Russia suspected of massive US government hacking operation
The Trump administration acknowledged yesterday that hackers acting on behalf of a foreign government — almost certainly a Russian intelligence agency, according to federal and private experts — broke into a range of key government networks, including in the Treasury and Commerce departments, and had free access to their email systems.
Officials said a hunt was on to determine if other parts of the government had been victimised by what looked to be one of the most sophisticated, and perhaps among the largest, attacks on federal systems in the past five years. Several said a series of national security-related agencies were also affected, though it was not clear whether the systems contained highly classified material.
In public, the Trump administration said little about the hack, which suggested that while the government was worried about Russian intervention in the 2020 election, key agencies working for the administration — and unrelated to the election — were actually the subject of a sophisticated attack that they were unaware of until recent weeks.
“The United States government is aware of these reports, and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” John Ullyot, the spokesman for the National Security Council, said in a statement. The Commerce Department acknowledged that one of its agencies had been targeted, without naming it, and the Department of Homeland Security’s cybersecurity agency, whose leader was fired by President Donald Trump last month for declaring there had been no widespread election fraud, said in a statement that it had been called in as well.
The motive for the attack on the Treasury and Commerce departments remains elusive, two people familiar with the matter said. One government official said it was too soon to tell how damaging the recent attacks were and how much material was lost.
The revelation came less than a week after the National Security Agency, which is responsible for both breaking into foreign computer networks and defending the federal government’s most sensitive national security systems, issued a warning that “Russian state-sponsored actors” were exploiting flaws in a system that is broadly used in the federal government.
At the time, the NSA refused to give further details of what prompted the urgent warning. Shortly afterward, FireEye, a leading cybersecurity firm, announced that hackers working for a state had stolen some of its prized tools for finding vulnerabilities in its clients’ systems, including the federal government’s. That investigation also pointed toward SVR, one of Russia’s leading intelligence agencies.
If the Russia connection is confirmed, it will be the most sophisticated known theft of US government data by Moscow since a two-year spree in 2014 and 2015 in which Russian intelligence agencies gained access to the unclassified email systems at the White House, the State Department and the Joint Chiefs of Staff.
It took years to undo the damage, but President Barack Obama decided at the time not to name the Russians as the perpetrators — a move that many in his administration now regard as a mistake.
Emboldened, the same group of hackers went on to hack the systems of the Democratic National Committee and top officials in Hillary Clinton’s campaign, touching off investigations and fears that permeated the 2020 contest.