According to reports, hackers associated with the Russian government succeeded in hacking multiple US government agencies in what could – or possibly ever have been – the biggest hack of government systems since the Obama administration.
Malware inserted into third-party software may have given hackers access to various government systems for months. It went undetected until last week when a cybersecurity company that makes hacking tools discovered its own systems had been breached.
Security agencies are currently assessing exactly which departments have been breached and what information has been accessed. So far, the Department of Commerce has confirmed that it has been hacked, and the Treasury and State Departments, Department of Homeland Security, parts of the Pentagon and the National Institutes of Health are believed to have been affected. There will probably be more.
According to anonymous officials, the hackers are a Russian group called Cozy Bear, also known as APT29. It was also the reason for the hack by the Democratic National Committee and Hillary Clinton Campaign staff during their 2016 campaign, as well as the 2014 hack of the White House and State Department unclassified networks. Cozy Bear is also believed to be behind the recent attacks on various organizations developing Covid-19 vaccines. The group is linked to Russian intelligence, although Russia has denied any involvement – a position it now maintains.
"Malicious activity in the information space contradicts the principles of Russian foreign policy, national interests and our understanding of international relations," the Russian embassy said in a statement. "Russia is not conducting offensive cyber operations."
The Trump administration was initially reluctant to officially say much about the hack or blame a particular country. Secretary of State Mike Pompeo told Breitbart Radio News on Monday that Russia may be behind this, but possibly China or North Korea as well.
Democrats had more to say. Illinois Senator Dick Durbin called it "practically a declaration of war by Russia on the United States," while Senator Richard Blumenthal (D-CT) said the classified information he received about "Russia's cyber attack" left him "deeply alarmed "back fact downright scared. "
Senator Mitt Romney (R-UT) came forward Thursday to compare the attack to "Russian bombers … repeatedly flying undetected across our country". He criticized America's "apparently inadequate" cybersecurity defenses and the president's "inexcusable silence and inaction" in response.
Following these allegations by the senators, Pompeo had become more definitive by the end of the week.
"We can say pretty clearly that it was the Russians who took part in this activity," he said in an interview on Friday.
However, President Donald Trump appeared to have received different information than anyone else. In his initial comments on the hack, almost a week after it was first reported, Trump tweeted that it was overdone and "under control" in the press, adding that China "may" be behind it and that the hack may be behind it is stuck with affected voting machines in the elections that he falsely still insists he has won.
But Trump's former Homeland Security adviser Thomas Bossert said in a statement to the New York Times that "the scale of this ongoing attack is difficult to exaggerate" and that it would take years to understand how widespread and harmful it was.
The hacks are believed to have started back in March last year via network monitoring software called Orion Platform, made by a Texan company called SolarWinds. According to SolarWinds, the company has more than 300,000 customers worldwide, including the American military, the Pentagon, the Department of Justice, the State Department, trade and finance, and more than 400 Fortune 500 companies (the webpage with this listing was shown) an error message up to Monday afternoon).
But not all of these customers used the Orion platform. According to the Washington Post, fewer than 18,000 customers are potentially affected, according to SolarWinds. The hackers were somehow able to inject malware into software updates that gave hackers access to those systems after they were installed.
FireEye, a cybersecurity company that was also a victim of the SolarWinds hack, has named this malware "SUNBURST". (Microsoft called it "Solorigate".) FireEye announced last week that it was under attack "by a nation with world-class offensive capabilities" and was reportedly the first to discover the hack – apparently not the government agencies tasked with protecting the country's cybersecurity infrastructure.
SolarWinds has now released software updates that correct the vulnerability and "apologizes for any inconvenience".
The commercial department was one of the first to confirm this a violation of one of its agencies but did not specify which one was hit. Citing anonymous sources, Reuters reported that the national telecommunications and information administration was the agency concerned and that hackers had had access to employee email for months. The Department of Energy also said it found malware on its corporate networks but did not interfere with "essential national security functions of the mission".
The Ministries of Finance, State, Agriculture and Homeland Security and the National Institutes of Health are believed to be also affected, but they have not officially confirmed whether this is the case. How extensive the hacks were or which systems were affected in these departments was also not published.
The Agency for Cybersecurity and Infrastructure Security (CISA) issued an emergency policy to civil federal agencies on December 13th to immediately disconnect affected products from their networks.
"The NSC is working closely with CISA, FBI, the intelligence community, and affected departments and agencies to coordinate the rapid and effective restoration of the entire government and the response to the recent compromise," said John Ullyot, spokesman for the National Security Council in an explanation.
Unlike the current president, President-elect Joe Biden responded quickly and insistently to news of the hack.
"My administration will give top priority to cybersecurity at all levels of government – and we will make dealing with this violation a top priority from the time we take office," Biden said in a statement on Thursday. “We have to disrupt our opponents and prevent them from carrying out significant cyber attacks in the first place. We will do this by, among other things, imposing significant costs on those responsible for such malicious attacks, also in coordination with our allies and partners. Our opponents should know that, as President, I will not stand idly by in the face of cyber attacks on our nation. "
Open Sourced is made possible by Omidyar Network. All open sourced content is editorially independent and is produced by our journalists.