Northwest Arkansas Democrat-Gazette
U.S. agency warns of hack’s ‘grave’ risk
WASHINGTON — Federal authorities expressed increased alarm Thursday about an intrusion into U.S. and other computer systems around the globe that officials suspect was carried out by Russian hackers. The nation’s cybersecurity agency warned of a “grave” risk to government and private networks.
The Cybersecurity and Infrastructure Security Agency said in its most detailed comments yet that the intrusion had compromised federal agencies as well as “critical infrastructure” in a sophisticated attack that was hard to detect and will be difficult to undo.
The agency did not say which agencies or infrastructure had been breached or what information taken in an attack that it previously said appeared to have begun in March. The Department of Energy acknowledged in a separate statement that it was among those that had been hacked.
“This threat actor has demonstrated sophistication and complex tradecraft in these intrusions,” the agency said in its unusual alert. “[The Cybersecurity and Infrastructure Security Agency] expects that removing the threat actor from compromised environments will be highly complex and challenging.”
resident-elect Joe Biden said he would make cybersecurity a top priority of his administration, but that stronger defenses are not enough.
“We need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place,” he said. “We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners.”
The cybersecurity agency previously said the perpetrators had used network management software from Texas’ SolarWinds to infiltrate computer networks. Its new alert said the attackers may have used other methods, as well.
Over the weekend, after reports that the Treasury and Commerce departments were breached, the cybersecurity agency directed all civilian agencies of the federal government to remove SolarWinds from their servers. The cybersecurity agencies of Britain and Ireland issued similar alerts.
A U.S. official previously said Russian hackers were suspected, but neither the cybersecurity agency nor the FBI has publicly said who is believed to be responsible. Asked whether Russia was behind the attack, the official said: “We believe so. We haven’t said that publicly yet because it isn’t 100% confirmed.”
Another U.S. official, speaking Thursday on condition of anonymity to discuss a matter that is under investigation, said the hack was severe and extremely damaging although the administration was not yet ready to publicly blame anyone for it.
“This is looking like it’s the worst hacking case in the history of America,” the official said. “They got into everything.”
The official said the administration is working on the assumption that most, if not all, government agencies were compromised but the extent of the damage was not yet known.
At the Department of Energy, the initial investigation revealed that malware injected into its networks through a SolarWinds update has been found only on its business networks and has not affected national-security operations, including the agency that manages the nation’s nuclear weapons stockpile, according to its statement. It said vulnerable software was disconnected from the department network to reduce any risk.
The intentions of the perpetrators appear to be espionage and gathering information rather than destruction, according to security experts and former government officials.
Thomas Bossert, a former Trump Homeland Security adviser, said in an opinion article in The New York Times that the U.S. should now act as if the Russian government had gained control of the networks it has penetrated. “The actual and perceived control of so many important networks could easily be used to undermine public and consumer trust in data, written communications and services,” he wrote.”
Members of Congress said they feared that taxpayers’ personal information could have been exposed because the IRS is part of the Treasury Department, which used SolarWinds software.
Tom Kellermann, cybersecurity strategy chief of the software company VMware, said the hackers are now “omniscient to the operations” of federal agencies they’ve infiltrated “and there is viable concern that they might leverage destructive attacks within these agencies” in reaction to a U.S. response.
Cybersecurity officials did not respond to questions and so it was unclear what it meant by a “grave threat” or by critical infrastructure. The Department of Homeland Security, its parent agency, defines such infrastructure as any “vital” assets to the U.S. or its economy, a broad category that could include power plants and financial institutions.
“This is looking like it’s the worst hacking case in the history of America. They got into everything.” — Anonymous U.S. official