Russia was likely behind a hacking spree targeting the US federal government last month.
That’s according to a joint statement by security agencies over what was one of the worst cyber compromises the US government has faced. Officials say the hackers appeared to want to gather intelligence rather than cause disruption.
A corrupted software update has been identified as the source of the problem at the departments of Defense, State and Homeland Security.
The agencies made it clear the Russian operation was “ongoing” and indicated the hunt for threats was not over.
“This is a serious compromise that will require a sustained and dedicated effort to remediate,” said the statement, distributed by the FBI, the National Security Agency, the Office of the Director of National Intelligence and the Cybersecurity and Infrastructure Security Agency.
It was not clear why the statement was issued on Tuesday, especially since government officials and cybersecurity experts have for weeks believed that Russia was responsible. Even so, the announcement puts the imprimatur of national security agencies, albeit belatedly, on information that members of Congress had clamoured for the White House to make public.
The Associated Press reported last month that officials at the White House had been prepared to issue a statement that accused Russia of being the main actor in the hack but were told at the last minute to stand down. The day of that report, Dec. 19, Trump tweeted that the “Cyber Hack is far greater in the Fake News Media than in actuality” and suggested without any evidence that China could be to blame.
Euronews spoke to Bryan Seely, a cybersecurity expert and ethical hacker, who rose to prominence after wiretapping the US Secret Service.
What’s so unique about this hack and what were they trying to get to here?
Seely: “Well, it’s very hard to determine someone’s intentions, but the fact that they didn’t go after money, they didn’t go after sabotage shows that they have a lot longer of a game sort of planned. And the fact that it tapped into 250 different federal agencies is staggering. When you’ve got people like Bruce Schneider weighing in. It’s this is unlike anything we’ve ever seen.”
As somebody who has hacked into the US Secret Service, although you did it just to show them that it was possible to highlight a security flaw. What could be some of the possible reasons here? We’re hearing that it was a software update, but is there any other things besides that that could be leading to the possibility that hackers can get in?
Seely: “Oh, there is definitely a couple of different components to this. You had Solar Winds who had bad security policy and procedures and implementation, so they did things badly. They made mistakes. This couldn’t be duplicated by a couple of kids in their basement. It’s definitely a state-level, hundreds of people, coordinated-attack. And they’re trying to gather intelligence and get information whether it could be intellectual property or could be biometric or information on our citizens. The implications are only limited by your imagination at that point. And they might not have a specific target because they could be stuck with an overwhelming amount of information. They’re just being patient, which is really, really scary.”
You’re mentioning Solar Winds that I imagine is the company that was subcontracted to do this work, considering the fact that we’ve seen outsourcing in the US government for all of the sorts of data activities. Is there a risk that this could happen again?
Seely: “Oh, absolutely, I would bet everything that I own and at least one of my kids, that this has already happened and no one has discovered it. It’s the OPM breach several years ago was the same thing. Someone running a piece of software as a demo discovered this breach that had already taken place for like 18 months. So to say, OK, we’ve got it all. You haven’t gotten it all. We haven’t found it all. These guys have found other things that we haven’t discovered yet and we’ll keep uncovering them, but we don’t even know where to look. It’s not even like a needle in a haystack. It’s like a million times more complex and difficult.
And the threats keep on continuing, not just from Russia. We’ve also had the likes previously of North Korea trying to infiltrate US systems.
Seely: “Yeah, from what I understand, there are other countries that don’t like the United States and are after things that we have. So China for one, Russia on the other eastern block. Then you’ve got North Korea who is mad about Sony and the whole movie thing. And I mean, I thought it was a funny movie, but the idea is there are threats all the time, whether you call them ‘advanced persistent threats,’ if you’re on the Internet at all, whether it’s a phone, whether it’s your Comcast or your home Internet, everyone on the Internet can see you. Period. So it’s not like: “you’re stopping at every house on the block and checking to see if the door is unlocked,” it’s: “you can check every house, every second of every day in the entire country with a simple script.” You don’t have to actually have one person trying to hack into every single home.
Is your business effected by Cyber Crime?
If a cyber crime or cyber attack happens to you, you need to respond quickly. Cyber crime in its several formats such as online identity theft, financial fraud, stalking, bullying, hacking, e-mail fraud, email spoofing, invoice fraud, email scams, banking scam, CEO fraud. Cyber fraud can lead to major disruption and financial disasters. Contact Digitpol’s hotlines or respond to us online.
Digitpol is available 24/7. https://digitpol.com/cybercrime-investigation/
UK +44 20 8089 9944