Hackers accessed top DHS emails
Suspected Russian agents gained access to accounts under the Trump administration, raising concerns.
Suspected Russian hackers gained access to email accounts belonging to the Trump administration’s head of the Department of Homeland Security and members of the department’s cybersecurity staff whose jobs included hunting threats from foreign countries, The Associated Press has learned.
The intelligence value of the hacking of then-acting Secretary Chad Wolf and his staff is not publicly known, but the symbolism is stark.
Their accounts were accessed as part of what’s known as the SolarWinds intrusion, and it throws into question how the U.S. government can protect individuals, companies and institutions across the country if it can’t protect itself.
The short answer for many security experts and federal officials is that it can’t — at least not without some significant changes.
“The SolarWinds hack was a victory for our foreign adversaries, and a failure for DHS,” said Sen. Rob Portman of Ohio, top Republican on the Senate’s Homeland Security and Governmental Affairs Committee. “We are talking about DHS’s crown jewels.”
The Biden administration has tried to keep a lid on the scope of the SolarWinds attack as it weighs retaliatory measures against Russia. But an inquiry by the AP found new details about the breach at DHS and other agencies, including the Energy Department, where hackers accessed top officials’ schedules.
The AP interviewed more than a dozen current and former U.S. government officials, who spoke on the condition of anonymity.
The vulnerabilities at Homeland Security, in particular, intensify the worries following the SolarWinds attack and an even more widespread hack affecting Microsoft Exchange’s email program, especially because in both cases the hackers were detected not by the government but by a private company.
In December, officials discovered what they describe as a monthslong cyberespionage effort done largely through a hack of a widely used software from Texas-based SolarWinds Inc.
At least nine federal agencies were hacked, along with dozens of private-sector companies.
U.S. authorities have said the breach appeared to be the work of Russian hackers.
Gen. Paul Nakasone, who leads the Pentagon’s cyberforce, said last week that the Biden administration is considering a “range of options” in response.
Russia has denied any role in the hack.
At least one other Cabinet member besides Wolf was affected. The hackers were able to obtain the schedules of officials at the Energy Department, including then-Secretary Dan Brouillette, one former high-placed administration official said. The schedules were not confidential and are subject to open records laws.
The new disclosures provide a fuller picture of what kind of data was taken in the SolarWinds hack. Several congressional hearings have been held on the subject.
Rep. Pat Fallon, R-Texas, indicated at one of the hearings that a DHS secretary’s email had been hacked but did not provide additional detail. The AP was able to identify Wolf, who declined to comment other than to say he had multiple email accounts as secretary.
DHS spokesperson Sarah Peck said that “a small number of employees’ accounts were targeted in the breach” and that the agency “no longer sees indicators of compromise on our networks.”
The Biden administration has pledged to issue an executive order soon to address “significant gaps in modernization and in technology of cybersecurity across the federal government.”