Friday, December 18, 2020

Cyberhack looks like act of war

Mike Allen, author of AM

Illustration: Sarah Grillo/Axios


A Trump administration official tells Axios that the cyberattack on the U.S. government and corporate America, apparently by Russia, is looking worse by the day — and secrets may still be being stolen in ways not yet discovered.

The big picture: "We still don't know the bottom of the well," the official said. Stunningly, the breach goes back to at least March, and continued all through the election. The U.S. government didn't sound the alarm until this Sunday. Damage assessment could take months.

Microsoft President Brad Smith told the N.Y. Times that at least 40 companies, government agencies and think tanks had been infiltrated.

The hack is known to have breached the departments of Defense, State, Homeland Security, Treasury, Commerce, and Energy and its National Nuclear Security Administration — plus the National Institutes of Health.

8 countries: Microsoft, which has helped respond to the breach, said in a statement that 80% of its 40 customers known to have been targeted are in the U.S., plus others in U.K., Israel, UAE, Canada, Mexico, Belgium and Spain.

In unusually vivid language for a bureaucracy, the U.S. Cybersecurity and Infrastructure Security Agency, part of Homeland Security, said yesterday that the intruder "demonstrated sophistication and complex tradecraft."

The agency said the breach "poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations."

If this had been a physical attack on America's secrets, we could be at war.

Imagine if during the Cold War, the Soviet Union had broken into a building in Washington and walked out with correspondence, budgets and more.

Sen. Chris Coons (D-Del.) told Andrea Mitchell on MSNBC: "It's pretty hard to distinguish this from an act of aggression that rises to the level of an attack that qualifies as war. ... [T]his is as destructive and broad scale an engagement with our military systems, our intelligence systems as has happened in my lifetime."

The gravity wasn't immediately apparent because this wasn't the "cyber Pearl Harbor" that experts have warned about: No one took out a power grid, or stole a bunch of money or destabilized the markets.

Instead, it's more like someone has been walking in and out of your house for months, and you don't really know what they took.

And they may have built a secret door. "For someone to have access that long, who's this sophisticated, it's pretty likely they built other ways to get in that are hard to find," one official told me.

What's next: President Trump has stayed silent on the hack, meaning that President-elect Biden's overflowing in-box now includes Russian reprisal, damage mitigation and future deterrence.

Promising to impose "substantial costs" on the perpetrator, Biden said in a statement that his administration "will make cybersecurity a top priority": "I will not stand idly by in the face of cyber assaults on our nation."


Microsoft president: Cyberattack "provides a moment of reckoning"

Jacob Knutson

Microsoft President Brad Smith speaking in the White House in May 2020
Photo: Mandel Ngan/AFP via Getty Images

Microsoft President Brad Smith said in a blog post on Thursday that the suspected Russian cyberattack on multiple government agencies and U.S. companies is effectively "an attack on the United States and its government and other critical institutions, including security firms."

Why it matters: Smith said that the attack "unfortunately represents a broad and successful espionage-based assault on both the confidential information of the U.S. Government and the tech tools used by firms to protect them."

He also said that "while investigations (and the attacks themselves) continue, Microsoft has identified and has been working this week to notify more than 40 customers that the attackers targeted more precisely and compromised through additional and sophisticated measures."

Context: The cybersecurity firm FireEye said last week that its systems had been hacked by nation-state actors and that its clients, which include the U.S. government, had been placed at risk.

SolarWinds, which provides software to the government and corporations, also discovered a breach in its systems this week, allowing hackers to access information from multiple agencies and companies — including the Treasury, Commerce and Homeland Security departments.

What he's saying: "As much as anything, this attack provides a moment of reckoning," Smith said.

"It requires that we look with clear eyes at the growing threats we face and commit to more effective and collaborative leadership by the government and the tech sector in the United States to spearhead a strong and coordinated global cybersecurity response," he added.
"This is not 'espionage as usual,' even in the digital age. Instead, it represents an act of recklessness that created a serious technological vulnerability for the United States and the world."

Smith said the hackers, by including private companies in their attack on government agencies, have "put at risk the technology supply chain for the broader economy" and have weakened the "reliability of the world’s critical infrastructure."

To respond to the attack, Smith said that governments and private companies should share analysis of threats more often and strengthen international rules to hold nation-states accountable for cyberattacks.

"It will be critical for the incoming Biden-Harris Administration to move quickly and decisively to address this situation."

Biden promises retaliation for cyberattack
on government agencies

Jacob Knutson

Joe Biden speaking in Atlanta on Dec. 15. Photo: Jim Watson/AFP via Getty Images



President-elect Biden on Thursday said that a suspected Russian cyberattack on multiple government agencies and U.S. companies "is a matter of great concern" and promised to impose "substantial costs" to those responsible for the attack.

Driving the news: Biden's statement came just hours after the Cybersecurity and Infrastructure Agency alerted that evidence suggested that additional malware was used in what it described as “a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations.”

Context: The cybersecurity firm FireEye said last week that its systems had been hacked by nation-state actors and that its clients, which include the U.S. government, had been placed at risk.

SolarWinds, which provides software to the government and corporations, also discovered a breach in its systems this week, allowing hackers to access information from multiple agencies and companies — including the Treasury, Commerce and Homeland Security departments.

What they're saying: "I have instructed my team to learn as much as we can about this breach, and Vice President-elect Harris and I are grateful to the career public servants who have briefed our team on their findings and who are working around-the-clock to respond to this attack," Biden said on Thursday.

"A good defense isn’t enough; we need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place."

"We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners. Our adversaries should know that, as president, I will not stand idly by in the face of cyber assaults on our nation."


The big picture: President Trump has been largely silent about the attack, though the White House has held emergency meetings with officials across multiple agencies to address the breach, according to Bloomberg.

Thomas Bossert, Trump's former homeland security adviser, wrote in the New York Times on Wednesday, "The magnitude of this ongoing attack is hard to overstate."
"It will take years to know for certain which networks the Russians control and which ones they just occupy."

Go deeper: Russian hacking group is behind Treasury and Commerce email breach

Romney: White House should "say something aggressive" on Russian cyberattack

Shawna Chen



Photo: Tom Williams/CQ-Roll Call, Inc via Getty

Sen. Mitt Romney (R-Utah) called on the White House to “aggressively” condemn a suspected Russian cyberattack in an interview with SiriusXM on Thursday evening.

Why it matters: Since news broke that hackers tied to Russia penetrated U.S. government networks and companies, public officials including President-elect Biden have come forward with rebukes. President Trump has been largely silent, though the White House has held emergency meetings with officials across agencies to address the breach, per Bloomberg.

What he's saying: It’s “quite extraordinary” that the White House isn’t “aggressively speaking out and protesting and taking punitive action," Romney said.

“How could this possibly go on for so long?” Romney asked. “We clearly are not up to speed in defending our systems.”

The big picture: The Cybersecurity and Infrastructure Agency described the attack as “a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations.”

Biden released a statement shortly after, saying: “A good defense isn’t enough; we need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place."
"We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks,” Biden added.

The White House has not responded to Axios' request for comment.


https://www.axios.com/

No comments: