Four days ago, on December 13, Reuters broke
the story that computer hackers had breached U.S. government agencies,
including the Treasury Department and the Commerce Department. It was serious
enough that the National Security Council had been called into an emergency
meeting on Saturday.
While no nation has yet been charged with this attack, officials agree that it
looks like a Russian operation.
On Monday, the story got worse. Also hit were the Department of Homeland Security, the State Department, and the National Institutes of Health. Officials at the Cybersecurity and Infrastructure Security Agency (CISA) in the Department of Homeland Security told all federal agencies to disconnect the products containing the malware that had been used to breach the firewalls. Those products had been installed as far back as March, meaning that the attackers had been able to observe crucial aspects of our government from the inside for as much as nine months.
Government officials
found out about the breach only after a private cybersecurity firm, FireEye, realized
it had been hacked and alerted the FBI. Hackers planted the malware they used
to get into the systems on a patch issued by the software company, SolarWinds,
which produces widely used management software.
The story is getting worse still.
Today CISA said that the hackers used many
different tools to get into government systems, taking them into critical
infrastructure, which could include the electrical grid, telecommunications
companies, defense contractors, and so on. Officials said that the hacks were
“a grave risk to the federal government.”
Later in the day, it came out that the Energy Department and the National
Nuclear Security Administration, which oversees our nuclear weapons, was also
hit, although a Department of Energy spokesperson said that there is no
evidence that the hackers breached critical defense systems, including the
NNSA.
Microsoft’s president, Brad Smith, today said
the company had identified 40 different companies, government agencies, and
think tanks the hackers infiltrated, and that those forty were just the tip of
the iceberg. Smith said that more companies had been hit than government
agencies, “with a big focus on I.T. companies, especially in the security
industry.”
The Associated Press quoted a U.S. official as saying:
“This is looking like it’s the worst hacking case in the history of America.
They got into everything.” Tom Kellermann, the cybersecurity strategy chief of
the software company VMware, told Ben Fox of the Associated Press that
the hackers could now see everything in the federal agencies they’ve hacked,
and that, now that they have been found out, “there is viable concern that they
might leverage destructive attacks within these agencies.”
It is not clear yet how far the hackers have penetrated, and we will likely
not know for months. But given the fact they have had access to our systems
since March and have almost certainly been planting new ways into them (known
as “back doors”), all assumptions are that this is serious indeed.
Initially, Secretary of State Mike Pompeo downplayed the attack, saying
that such attacks are common and that China, not Russia, is the biggest
offender. Trump has said nothing about the attacks, and administration
officials say that they are simply planning to hand the crisis off to Biden.
But this attack does not come out of the blue for the Trump
administration. There was discussion of strengthening our security systems
against attackers after the 2016 election, and on July 9,
2017, Trump suggested we would partner with Russia to address the issue. “Putin
& I discussed forming an impenetrable Cyber Security unit so that election
hacking, & many other negative things, will be guarded,” he tweeted.
Congress instead created the CISA within the Department of Homeland
Security in 2018 to protect against precisely the sort of attack which has just
occurred, shortly after Russia hacked our electrical grid, including “multiple
organizations in the energy, nuclear, water, aviation, construction, and
critical manufacturing sectors,” according to the FBI and Department of
Homeland Security report.
In response to the Russian attack, the U.S. hit Russia’s electrical grid
in June 2019.
Since then, administration officials have deliberately forced out of CISA
key cybersecurity officials. The destruction was so widespread, according to
Dr. Josephine Wolff, a professor of cybersecurity policy at Tufts University’s
Fletcher School who holds her PhD from the Massachusetts Institute of
Technology (MIT), “they signify the systematic decimation of the personnel most
directly responsible for protecting critical infrastructure, shielding our
elections from interference and guarding the White House’s data, devices and
networks.”
Almost exactly a year ago, on December 19,
2019, Wolff warned in the New York Times that “As we head
into 2020, worrying about the integrity of our elections, the growing scourge
of ransomware and the increasingly sophisticated forms of cyberespionage and
cyber sabotage being developed by our adversaries, it’s disconcerting to feel
that many of our government’s best cybersecurity minds are walking out the
front door and leaving behind too few people to monitor what’s coming in our
back doors.”
Just a month ago, Trump continued this process, firing Christopher Krebs,
the former director of CISA, on November 18,
saying he was doing so because Krebs defended the 2020 election as “the most
secure in American history.” Krebs said that there “is no evidence that any
voting system deleted or lost votes, changed votes, or was in any way
compromised.”
And now, here we are. Senator Mitt Romney (R-UT) said to SiriusXM about
the hack: "Our national security is extraordinarily vulnerable. And, in
this setting, to not have the White House aggressively speaking out and
protesting and taking punitive action is really, really quite
extraordinary."
The timing of the exposure of this hack might be coincidence, but it is
curiously well timed. It illustrates to the world that Russia now holds power
over the U.S. while the perpetrators can assume, after four years of Trump’s
refusal to stand up to Putin, that they will not have to face immediate
retaliation for the attack as they would have to if it were revealed just a
month later.
President-elect Biden was briefed on the attack today. He warned that his administration would
impose “substantial costs on those responsible for such malicious attacks,
including in coordination with our allies and partners.” “A good defense isn’t
enough; we need to disrupt and deter our adversaries from undertaking
significant cyberattacks in the first place,” Biden said. “I will not stand
idly by in the face of cyber assaults on our nation.”
-Heather Cox Richardson
—-
Notes:
https://www.nytimes.com/2020/12/17/us/politics/russia-cyber-hack-trump.html
https://www.cnn.com/2020/11/12/politics/2020-election-trump-voter-conspiracies/index.html
https://www.cnn.com/2020/11/17/politics/chris-krebs-fired-by-trump/index.html
https://www.nytimes.com/2019/12/19/opinion/cybersecurity-departures-government.html
https://www.documentcloud.org/documents/6509666-Cyber-memo.html
https://www.vox.com/world/2018/3/28/17170612/russia-hacking-us-power-grid-nuclear-plants
Do you remember when Trump believed Putin instead of the 16 U.S. Intelligence agencies?
ReplyDelete“…Trump’s performance in Helsinki on Monday [July 16, 2018] should have come as no surprise. And yet there was surprise — even shock — when the president of the United States stood onstage alongside Russian President Vladimir Putin and accepted the former KGB officer's denials regarding that interference.
“Trump was asked directly which one he believed: his own intelligence community or Putin. In so many words, Trump gave the answer: Putin… Sen. John McCain, the Arizona Republican, called it ‘one of the most disgraceful performances by an American president in memory.’
“Sen. Bob Casey, the Pennsylvania Democrat, said Trump had ‘shamed the office of presidency’ with his ‘dangerous and reckless’ reaction to Putin — ‘a new low and profound embarrassment for America.’
“The mildest judgment seemed to be that the president's whiff was a missed opportunity. But at the other end of the Twitter scale was former CIA Director John Brennan, calling it ‘nothing short of treasonous.’…
“‘My people came to me. Dan Coats came to me, and some others,’ Trump said. ‘They said they think it's Russia. I have President Putin. He just said it's not Russia. I will say this: I don't see any reason why it would be.’ Coats also just repeated that the Russians had been behind the attacks, that they had done it to boost Trump's candidacy and that they were still at it now. ‘The warning lights are blinking red again,’ Coats said, as they had in the days before Sept. 11, 2001.
“Yet here was Coats' boss, live on the world stage, deliberately passing on the opportunity to confront Putin about the attack and hold him accountable — two things the White House and various administration officials had promised he would do. Much of America was watching, and much of the world. And you could hear the question arising from countless places at once:
“This is akin to those analyses exploring how ‘meddling’ as a verb trivializes the Russian assault, or suggesting that the U.S. has also taken an interest in elections around the world… But competing theories for Trump's behavior abound. On one extreme we have Jonathan Chait's frankly speculative construct in New York magazine that suggests Trump became involved with various Russian figures as far back as the late 1980s, when he needed money and could not raise it in the U.S. — a situation that has recurred several times since with far larger sums of money. Others prefer to see Trump's affinity for Putin as part of a pattern of preferences among world leaders. The U.S. president has also expressed admiration for such autocratic leaders as Turkey's Recep Tayyip Erdogan or the Philippines' Rodrigo Duterte” (NPR).
"It is Joe Biden’s biggest foreign policy headache. As well as confronting the Covid pandemic, the president-elect has to deal with a more familiar problem: Russia. Moscow’s meddling in the 2016 US presidential election cast a shadow over US politics for four long years.
ReplyDelete"And now the Kremlin appears to have struck again. This week details emerged of an unprecedented cyber-attack against US government departments. Beginning in March, suspected Russian hackers penetrated Washington’s signature institutions.
"They include the commerce and treasury departments, homeland security, nuclear laboratories and the Pentagon, as well as leading Fortune companies. For months the Russian spies roamed at will, apparently undetected. Only now are aghast officials scoping the damage.
"The hacking is a brutal reminder of how Vladimir Putin and the KGB agents around him view the world. They regard the US as the glavniy protivnik or main enemy. This adversarial cold war mindset endures, regardless of whether a Trump or a Biden sits in the White House.
"This latest cyber-attack can be explained as part of Moscow’s continuous almost-but-not-quite war against the west. It is an asymmetric conflict, fought on Moscow’s side by shadow state operatives. Some are assassins, deployed in Salisbury and Siberia. Others are backroom computer or chemical experts..." (The Guardian, December 18, 2020).