[ad_1]
Suspected Russian government hackers breached US Department of Defense computer networks. The Department of Commerce. Treasury Department. Department of State. National security. Even the part of the Department of Energy that oversees America’s nuclear arsenal.
And it seems they have had access since March.
It’s one of the biggest and brazen hacks in American history, and it may just be the beginning of a much larger global espionage effort.
What makes it even more concerning is that it is not yet clear exactly what they had access to. Some experts believe that it may be years before hackers are completely out of US government networks and the full scope of their spying efforts is understood.
And it’s getting worse: Reuters reported Thursday that hackers also gained access to Microsoft, meaning that anyone using its software could potentially be compromised.
All of this sounds scary and there really is cause for concern. To better understand what we know, what is at stake, and what all of this could mean, I called Jason Healey from Columbia University. Healey is a cybersecurity expert, former Air Force officer and White House official, and author of the first history of conflict in cyberspace.
In our conversation, he explained the underlying danger of all this: “To put it in terms of war: [Vladimir] Putin had us completely at risk of being attacked and we had no idea. “
That’s bad enough, but it could get much, much worse, especially if hackers also break into European systems and multinational company networks. “If the Russians were in these companies, especially Microsoft, I strongly suspect that they will also be in German, French, British, Japanese and South Korean companies,” he told me. It is possible, then, that “this has only begun.”
Our conversation, edited for length and clarity, is below.
Alex Ward
Let’s start with the basics: What happened here?
Jason healey
The Russians, knowing they would fight hard to get into tough targets, the US government and also members of the Fortune 500, found that they were all using the same network management software, made by a company called SolarWinds.
Instead of trying to get in through the front door, they hacked SolarWinds and inserted their own code into the software. Then SolarWinds signed it and said, “Yes, this is the real SolarWinds software.” Then all of those targets, and surely European democratic governments and others, unknowingly downloaded and accepted that Trojan horse as well, and it’s been there for months.
Alex Ward
Why does it appear that American officials and many others suspect he was Russian, even though no one has officially attributed the attack to Russia yet?
Jason healey
We can find out the attribution in many ways. For example, it could be something technical, like hackers left something in your code, or researchers could see that it was compiled into Cyrillic.
Sometimes we can see that they are using the same infrastructure, they are using the same media as others that we have seen, and we can match that. I’m a fan of the Ocean’s Eleven films. If you are in the Ocean’s Eleven world and you know something about criminal art, you would know immediately if the Ocean gang or the Night Fox committed a robbery. The same is true here.
In other cases, you can solve it by context. When the Russians went after Estonia, it was pretty clear who was attacking the Estonians, right? You could at least form a pretty good hypothesis.
And lastly, there could be real real intelligence. We could be on the Russians’ networks and see what they did.
I suspect that in this case, the attribution came because US officials saw the same tactics and techniques, the “fingerprints” of the Russian group Cozy Bear, that we have seen before. They were probably able to quickly attribute the trick to them because of that.
The methods used to carry out the cyber attack are consistent with Russian cyber operations.
But it is crucial that we have complete certainty about who is behind this.
We cannot afford to be wrong on attribution, because the United States must retaliate, and not just with sanctions.
– Marco Rubio (@marcorubio) December 18, 2020
Alex Ward
What can we suspect that hackers are doing within the networks of all these federal agencies?
Jason healey
There is what they have probably been doing, and then there is what they could have been doing.
First, they would have had to expand the presence from just the SolarWinds software. With SolarWinds, they would have had great visibility into the networks they were on, like the Department of Homeland Security. That is useful, but not as useful as it could be. So they would have had to set up ways to collect information and send it back.
Unfortunately, SolarWinds is the type of software that is already sending a lot of information. So it appears that the Russians were able to camouflage the information they were stealing as part of that. They didn’t have to hire a human spy to try to get into the Department of Homeland Security, Commerce and Defense and other places. They were able to use the SolarWinds software to gain access and steal that information.
The first step, then, was to get to the right places. The second step was removing things.
Many of the comments I have seen have focused on this not being an attack, it is spying. That is absolutely correct. But imagine if this went unnoticed for another six months and a new crisis emerged. Say, hypothetically, [President-elect Joe] Biden wanted to support pro-democracy protesters in Belarus after Russian President Vladimir Putin significantly backed the ruling autocrat against those protesters.
With Putin’s access to SolarWind software, and then oh my gosh, it’s even worse if they got into Microsoft, imagine the damage Russia could do if it switched from spying to disruption. To put it in terms of war: Putin had us at total risk of attack and we had no idea.
Alex Ward
Why does the reported Microsoft hack seem to distress you so much?
Jason healey
SolarWinds is deeply involved in networking and many companies use it for their “plumbing,” say. Microsoft is not alone in a couple or even tens of thousands of places, it is in millions of places. It is everywhere. The worst case is if they could do to Microsoft what they did to SolarWinds, and when we use Microsoft email, we accept Russian code. Potentially, then, everyone who uses Microsoft 365 was compromised.
The amount of what you can do from popular network management software to probably the most powerful tech company to ever exist, and one of the most powerful companies, is truly substantial.
Alex Ward
How could this trick go unnoticed for so long?
Jason healey
Partly because the Russians were pretty good. I don’t mean brilliant, but they were good enough to know what they had to do to stay. Also because this type of software was already in many of the places that they had to go, like routers. They got great help just because they were looking for network management software.
Alex Ward
What kinds of things could hackers get access to?
Jason healey
The upside is, we suspect, fingers crossed, they were only on the unclassified networks, which would have given them a solid understanding of America’s unclassified work. They were in the Department of Energy’s National Nuclear Safety Administration (NNSA), but only on the unclassified side, and we have no unclassified plans for nuclear warheads. All of them are deeply classified.
Now they could understand the inner workings of the NNSA: its organizational structure, who was traveling, and maybe things like unclassified strategic plans. But they wouldn’t have gotten the crown jewels like our warhead design.
We can say the same, hopefully, about the Department of Defense, Commerce, Treasury and the rest.
By the way, it seems like we caught the Russians doing this, but who’s to say the Chinese don’t have some kind of similar access?
Alex Ward
I assume that the United States will retaliate for this espionage effort, and I would also assume that American officials are deeply involved in Russian and anyone else’s networks right now.
Jason healey
We can assume that it is, and after mid-January I think we can expect something. [President] Trump so far has not said anything about this.
I think there is no question that there will be some retaliation as long as I do not particularly violate any established American norms. The United States is going to say that we will go back to Russian intelligence, maybe we will try to bring down their domestic networks, impose additional sanctions and indictments, if we can figure out who to do it against.
I would suspect a lot more aggression from the US Cyber Command against the Russians rather than just stalking them for intelligence purposes, such as actively acting to stop them wherever we can.
There is a risk that, when you face opponents, they will burn everything. North Koreans do this, for example. They destroy your infrastructure instead of being thrown out of where you caught them. I would be surprised if these hackers did that, but it is possible.
Alex Ward
Could this hack be even broader than what we have already detected?
Jason healey
I have no doubt that this, in America at least, is going to be a huge shock. But wait until this hits Europe. If the Russians were in these American companies, especially Microsoft, I strongly suspect that they will also be in German, French, British, Japanese and South Korean companies.
This has only begun.
Alex Ward
What is the great conclusion of all this?
Jason healey
This only shows the staggering vulnerability of our digital societies. We have this critical dependency on a small piece of software that none of us have ever heard of, that suddenly has a vulnerability that someone attacks, and it ends up having this massive impact on the entire system.
Dan Geer, one of the smartest people in the cybersecurity business, said that as society becomes more technological, it becomes increasingly dependent on “distant digital perfection,” which basically means that we need to almost everything is perfect not to be vulnerable, and of course everything is far from perfect.
So let’s take this overview. Our children are unlikely to have an Internet as open, secure and resilient as the one we have today. With these types of attacks and the amount of vulnerability that we have, things are going in a very, very bad direction.
This is not a sustainable way to run a global Internet; it’s going to go bad.
[ad_2]
