What we know – and still don’t know – about the worst US government cyberattack.



[ad_1]

Almost a week after the US government announced that several federal agencies had been the target of a widespread cyber attack, the full scope and consequences of the alleged Russian attack are unknown.

Key federal agencies, from the Department of Homeland Security to the agency that oversees America’s nuclear weapons arsenal, were reportedly targeted, as were powerful technology and security companies, including Microsoft. Investigators are still trying to determine what information the hackers may have stolen and what they could do with it.

Donald Trump has yet to say anything about the attack, which federal officials said posed a “serious risk” to all levels of government. Joe Biden has promised a tougher response to cyber attacks, but did not offer details. Members of Congress are demanding more information on what happened, even as officials fighting for answers say the attack is “significant and ongoing.”

Here’s a look at what we know – and don’t know yet – about the worst cyber attack in history against US federal agencies.

What happened?

The hack began as early as March, when malicious code was introduced into updates to popular software called Orion, created by the SolarWinds company, which provides network monitoring and other technical services to hundreds of thousands of organizations around the world, including most of Fortune. 500 companies and government agencies in North America, Europe, Asia and the Middle East.

That malware in the updates gave elite hackers remote access to an organization’s networks so they could steal information. The apparent timeline of months gave hackers ample opportunity to extract information from many targets, including monitoring email and other internal communications.

Microsoft called it “an attack that is remarkable for its scope, sophistication and impact.”

Who has been affected so far?

At least six U.S. government departments, including energy, commerce, treasury and state, were reported to have been breached. The networks of the National Nuclear Security Administration were also breached, Politico reported Thursday.

Dozens of security companies and other technology companies, as well as non-governmental organizations, were also affected, Microsoft said in a statement Thursday. While most of those affected by the attack were in the United States, Microsoft said it had identified additional victims in Canada, Mexico, Belgium, Spain, the United Kingdom, Israel and the United Arab Emirates.

“It is certain that the number and location of victims will continue to grow,” Microsoft added.

The US Department of the Treasury is among the departments said to have been breached in the attack.
The US Department of the Treasury is among the departments said to have been breached in the attack. Photograph: Brendan Smialowski / EPA

Who is responsible for the attack?

While the US government has yet to officially name who is responsible for the attack, US officials have told the media that they believe Russia to be the culprit, specifically SVR, the team of foreign intelligence of Russia.

Andrei Soldatov, an expert on Russia’s spy agencies and author of The Red Web, told The Guardian that he believes the hack was most likely a joint effort by SVR and Russia’s FSB, the national spy agency Putin once ran. .

Russia has denied participation: “The Russians should not be blamed unfoundedly for everything,” a Kremlin spokesman said on Monday.

The infiltration tactic involved in the current hack, known as the “supply chain” method, recalled the technique that Russian military hackers used in 2016 to infect companies doing business in Ukraine with the NotPetya virus, which cleans the computer. hard drive, the most harmful cybernetic. -attack to date.

What information has been stolen and how is it used?

That remains very unclear.

“This hack was so far-reaching that even our cybersecurity experts still don’t have a real sense in terms of the breadth of the intrusion itself,” said Stephen Lynch, head of the House reform and oversight committee. after attending a classified briefing on Friday.

Thomas Rid, a Johns Hopkins cyber conflict expert, told the Associated Press that the hackers were likely to have collected such a large amount of data that “they themselves probably don’t yet know” what useful information they have stolen.

What can be done to repair networks that have been compromised?

That is also not clear and is potentially very difficult.

“Removing this threat actor from compromised environments will be very complex and challenging for organizations,” said a statement from the Cybersecurity and Infrastructure Security Agency (Cisa) on Thursday.

One of Trump’s former national security advisers, Thomas Bossert, has already said publicly that a real solution can take years and be expensive and challenging.

“It will take years to know for sure which networks the Russians control and which ones they simply occupy,” Bossert wrote in a New York Times op-ed on Wednesday. “The logical conclusion is that we must act as if the Russian government has control of all the networks it has penetrated.”

“It is mandatory to ‘redo’ and it is necessary to build entirely new networks, and isolate them from compromised networks,” he wrote.

Donald Trump has yet to comment on the attack, which has been attributed to Russia.
Donald Trump has yet to comment on the attack, which has been attributed to Russia. Photograph: Al Drago / Getty Images

How has Trump responded?

As of Friday afternoon, the US president had yet to say anything to address the attack.

Republican senator and former presidential candidate Mitt Romney has criticized Trump’s silence as unacceptable, particularly in response to an attack that he said was “as if Russian bombers have repeatedly been flying undetected over our entire country.”

“Not having the White House speaking out aggressively and protesting and taking punitive action is really extraordinary,” Romney said.

How has Biden responded?

So far, there have been tough talks but no clear plan by the president-elect.

“We need to disrupt and deter our adversaries from launching significant cyberattacks in the first place,” Biden said. “We will do so, among other things, by imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners.”

“There are a lot of things we don’t know yet, but what we do know is cause for great concern,” Biden said.

Could this attack have been prevented or deterred?

“What we could have done is have a consistent approach and not be at odds”, said Fiona Hill, an expert on Russia and a former member of Trump’s National Security Council, told PBS NewsHour this week, criticizing conflict and dysfunction within the Trump administration and between the United States and its allies on Russia-related issues.

If “we don’t have the president on one page and everyone else on another, and we are working together with our allies to roll this back, that would have a serious deterrent effect,” Hill said.

Other cybersecurity experts said the federal government could also do more to simply stay up-to-date on cybersecurity issues, saying that the Trump administration had failed on this front, including by eliminating the White House cybersecurity coordinator positions and Chief of Cybersecurity Policy of the State Department.

“It has been a frustrating time, the last four years. I mean, nothing has seriously happened in cybersecurity, ”Brandon Valeriano, an academic at Marine Corps University and advisor to a US cyber defense commission, told the Associated Press.

Fiona Hill, a government expert on Russia, criticized the Trump administration's dysfunction.
Fiona Hill, a government expert on Russia, criticized the Trump administration’s dysfunction. Photograph: Shawn Thew / EPA

What options does the United States have to respond politically to this type of attack?

Some experts argue that the US government must do more to punish Russia for its apparent interference. The federal government could impose formal sanctions on Russia, such as when the Obama administration expelled Russian diplomats in retaliation for the Kremlin military hackers meddling in favor of Donald Trump in the 2016 election. Or the United States could strike back in a way. more covert, for example, by making public the details of Putin’s own financial affairs.

But, as The Guardian’s Luke Harding noted, cyberattacks are “cheap, deniable and psychologically effective,” and Biden’s options for responding to Russia’s aggression are limited.

“The response eluded Barack Obama, who tried unsuccessfully to reestablish relations with Putin. The person who led this doomed mission was then-Secretary of State Hillary Clinton, herself a victim of Russian piracy in 2016, ”Harding wrote.

What are other possible consequences of the hack?

SolarWinds may face legal action from private customers and government entities affected by the violation. The company submitted a report to the Securities and Exchange Commission on Tuesday detailing the hack.

In it, the company said that the total revenue from the affected products was about $ 343 million, or about 45% of the company’s total revenue. SolarWinds’ stock price has fallen 25% since news of the infringement was first known.

Moody’s Investors Service said Wednesday that it was looking to downgrade the company, citing the “potential for reputational damage, material loss of customers, a slowdown in business performance and high legal and remediation costs.”

Associated Press contributed reporting.

[ad_2]