U.S. Treasury Department Credit: Associated Press |
On Sunday, shortly after the cybersecurity giant FireEye had announced a security breach, the Trump administration released a statement confirming that hackers had broken into the networks of the Treasury and commerce departments as a part of a monthslong cyberespionage campaign. The threat has been reported to have come from the same source that afflicted FireEye and other foreign governments and major corporations. The most damning connection between FireEye and the subsequent attacks is the fact that the foriegn hackers stole the hacking tools of the company itself, who service state and local governments as well as global corporations. The hack may be an indication of a larger scale infiltration of the U.S. government, a case for major concern. FireEye services the U.S. military, the Pentagon, the State Department, NASA, the National Security Agency, the Department of Justice, and the WHite House, just to name a few. The Federal Bureau of Investigation is now looking into the attacks.
The compromised piece of software, SolarWinds, is used by thousands of companies, including most Fortune 500 companies, and U.S. federal agencies. In their own investigation, FireEye has stated that they identified a global campaign of targeting governments and companies through the SolarWinds software update. North Africa, Europe, Asia, and the Middle East were not exempt from this global hack. CEO Kevin Mandia stated, “[hackers] primarily sought information related to certain government customers,” but he did not elaborate on the specific customers.
Industry experts, as indicated by the Associated Press, suggest that the campaign seems like a Russian Trademark. Russia’s embassy responded to such claims, describing their association with the breach to be an “unfounded” attempt “of the U.S media to blame Russia for hacker attacks on U.S. governmental bodies.
This is not the first time the U.S. has been targeted in cybersecurity attacks. In 2014, hackers broke into the State Department’s email system. Many concerns are circulating about Rissian interference in the 2016 and 2020 elections, whether that be through social media or other means. Still, in order to gauge the scale and the perpetrator of this attack, we will have to wait for more results from existing investigations.
6 comments:
This is... deeply concerning, I think. The NYT article doesn't go too deep into the potential repercussions, instead addressing the process and some of the historical context, but the apparent large scale of this cyberattack makes me doubtful that it could be anything but extremely harmful to the international community. I'm almost left with more questions than I started with-- was it really the Russians? What was (or what were) the motive(s)? What kind of data did the attackers have access to, and how will they use it? Knowing that the Trump administration has a history of denial rather than active problem-solving, I wonder when the government ACTUALLY became aware of this issue.
Russians have a history of cyber-meddling, so this latest attack might be more a reflection of the status quo than a scary step forward. The issue is that this has happened enough times to become the "norm." I'm very interested to see what the government (and the other affected companies) do to protect themselves going forward.
Any form of security breach is definitely threatening, and as more information continues to unfold it will become clearer as to the direct causes of the infiltration. The primary suspect still remains the Austin-TX based IT firm Solar Winds, which was enabled by the Russian hackers behind the whole operation.
The Orion network management was the way Russia was able to access and infiltrate the system, and from there, the possibilities for corruption quickly spiraled. At this point, Solar Winds has declined to comment, but has stated that while an estimated 18,000 customers downloaded the new Orion updates, the actual number of victims is expected to be far less than the total population. CISA and the FBI are still investigating the confirmed breach, as more agencies are confirming how the hack is impacting them all.
https://www.cnet.com/news/major-hack-of-us-agencies-may-have-started-with-software-company-solarwinds/
With Covid Vaccine now out and distribution on the rise and on everyone's minds, its really interesting to see news that would usually be everywhere is considered "secondary" or not as prominent.
However, this is obviously very concerning and any leak of information serves as a threat and sign that there is a opening somewhere. Why hasn't the federal government clearly stated an approach to this issue and what kind of data has been compromised/who is at risk?
According to CNN the systems that were hacked belonged to at least the Department of Agriculture, Commerce and Homeland Security (https://www.cnn.com/2020/12/16/politics/us-government-agencies-hack-uncertainty/index.html) however there has been no response from the federal government on the issue right now and Russia is assumed to be behind this act.
I'm curious whether this was an attempt to find information to go through with a specific motive or a way for the hacker to show power.
The severity of this attack is quite large and could become a safety concern for many large corporations. Although the attack won't affect the general citizen, the security breach affect many government departments. Surprisingly, the NSA was unable to notice this breach and had to have been notified by FireEye that there was a breach in the Solar Wind software. There have been more speculations on the cause of this breach. A lot of rumors point the breach to a "Russian tainted software update" to Solar Wind. This malware, specially the Trojan horse type of virus, allowed some outsiders (many assume to be Russian hackers) access to many of the systems that downloaded this update. Like Anoush stated, those departments were affected and much of their data was seen by the hackers. Furthermore, there are large handful of private corporations that use the Solar Wind software which were affected by this breach. For example, Los Alamos National Laboratory was affected, and many of the nuclear weapon designs stored in their computers were exposed. Companies that also design and supply the US with weapons were also breached. Although not many individual citizens were affected, a lot of high-target values were successfully breached and a lot of information was stolen.
https://www.nytimes.com/2020/12/14/us/politics/russia-hack-nsa-homeland-security-pentagon.html
One element of this that I find especially concerning is how long it took for the attack to be noticed. While I'm not sure how long it took for stories to be published after it was detected, my impression is that this attack went unnoticed for far too long. I also thought Trump's response was interesting because it contradicts what most experts and members of the government are saying. "The Cyber Hack is far greater in the Fake News Media than in actuality...everything is well under control...it may be China (it may!). There could also have been a hit on our ridiculous voting machines during the election, which is now obvious that I won big, making it an even more corrupted embarrassment for the USA".
The magnitude of this attack on the US government is quite disturbing. Considering the fact that the vast majority of transactions are now being conducted online due to the pandemic, cybersecurity has become even more important than it already was. Additionally, millions of Americans are worried about their finances due to the pandemic, and there was a great deal of debate in Congress about federal aid legislation, which could be part of the reason that hackers were attacking the Treasury. It looks like shoring up the United States government’s cybersecurity defenses will be another one of Biden’s jobs once he becomes President in 2021.
Post a Comment