agency and other agencies regularly conduct on foreign networks. But the extent and depth of the hacking raise concerns that hackers could ultimately use their access to shutter American systems, corrupt or destroy data, or take command of computer systems that run industrial processes. So far, though, there has been no evidence of that happening.Across federal agencies, the private sector and the utility companies that oversee the power grid, forensic investigators were still trying to unravel the extent of the compromise. But security teams say the relief some felt that they did not use the compromised systems turned to panic on Thursday, as they learned other third-party applications may have been compromised.Inside federal agencies and the private sector, investigators say they have been stymied by classifications and a siloed approach to information sharing.“We have forgotten the lessons of 9/11,” Mr. Smith said. “It has not been a great week for information sharing and it turns companies like Microsoft into a sheep dog trying to get these federal agencies to come together into a single place and share what they know.”Reporting was contributed by David E. Sanger, Nicole Perlroth, Eric Schmitt and Julian Barnes.AdvertisementContinue reading the main story More