Microsoft President told how Russian spies managed to disrupt US cybersecurity

One of the sensational events of the past year, in addition to the Covid-19, was the cyber war between US and Russia. Russian cyber soldiers released their own infection by infiltrating a tiny piece of computer code hidden in popular software called SolarWinds and gaining access to digital files from the US Department of Justice, State, Treasury, Energy, and Commerce – affecting a total of 18,000 public and private computer networks through one of those software updates.

Brad Smith, President of Microsoft talked about how they managed to do this. According to him, this is the largest and most sophisticated attack the world has ever seen. One of the really confusing aspects of this attack was its widespread and nonselective nature. This attacker identified SolarWinds’ network management software. They installed malware into the update to the SolarWinds product. When this update was distributed to 18,000 organizations worldwide, the same thing happened with this malware.

When Microsoft analyzed everything they revealed, they wondered how many engineers were working on these attacks. And the answer they came up with was over a thousand.

The world might still be unaware of this hack if it wasn’t FireEye, a cybersecurity company run by Kevin Mandia, a former Air Force intelligence officer. They found malware inside SolarWinds and on December 13th, reported the insolent attack to the world. Most of the damage has already been inflicted.

The US Department of Justice has admitted that the Russians have been in their computers for months, gaining access to mail traffic, but the Department does not tell us exactly what was stolen. It’s the same with Treasury, Commerce, NIH, Energy. Even the agency that protects and transports our nuclear arsenal.

The disclosure fell on difficult times, when US President Trump contested the election and held China responsible for the hack in his tweet. Hours later, his own Secretary of State and the Attorney General objected. They blamed Russia. The Department of Homeland Security, the FBI and intelligence agencies agreed. They detected SVR, one of several Russian spy agencies, which the US calls “constant threats,” as prime suspect. Russia denies its involvement.

The Russians have been testing cyber weapons in Ukraine for years. NotPetya, a 2017 attack damaged over 10% of this country’s computers in one day. Broadcast stations were unable to release their shows as they relied on computers. ATMs cut out. Grocery stores couldn’t accept a credit card. We evidenced the targeted attack, but it just shows how you you can inflict massive damage and destruction using similar tactics.

The problem is that the US Department of Defense’s intelligence community can suggest the other countries’ intentions based on what they learn from their legitimate work abroad. However they cannot turn their focus to the internal infrastructure.

The government does not look at private sector networks. The Department of Homeland Security has spent billions on an “Einstein” program to detect cyber attacks on government agencies. The Russians circumvented it. They bypassed the NSA, which collects intelligence overseas, but they are prohibited from monitoring US computer networks. So the Russians launched their attacks from servers anonymously set up in the United States.

It’s hard to kind of get something like this completely out of the system. And they certainly don’t understand all the places that it’s gone to, all of the manifestations of where this virus, where this software still lives. And that’s gonna take some time. And the only way you’ll have absolute confidence that you’ve gotten rid of it is to get rid of the hardware, to get rid of the systems. Otherwise you will not be sure that you have gotten this out of the systems.

The story is going on. New companies are hacked. Tomorrow we will see new hacked companies that were not hacked this morning. It can be different in that case when you catch someone on the spot and prevent from further disruptive actions. Well, this is not the case.

Leave a Reply