The U.S. government was hit by one of the largest cyberattacks on record after cybersecurity firm FireEye and software company SolarWinds — both of which work with government agencies and major corporations — announced earlier this month their systems had been compromised.
Top government officials like Attorney General William Barr and Secretary of State Mike Pompeo said earlier this week that the hack was a cyber espionage operation most likely conducted by Russia.
But President Donald Trump downplayed the threat assessment and said the media was blowing the incident out of proportion. “The Cyber Hack is far greater in the Fake News Media than in actuality,” the president tweeted Dec. 19. “I have been fully briefed and everything is well under control.”
….discussing the possibility that it may be China (it may!). There could also have been a hit on our ridiculous voting machines during the election, which is now obvious that I won big, making it an even more corrupted embarrassment for the USA. @DNI_Ratcliffe @SecPompeo
— Donald J. Trump (@realDonaldTrump) December 19, 2020
Trump also hinted that China could have been responsible for the cyberattack. But the intelligence community and independent cybersecurity experts say that hackers used a digital tool kit most similar to Russian operations, according to The Wall Street Journal.
“This is a much bigger story than one single agency,” a person familiar with the matter reportedly told Reuters. “This is a huge cyber espionage campaign targeting the U.S. government and its interests.” (RELATED: Alleged Russian Hackers Got Into Arizona County Government)
SolarWinds said in a Dec. 20 statement that hackers compromised their Orion Platform software through a “supply chain attack,” where malicious code is added to legitimate software updates. The attack is still being investigated but reports indicate that the operation occurred for nearly nine months before being noticed earlier this month.
Email correspondence from the Treasury, Commerce and Homeland Security Departments were reportedly monitored and possibly stolen by the hackers. Big tech companies like Cisco, Intel, Nvidia, Belkin and VMware were also affected by malware according to The Verge.
Trump’s former homeland security adviser Tom Bossert argued that the cyberattack and the U.S. response was an unmitigated disaster. “The magnitude of this national security breach is hard to overstate,” he wrote in a New York Times op-ed. It is still unknown exactly what the hackers acquired and how sensitive that information is.
Sergio Caltagirone, the vice president of threat intelligence at the cybersecurity company Dragos, said a lack of information about the attack makes the threat more severe. “The issue is we don’t know how big this is, and at the same time it could be the biggest ever,” he told NBC News. “Most organizations still lack the basic visibility to even assess whether they were compromised or not.”
SolarWinds released an update of its software days after the hack was initially reported, but Cyber Threat Alliance chief analytic officer Neil Jenkins said that closing off all points of entry into the network would be difficult given that the hackers were reportedly operating for nine months.
SolarWinds asks all customers to upgrade immediately to Orion Platform version 2020.2.1 HF 1 to address a security vulnerability. More information is available at https://t.co/scsUhZJCk8
— SolarWinds (@solarwinds) December 14, 2020
“As soon as you get into a network, you’re going to set up other potential back doors and ways to get in, in case the original way you got in closed,” he told NBC News. “So just because you closed the SolarWinds intrusion doesn’t mean you’ve solved the problem.”
Cybersecurity experts also expressed alarm over the sophistication of the attack. SolarWinds noted in a statement that the hack was “narrow, extremely targeted, and manually executed” as opposed to the broader and system-wide attacks typically used by hackers.
Some experts noted that the malware used was sophisticated beyond what current security systems can protect against, questioning if the U.S. was prepared for a future attack. “This is classic espionage,” said Johns Hopkins professor Thomas Rid told The Washington Post. “It’s done in a highly sophisticated way. But this is a stealthy operation.”
Defending against similar cyberattacks will require a new approach to systems security engineering, according to National Institute of Standards and Technology Fellow Ron Ross. He noted in a Monday interview with Defense News Network that federal security systems need to be updated in order to respond to the “supply chain attack” used by the hackers.
Cybersecurity experts say the hack could take years to fully sort out, according to Business Insider. President-elect Joe Biden’s incoming administration would likely have to deal with its effects on government agencies.
“It is a grave risk and it continues. I see no evidence that it’s under control,” Biden said of the attack in a speech Tuesday. He also floated retaliatory sanctions against Russia, according to Bloomberg.