WASHINGTON – In the past few years, the U.S. government has spent tens of billions of dollars on cyberoffensive capabilities, built a huge war room in Fort Meade, Maryland for the U.S. Cyber Command, and installed defensive sensors across the country – a system called Einstein to turn it on To add a touch of genius – to keep the nation’s enemies from cleaning up their networks again.
It is now clear that the widespread Russian espionage attack on the US government and private companies that has been going on since the spring and was only discovered by the private sector a few weeks ago is one of the greatest intelligence shortcomings of modern times.
Einstein missed it – because the Russian hackers designed their attack brilliantly so as not to trigger it. The National Security Agency and Ministry of Homeland Security have looked elsewhere and understandably focused on protecting the 2020 elections.
The new US strategy of “forward defense” – essentially the introduction of American “beacons” into their opponents’ networks that would warn of oncoming attacks and provide a platform for counterattacks – barely offered the Russians who have improved their game or no deterrent at all since the 1990s when they launched an attack on the Department of Defense called the Moonlight Maze.
Something else hasn’t changed either: an allergy within the US government to eradicate what happened.
National Security Advisor Robert C. O’Brien suspended a trip to the Middle East and Europe on Tuesday and returned to Washington to hold crisis meetings to assess the situation. However, he and his colleagues did everything they could to downplay the damage.
When asked on Tuesday whether the Department of Defense saw evidence of a compromise, Acting Defense Secretary Christopher C. Miller said, “No, not yet, but obviously looked at closely.” Other government officials say this is trying to turn ignorance of what happened into lucky spin – it is clear that the Defense Ministry is one of many government agencies that has made extensive use of the software Russia has become bored with.
In the past few days, the FBI, the Agency for Cybersecurity and Infrastructure Security, and the Office of the Director of National Intelligence have formed an immediate response group, the Cyber Unified Coordination Group, to coordinate government responses to what the agencies consider “significant and.” “Denotes ongoing cybersecurity campaign. “
At the moment when President Vladimir Putin called for Russia in September for a ceasefire in the “large-scale digital confrontation” where the most damaging new everyday conflict is taking place, one of its leading intelligence agencies had carried out a cunning attack on it went into the long, complex software supply chain on which the entire nation now depends.
“Stunning,” wrote Senator Richard Blumenthal, D-Conn., Tuesday night. “Today’s briefing about the cyber attack in Russia worried me deeply and even scared me downright. Americans deserve to know what is going on.”
He urged the government to downgrade what it knows and what it doesn’t.
So far, and it is still early on, hacking seems to be limited to classic espionage, according to one educated person on the matter.
Briefings on the intrusion, including members of Congress, discussed the extent of Russian penetration but failed to explain what information was stolen – or whether the hackers’ access could allow them to carry out destructive attacks or alter data within government systems . A. Fear that looms over mere spying.
Investigators did not find any violations of classified systems, only unclassified systems connected to the internet. Still, the intrusion seems to be one of the biggest ever, as the amount of information at risk dwarfs other network intrusions.
On Wednesday morning, Senator Dick Durbin, D-Ill., Called the Russian cyberattack “practically a declaration of war”. He was wrong – all nations spy on each other, and the United States also uses cyber infiltration to steal secrets – but different Russian intelligence agencies have used similar access in previous attacks to shut down systems, destroy data and in the case of the Ukraine, turn off electricity.
The Russians have denied any involvement. Russian Ambassador to the United States, Anatoly I. Antonov, said in a discussion at Georgetown University on Wednesday that there were “unsubstantiated attempts by the US media to blame Russia for the recent cyberattacks.”
So far, however, President Donald Trump has not said anything, perhaps knowing that his term is beginning to end, with questions about what he knew about Russian cyber operations and when. The National Security Agency has largely remained silent and has hidden behind the classification of the secret services. Even the Cybersecurity and Infrastructure Security Agency, the group within the Department of Homeland Security tasked with defending critical networks, recorded the Russian mega-hack in a noticeably quiet manner.
Blumenthal’s message on Twitter was the first official confirmation that Russia was behind the intrusion.
Oddly enough, at a Senate Homeland Security and Government Affairs Committee hearing on Wednesday, the Russian attack was barely a footnote containing testimony from Christopher Krebs, the cybersecurity chief who was fired last month after refusing to answer Trump’s unsubstantiated claims to support electoral fraud. The hacking took place during Krebs’ tenure as director of the Cybersecurity and Infrastructure Security Agency, but the Senators didn’t ask him about it at the hearing, instead focusing on the hacking that wasn’t: unfounded allegations of fraud in the November election.
Trump administration officials have confirmed that several federal agencies – the State Department, the Department of Homeland Security, parts of the Pentagon, and the Treasury Department and the Department of Commerce – were compromised in the Russian hacking. However, investigators are still struggling to determine the extent to which the military, intelligence agencies and nuclear laboratories have been affected.
The hack differs qualitatively from the well-known hack-and-leak interventions that the GRU, the Russian Department of Military Intelligence, has carried out in recent years. These GRU interventions, like the 2016 National Democratic Committee hack, should be short-term – breaking in, stealing information and making it public for geopolitical impact.
The SVR, a more secretive secret theft believed to be behind the new hack, also broke into the DNC and State Department’s systems in 2015 but did not intend to use the information found or corrupted systems they had entered, to release. Instead, she hoped for long-term access that would be able to slowly monitor unclassified but sensitive government deliberations on a range of issues.
In banks and Fortune 500 companies, executives also try to understand the implications of the violation. Many use the network management tool that the hackers have quietly bored into to conduct their intrusions. It’s called Orion, and it’s made by Austin, Texas-based SolarWinds. The Los Alamos National Laboratory, which develops nuclear weapons, uses it, as does large military contractors.
“How is that not a massive secret service breakdown, especially since we were supposedly all Russian threat actors before the elections,” asked Robert Knake, a senior cybersecurity official in the Obama administration, on Twitter on Wednesday. “Did the NSA fall into a huge honey pot while the SVR” – Russia’s most sophisticated spy agency – “quietly plundered” the government and private industry?
Of course, even after placing its probes and beacons on networks around the world, the NSA is barely all-seeing. But if there is a larger investigation – and it’s hard to see how to avoid it – the responsibility of the agency, led by General Paul Nakasone, one of the country’s most experienced cyber warriors, will be paramount.
The SVR hackers went to great lengths to hide their traces, said the person who was informed of the intrusion. They used American internet addresses to attack computers in the city where their victims were located. They created special pieces of code to avoid detection by American warning systems and timed their interventions so as not to arouse suspicion – such as working hours – and used other meticulous craftsmanship to avoid detection.
The intrusion, said the person briefed on the matter, shows that the weak point for the American government’s computer networks remains management systems, particularly those that employ a number of private companies under contract. The Russian spies found that by accessing these peripheral systems, they could find their way into more central parts of government networks.
SolarWinds was a mature target, say former employees and consultants, not only because of the breadth and depth of its software, but also because of its own dubious safeguards.
The company did not have a chief information security officer, and internal emails to the New York Times revealed that employee passwords had been leaked on GitHub last year. previously reported that a researcher informed the company last year that he had exposed the password for SolarWinds’ update mechanism – the vehicle that compromised 18,000 of its customers. The password was “Solarwinds123”.
Even if the Russians did not violate classified systems, experience shows that there is a lot of highly sensitive data in places without classification levels. This was the lesson of the Chinese human resources bureau’s hacking five years ago during the Obama administration when it was found that the security clearance files on 22.5 million Americans and 5.6 million fingerprints were easily kept in secure computer systems in the Home Office of all places.
They are all in Beijing now after the files went off without an alarm.
“Such an intrusion gives the Russians a rich target,” said Adam Darrah, a former government intelligence analyst and now director of intelligence at Vigilante, a security firm. “The SVR pursues these goals as a starting point for more desirable goals like the CIA and the NSA.”
This article originally appeared in The New York Times.
© 2020 The New York Times Company