Wednesday, September 22

What we know, and still don’t know, about the worst US government cyberattack.


Almost a week after the US government announced that several federal agencies had been the target of a widespread cyber attack, the full scope and consequences of the alleged Russian attack are unknown.

Key federal agencies, from the Department of Homeland Security to the agency that oversees the United States’ nuclear weapons arsenal, were reportedly targeted, as were powerful technology and security companies, including Microsoft. Investigators are still trying to determine what information the hackers may have stolen and what they could do with it.

Donald Trump has yet to say anything about the attack, which federal officials said posed a “serious risk” to all levels of government. Joe Biden has promised a tougher response to cyber attacks, but did not offer details. Members of Congress are demanding more information on what happened, even as officials fighting for answers say the attack is “significant and ongoing.”

Here’s a look at what we know – and don’t know yet – about the worst cyberattack in history against US federal agencies.

What happened?

The hack began as early as March, when malicious code was introduced into updates to popular software called Orion, created by the company SolarWinds, which provides network monitoring and other technical services to hundreds of thousands of organizations around the world, including most of Fortune. 500 companies and government agencies in North America, Europe, Asia and the Middle East.

That malware in the updates gave elite hackers remote access to an organization’s networks so they could steal information. The apparent timeline of months gave hackers ample opportunity to extract information from many targets, including monitoring email and other internal communications.

Microsoft called it “an attack that is remarkable for its scope, sophistication and impact.”

Who has been affected so far?

At least six U.S. government departments, including the departments of energy, commerce, treasury, and state, are reported being raped. The networks of the National Nuclear Security Administration were also violated. Politico reported Thursday.

Dozens of security companies and other technology companies, as well as non-governmental organizations, were also affected, Microsoft said in a statement Thursday. While the majority of those affected by the attack were in the United States, Microsoft said it had identified additional victims in Canada, Mexico, Belgium, Spain, the United Kingdom, Israel and the United Arab Emirates.

“It is certain that the number and location of victims will continue to grow,” Microsoft added.

The US Department of the Treasury is among the departments said to have been breached in the attack.
The US Department of the Treasury is among the departments said to have been breached in the attack. Photograph: Brendan Smialowski / EPA

Who is responsible for the attack?

While the US government has not yet officially named who is responsible for the attack, US officials have told the media that they believe Russia to be the culprit. specifically SVR, Russia’s foreign intelligence team.

Andrei Soldatov, an expert on Russia’s spy agencies and author of The Red Web, told The Guardian that he believes the attack was most likely a joint effort by SVR and Russia’s FSB, the national spy agency that Putin headed. one time.

Russia has denied participation: “The Russians should not be blamed unfoundedly for everything,” a Kremlin spokesman said on Monday.

The infiltration tactic involved in the current hack, known as the “supply chain” method, recalled the technique that Russian military hackers used in 2016 to infect companies doing business in Ukraine with the NotPetya virus, which cleans the computer. hard drive, the most harmful cybernetic. -attack to date.

What information has been stolen and how is it used?

That remains very unclear.

“This hack was so far-reaching that even our cybersecurity experts still have no real sense as to the breadth of the intrusion itself,” said Stephen Lynch, chairman of the House reform and oversight committee. after attending a classified briefing on Friday.

Thomas Rid, Johns Hopkins Cyber ​​Conflict Expert, told the Associated Press that the hackers were likely to have collected such a large amount of data that “they themselves probably still don’t know” what useful information they have stolen.

What can be done to repair networks that have been compromised?

That is also not clear and is potentially very difficult.

“Removing this threat actor from compromised environments will be very complex and challenging for organizations,” said a statement from the Cybersecurity and Infrastructure Security Agency (Cisa) on Thursday.

One of Trump’s former national security advisers, Thomas Bossert, has already said publicly that a real solution can take years and be expensive and challenging.

“It will take years to know with certainty which networks the Russians control and which they simply occupy,” Bossert wrote in an op-ed from the New York Times on Wednesday. “The logical conclusion is that we must act as if the Russian government has control of all the networks it has penetrated.”

“It is mandatory to ‘redo’ and it is necessary to build completely new networks, and isolate them from the compromised networks,” he wrote.

Donald Trump has yet to comment on the attack, which has been attributed to Russia.
Donald Trump has yet to comment on the attack, which has been attributed to Russia. Photograph: Al Drago / Getty Images

How has Trump responded?

As of Friday afternoon, the US president had yet to say anything to address the attack.

Republican senator and former presidential candidate Mitt Romney has criticized Trump’s silence as unacceptable, particularly in response to an attack that he said was “as if Russian bombers have repeatedly been flying undetected over our entire country.”

“Not having the White House speaking out aggressively and protesting and taking punitive action is really extraordinary,” Romney said.

How has Biden responded?

So far, there have been tough talks but no clear plan by the president-elect.

“We need to disrupt and deter our adversaries from launching significant cyberattacks in the first place,” Biden said. “We will do so, among other things, by imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners.”

“There are many things we do not know yet, but what we do know is cause for great concern,” said Biden.

Could this attack have been prevented or deterred?

“What we could have done is have a consistent approach and not be at odds”, said Fiona Hill, an expert on Russia and a former member of Trump’s National Security Council, to PBS NewsHour this week, criticizing conflict and dysfunction within the Trump administration and between the United States and its allies on issues related to Russia.

If “we don’t have the president on one page and everyone else on another, and we are working together with our allies to roll this back, that would have a serious deterrent effect,” Hill said.

Other cybersecurity experts said the federal government could also do more to simply stay up-to-date on cybersecurity issues, saying that the Trump administration had failed on this front, including by eliminating the White House cybersecurity coordinator positions and Chief of Cybersecurity Policy of the State Department.

“It has been a frustrating time, the last four years. I mean, nothing has seriously happened in cybersecurity, ”Brandon Valeriano, an academic at Marine Corps University and an advisor to a US cyber defense commission, told the Associated Press.

Fiona Hill, a government expert on Russia, criticized the Trump administration's dysfunction.
Fiona Hill, a government expert on Russia, criticized the Trump administration’s dysfunction. Photograph: Shawn Thew / EPA

What options does the United States have to respond politically to this type of attack?

Some experts argue that the US government must do more to punish Russia for its apparent interference. The federal government could impose formal sanctions on Russia, such as when the Obama administration expelled Russian diplomats in retaliation for the meddling of Kremlin military hackers in favor of Donald Trump in the 2016 election. Or the United States could strike back in a way. more covert, for example, by making public the details of Putin’s own financial dealings.

But, as The Guardian’s Luke Harding noted, cyberattacks are “cheap, deniable and psychologically effective,” and Biden’s options for responding to Russia’s aggression are limited.

“The response eluded Barack Obama, who tried unsuccessfully to reestablish relations with Putin. The person who led this doomed mission was then-Secretary of State Hillary Clinton, herself a victim of Russian piracy in 2016, ”Harding wrote.

What are other possible consequences of the hack?

SolarWinds may face legal action from private customers and government entities affected by the violation. The company submitted a report to the Securities and Exchange Commission on Tuesday detailing the hack.

In it, the company said that the total revenue from the affected products was about $ 343 million, or about 45% of the company’s total revenue. SolarWinds’ share price has fallen 25% since the infringement was first known.

Moody’s Investors Service said Wednesday it was looking to downgrade the company, citing the “potential for reputational damage, material loss of customers, a slowdown in business performance and high legal and remediation costs.”

Associated Press contributed reporting.


www.theguardian.com

Leave a Reply

Your email address will not be published. Required fields are marked *

Share