Sri Lanka: One Island Two Nations

Search This Blog

Thursday 17 December 2020

BREAKING NEWS: Russian hackers are a 'grave' threat, federal security agency warns as expert says government and biggest businesses are an open book to Putin's spies

  • Thomas Bossert, who was White House homeland security adviser in 2017 and 2018, warned 'Russian' hack is on unprecedented scale
  • Kremlin denies its hackers are behind Solar Wind hack but experts say denial is worthless and all signs point directly to Putin's spies
  • US security officials said the attack was 'significant and ongoing'
  • Suspected Russian hackers are thought to have had email access since June
  • Attack was uncovered by security firm FireEye which noticed a suspicious login 
  • But the scale is jaw-dropping with hundreds of federal networks affected, Bossert said -  and most Fortune 500 firms too
  • He said Russians can steal secrets, fake data and even impersonate real Americans 
Russian attack: Thomas Bossert, who was Trump's national security adviser in 2017 and 2018, says that Vladimir Putin's cyber spies are lodged in hundreds of federal computer networks and those of many of the largest companies


A hack being blamed on Vladimir Putin's cyberspies poses a 'grave' risk to government and private networks, the federal governments computer safety agency warned Thursday.

The Cybersecurity and Infrastructure Security Agency said in its most detailed comments yet that the intrusion has compromised government agencies as well as 'critical infrastructure' in a sophisticated attack that was hard to detect and will be difficult to undo.

CISA did not say which agencies or infrastructure were breached or what information taken in an attack that it previously said appeared to have begun in March.

'This threat actor has demonstrated sophistication and complex tradecraft in these intrusions,' the agency said in an unusual alert

'CISA expects that removing the threat actor from compromised environments will be highly complex and challenging.'

The agency previously said that the perpetrators had used network management software from Texas-based SolarWinds to infiltrate computer networks. Its new alert said the attackers may have used other methods as well.

The alert was issued after the former homeland security adviser to Donald Trump warned Thursday that a massive hack of federal computers may have put Russian spies in control of hundreds of government networks - and that nothing is being done to remove them.

The cybercriminals are almost certainly in the vast majority of the fortune 500's computer networks and can steal secrets at will, he warned. 

Thomas Bossert, writing in the New York Times, said the attack, which experts say is almost certainly by Russian state hackers, was one of the worst imaginable threats to security and world stability and needed action by Trump and Joe Biden to prevent it causing catastrophe.

The one-time aide warned 'the magnitude of this ongoing attack is hard to overstate' and said it appeared that Russians could be 'in control' of hundreds of computer networks. 

Vladimir Putin's government has denied they are behind the hack but that has been discounted by other experts, who say that the scale and precision of the hack points directly to the Kremlin.

'It will take years to know for certain which networks the Russians control and which ones they just occupy,' he said.

'The logical conclusion is that we must act as if the Russian government has control of all the networks it has penetrated. But it is unclear what the Russians intend to do next. The access the Russians now enjoy could be used for far more than simply spying.'

WHO'S KNOWN TO HAVE BEEN TARGETED BY HACKERS SO FAR

Pentagon

Treasury

Department of State 

Department of Homeland Security 

Commerce Department

National Institutes of Health

Bossert warned that Russia could use the secrets it knows to sow division, spread disinformation, destroy or alter data and even impersonate real people.

Additionally, he warned, they probably have access to the networks of as many as 425 of the Fortune 500, America's largest companies.

 The warning was echoed by Thomas Rid, a Johns Hopkins cyberconflict expert, who said the campaign's likely efficacy can be compared to Russia's three-year 1990s 'Moonlight Maze' hacking of U.S. government targets, including NASA and the Pentagon.

A U.S. investigation determined the height of the documents stolen - if printed out and piled up - would triple the height of the Washington Monument.

In this case 'several Washington Monument piles of documents that they took from different government agencies is probably a realistic estimate,' Rid said.

'How would they use that? They themselves most likely don't know yet.'

The Trump administration has not said which agencies were hacked. And so far no private-sector victims have come forward. 

Traditionally, defense contractors and telecommunications companies have been popular targets with state-backed cyber spies, Rid said.   

The suspected Russian cyber-attack on the US government remains 'ongoing' and may have hit as many as 12 federal agencies after a software breach allowed the hackers to read government emails for months. 

Security officials said that the attack was 'significant and ongoing' and said the FBI was working to 'pursue and disrupt' the hackers. 

The breach of SolarWinds software - used by federal agencies and major companies - was uncovered by a cyber security firm and government contractor called FireEye, which noticed a suspicious log-in on its network. 

According to Politico, FireEye representatives told lawmakers that an employee had apparently been duped into revealing his two-factor authentication details - although company officials denied the account given by congressional staffers. 

You've been hacked: The departments of Treasury, Commerce, State and Homeland Security are thought to have been targeted along with the Pentagon and National Institutes of Health

You've been hacked: The departments of Treasury, Commerce, State and Homeland Security are thought to have been targeted along with the Pentagon and National Institutes of Health 

FireEye says a 'nation with top-tier offensive capabilities' was behind the attack, which inserted malicious code into a SolarWinds software update. 

As many as 18,000 customers are thought to have downloaded the corrupted update, affecting officials at the Treasury, State and Defense departments among others, it is believed. 

The hackers are feared to have had access to government emails as far back as June, although the full extent of the damage is not yet clear. 

FireEye says the hackers had 'primarily sought information related to certain government customers' who use the cyber security firm. 

The California-based firm says the attackers stole some of its 'red team' software which mimics cyber-attacks to test the security of its clients' computers. 

However, the foreign hackers eventually got caught after trying to register a new device on FireEye's systems, tipping the company off to the wider cyber-attack. 

According to the two aides reporting on the congressional hearing, a FireEye employee is said to have been tricked into away their login details. 

But the company denied this, saying that the SolarWinds attack, rather than a separate security breach, was the source of the intrusion into FireEye. 

The SolarWinds attack is thought to have begun in March and continued for months until federal officials were told to 'disconnect or power down' the software. 

The Pentagon (pictured) is thought to be one of a dozen victims of a cyber-attack which officials suspect was directed by the Russian government

The Pentagon (pictured) is thought to be one of a dozen victims of a cyber-attack which officials suspect was directed by the Russian government 

Last night, the FBI, Cybersecurity and Infrastructure Security Agency (CISA) and Office of the Director of National Intelligence (ODNI) said in a joint statement that the 'full extent' of the attack was still becoming clear. 

'This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government,' they said. 

'As the lead for threat response, the FBI is investigating and gathering intelligence in order to attribute, pursue, and disrupt the responsible threat actors. 

'The FBI is engaging with known and suspected victims, and information gained through FBI's efforts will provide indicators to network defenders and intelligence to our government partners to enable further action. 

'As the lead for intelligence support and related activities, ODNI is helping to marshal all of the intelligence community's relevant resources to support this effort and share information across the United States Government.'   

The agencies have created a coordination unit and emergency talks are being held at the White House on a daily basis to discuss the government's response.

US national security adviser Robert O'Brien cut short a trip to the Middle East and Europe this week to deal with the fallout from the hack.

The agencies did not confirm the targets of the cyber attack, but the departments of Homeland Security, the Treasury, Commerce, State and Defense as well as the National Institutes of Health are all thought to have been hit. 

SolarWinds and FireEye have both pointed the finger at hackers linked to the Russian government. 

Mike Pompeo also pointed to Moscow on Monday, saying the Russian government had made repeated attempts to breach US government networks.

Read More

No comments:

Post a Comment

Note: only a member of this blog may post a comment.