[ad_1]
It will take months to evict elite hackers believed to be Russians from US government networks that they have been quietly reviewing since March on the worst cyber espionage failure on record in Washington.
Experts say there are simply not enough trained threat hunting teams to properly identify all government and private sector systems that may have been hacked. FireEye, the cybersecurity company that discovered the intrusion in US agencies and was among the victims, has already counted dozens of victims. It is a race to identify more.
“We have a serious problem. We don’t know what networks they are on, how deep they are, what access they have, what tools they left behind, “said Bruce Schneier, a leading security expert and Harvard fellow.
It’s unclear exactly what the hackers were looking for, but experts say it could include nuclear secrets, plans for advanced weaponry, research related to the Covid-19 vaccine, and information for files on key government and industry leaders.
Many federal workers, and others in the private sector, must assume that unclassified networks are crawling with spies. Agencies will be more inclined to conduct sensitive government business on Signal, WhatsApp, and other encrypted smartphone apps.
READ MORE:
* Hacking against the US is a ‘serious’ threat, says cybersecurity agency
* Hack may have exposed deep US secrets; damage still unknown
* America spent billions on the system to detect hackers – Russians outgrew it
“We should buckle up. It will be a long journey, ”said Dmitri Alperovitch, co-founder and former technical director of leading cybersecurity firm CrowdStrike. “Cleaning is only phase one.”
The only way to make sure a network is clean is to “burn it to the ground and rebuild it,” Schneier said.
Andrew Harnik / AP
US President Donald Trump has come under fire for his response to piracy.
Imagine a computer network as a mansion you live in, and you are sure that a serial killer has been there. “You don’t know if he’s gone. How is the job done? You just hope for the best, ”he said.
White House deputy press secretary Brian Morgenstern told reporters Friday that national security adviser Robert O’Brien has at times been conducting multiple daily meetings with the FBI, the Department of Homeland Security and the intelligence community. , looking for ways to mitigate the attack.
He did not provide details, “but rest assured that we have the best and the brightest working hard at it every day.”
The Democratic chairmen of four House committees who received classified reports on the attack from the Trump administration released a statement complaining that they “left them more questions than answers.”
“Administration officials were unwilling to share the full scope of the violation and the identities of the victims,” they said.
Ben Margot / AP
FireEye is the cybersecurity company that discovered the worst intrusion in American agencies and was among the victims.
Morgenstern previously said that revealing such details only helps American adversaries. US President Donald Trump has not commented publicly on the matter, but Secretary of State Mike Pompeo said on a conservative talk show Friday: “I think it’s true that now we can say quite clearly that it was the Russians those who participated in this activity. “
What makes this hacking campaign so extraordinary is its scale: From March to June, 18,000 organizations were infected by malicious code that was coupled with popular network management software from an Austin, Texas company called SolarWinds.
Only a portion of those infections were activated to allow hackers in. FireEye says it has identified dozens of examples, all “high-value targets.” Microsoft, which has helped respond, says it has identified more than 40 government agencies, think tanks, government contractors, nongovernmental organizations and tech companies infiltrated by hackers, 75 percent in the United States.
Patrick Semansky / AP
The hackers broke into the computers of the United States Department of the Treasury and possibly other federal agencies.
Florida became the first state to acknowledge being the victim of a SolarWinds hack. Officials said The Associated Press on Friday the hackers apparently infiltrated the state health administration agency and others.
SolarWinds customers include most of the Fortune 500 companies, and its US government customers are rich in generals and spies.
The difficulty of extracting the toolkits of suspected Russian hackers is compounded by the complexity of the SolarWinds platform, which has dozens of different components.
“This is like doing heart surgery, taking this out of many settings,” said Edward Amoroso, CEO of TAG Cyber.
Then security teams must assume that the patient is still ill with so-called undetected “secondary infections” and set up the cyber equivalent of closed-loop monitoring to make sure intruders are not still around, sneaking internal emails and other. confidential data. .
That effort will take months, Alperovitch said.
Patrick Semansky / AP
All fingers point to Russia as responsible for the worst attack on American government agencies. But US President Donald Trump, long wary of blaming Moscow for cyberattacks, has so far been silent.
If the hackers are indeed from Russia’s SVR foreign intelligence agency, as experts believe, their resistance may be stubborn. When the White House, the Joint Chiefs of Staff and the State Department were hacked in 2014 and 2015, “it was a nightmare to get them out,” Alperovitch said.
“It was the virtual equivalent of hand-to-hand combat”, as the defenders sought to maintain their footholds, “stay buried deep inside” and move to other parts of the network where they “thought they could stay for longer periods of time. long. “
“We are likely to face the same in this situation as well,” he added.
FireEye executive Charles Carmakal said intruders are especially adept at camouflaging their movements. Its software effectively does what a military spy does in wartime: hide among the local population, then sneak out at night and attack.
“It’s very difficult to catch some of these,” he said.
Rob Knake, White House director of cybersecurity from 2011 to 2015, said that damage to the most critical agencies of the US government – Defense and intelligence, primarily – from SolarWinds’ hacking campaign will be limited “always let there be no evidence that the Russians violated classified networks. “
During the 2014-15 attack, “we lost access to unclassified networks, but we were able to move all operations to classified networks with minimal disruption,” he said by email.
The Pentagon has said that so far it has not detected any intrusions from the SolarWinds campaign on any of its networks, classified or unclassified.
Given the fierce tenor of cyber espionage (the US, Russia, and China have formidable offensive hacking teams and have been penetrating each other’s government networks for years), many US officials are wary of putting anything sensitive on government networks.
Fiona Hill, the top Russia expert on the National Security Council for much of the Trump administration, said she always assumed that no governmental system was secure. She “tried from the beginning not to put anything” in writing that was sensitive.
“But that makes it more difficult to do business.”
TAG Cyber’s Amoroso recalled the famous 2016 pre-election dispute over classified emails sent through a private server created by Democratic presidential candidate Hillary Clinton when she was secretary of state. Clinton was investigated by the FBI in the matter, but no charges were filed.
“I used to joke that the reason the Russians didn’t have Hillary Clinton’s email is because she pulled it from the official State Department network,” Amoroso said.
