Pompeo confirms Russia WAS behind cyber attack on US that one Congressman compared to PEARL HARBOR - as experts say infected networks must be 'burned to the ground' and Senator calls it 'act of war'
- Mike Pompeo on Friday became first official to attribute breach to Russia
- Colorado congressman compares SUNBURST attack to 'cyber Pearl Harbor'
- Microsoft president says the attack is a 'moment of reckoning' for America
- Suspected Russian hackers breached key government agencies and companies
- Officials warn that hackers had ample opportunity to set up secret backdoors
- Breach went undetected for nine months giving hackers free reign in systems
- Experts say infected networks may need to be 'burned to the ground' and rebuilt
- Hackers conducted a 'dry run' of the attack more than a year ago
- Apparent espionage campaign has been called the largest breach in US history
By
KEITH GRIFFITH -
18 December 2020 Secretary of State Mike Pompeo has become the first U.S. official to publicly attribute a massive hacking campaign to Russia, after broad swathes of the federal government and private sector were revealed to be compromised.
'This was a very significant effort, and I think it's the case that now we can say pretty clearly that it was the Russians that engaged in this activity,' Pompeo told The Mark Levin Show on Friday.
Russian President Vladimir Putin's spokesman has denied Kremlin involvement, and the Russian embassy said in a statement that the country 'does not conduct offensive operations in the cyber domain.'
The sprawling attack, which went undetected for nearly nine months, compromised the Departments of Homeland Security, Justice, Treasury, State and Energy, as well as a growing list of companies and local governments across the country.
Officials with the nation's cybersecurity agency warn that the breach could be difficult to undo, saying the hackers 'demonstrated sophistication and complex tradecraft' and that it was likely that they had built additional secret backdoors while active inside the compromised networks.
Experts say there simply are not enough skilled threat-hunting teams to properly identify all the government and private-sector systems that may have been hacked, and warn infected networks may have to be 'burned to the ground' and rebuilt from scratch.
Secretary of State Mike Pompeo has become the first U.S. official to publicly attribute a massive hacking campaign to Russia. He is seen above with Putin in 2019
Senator Chris Coons, a Delaware Democrat, said: 'It's pretty hard to distinguish this from an act of aggression that rises to the level of an attack that qualifies as war'
The Pentagon was among the thousands of users of the infected network software. Teams are now hunting DoD networks for hidden backdoors and signs of the attackers
Democrats in Congress have spoken out about the cyber attack in strong terms, demanding a harsh response and blasting President Donald Trump, who has not spoken about the attack or appeared in public for the past five days.
'The situation is developing, but the more I learn this could be our modern day, cyber equivalent of Pearl Harbor,' said Rep. Jason Crow, a Colorado Democrat, in a tweet on Friday.
'Our nation is under assault. This cyberattack could be the largest in our history,' he added, before slamming Trump for his lack of public response to the cyber attack.
Senator Chris Coons, a Delaware Democrat, told MSNBC: 'It's pretty hard to distinguish this from an act of aggression that rises to the level of an attack that qualifies as war.'
Coons, 57, called the attack 'as destructive and broad scale an engagement with our military systems, our intelligence systems as has happened in my lifetime.'
Trump has not yet said anything publicly about the intrusion. He was being briefed 'as needed,' White House spokesman Brian Morgenstern told reporters on Friday.
National security adviser Robert O'Brien was leading interagency meetings daily, if not more often, he said.
'They're working very hard on mitigation and making sure that our country is secure. We will not get into too many details because we're just not going to tell our adversaries what we do to combat these things,' Morgenstern said.
'The situation is developing, but the more I learn this could be our modern day, cyber equivalent of Pearl Harbor,' said Rep. Jason Crow, a Colorado Democrat
'Cozy Bear': The Russian hacker cell suspected in attack
Russia denies involvement in the SUNBURST attack, but US officials say the nation is behind the 'Advanced Persistent Threat' (APT) that carried out the audacious breach.
Sources say that one top suspect is APT29, the Kremlin-linked group also known as Cozy Bear.
Cozy Bear is best known as the group said to be responsible for the 2016 breach of the Democratic National Committee's servers.
Experts believe that Cozy Bear operates as part of one of Russia's intelligence agencies.
Some doubt the attribution of SUNBURST to Cozy Bear, through, noting that the tools used in the attack have never been seen before.
The Democratic chairs of four House committees given classified briefings on the hack by the Trump administration issued a statement complaining that they "were left with more questions than answers."
"Administration officials were unwilling to share the full scope of the breach and identities of the victims," they said.
Morgenstern said earlier that disclosing such details only helps U.S. adversaries.
The long-term planning of the attack became clear on Friday, as officials said that the hackers appeared to have conducted a dry run over a year ago, testing their ability to insert malicious code into network management software from SolarWinds Corp, which was later delivered to some 18,000 of the company's customers.
Private security companies say that the breach bears the hallmarks of a Kremlin operation. Some have pointed at the Russian hacking cell dubbed 'Cozy Bear' -- though other experts argue that the tools and methods used in the new attack are different from any past breach, making attribution tricky.
'At the moment, there are no technical links with previous attacks, so it may be an entirely new actor,' security firm Kaspersy said in a blog post.
FireEye, the cybersecurity company that discovered the intrusion into U.S. agencies and was among the victims, has already tallied dozens of casualties. It's racing to identify more.
'We have a serious problem. We don't know what networks they are in, how deep they are, what access they have, what tools they left,' said Bruce Schneier, a prominent security expert and Harvard fellow.
The only way to be sure a network is clean is 'to burn it down to the ground and rebuild it,' Schneier said.
He compared the situation to learning that a serial killer has been inside your house, with his own key. 'You don't know if he's gone. How do you get work done? You kind of just hope for the best,' he said.
A spokesman for Russian President Vladimir Putin denied Russia was behind the attack
Trump has not made any remarks addressing the attack and has not appeared in public for five days, but posted this Christmas card photo on Friday with First Lady Melania
Many federal workers - and others in the private sector - now must presume that unclassified networks are teeming with spies.
Agencies will be more inclined to conduct sensitive government business on Signal, WhatsApp and other encrypted smartphone apps.
'We should buckle up. This will be a long ride,' said Dmitri Alperovitch, co-founder and former chief technical officer of the leading cybersecurity firm CrowdStrike. 'Cleanup is just phase one.
Meanwhile, Microsoft President Brad Smith called the attack a 'moment of reckoning' that 'illuminates the ways the cybersecurity landscape continues to evolve and become even more dangerous.'
Microsoft, one of the thousands of companies to receive the malicious update, said it had notified more than 40 customers around the world whose networks were infiltrated by the hackers.
The list of victims includes not only government agencies, but security and other technology firms as well as think tanks and government contractors.
'The attack unfortunately represents a broad and successful espionage-based assault on both the confidential information of the U.S. Government and the tech tools used by firms to protect them,' Smith wrote in a blog post.
'The coming months will present a critical test, not only for the United States but for other leading democracies and technology companies,' he added.
No comments:
Post a Comment
Note: only a member of this blog may post a comment.