Last year Russian spies effectively demonstrated that future wars are likely to be fought in front of a computer screen. The SolarWinds cyber attack came about after Russian military hackers sabotaged a computer code hidden in a widely-used piece of software which then spread to thousands of private and government computer networks.
Through the offer of a “software update” the hackers were able to enter the systems of numerous U.S. agencies including the Departments of State, Energy, Commerce, Justice and Treasury and rifle through court documents, top-level communications and nuclear secrets.
Analysts say that the SolarWinds attack is the largest and most sophisticated such occurrence that the world has ever seen. It has the potential to interrupt the basic information technology on which the world revolves from electrical and water delivery systems to our internet connection including that to Fair Go casino and other entertainment activities.
Microsoft was targeted by the SolarWinds attack. Microsoft proprietary source code, used to build Microsoft software product, was stolen via the SolarWinds third-party software that Microsoft and other computer networks use to manage, connect and monitor their networks.
Smith told CBS News that, “One of the really disconcerting aspects of this attack was the widespread and indiscriminate nature of it. What this attacker did was identify network management software from a company called SolarWinds. They installed malware into an update for a SolarWinds product. When that update went out to 18,000 organizations around the world, so did this malware.
SolarWinds Orion is used by many high-level computer systems. Companies and government I.T. departments have found it to be indispensible but the hackers rewrote its computer code and distributed it to customers as a “routine update.” This gave the hackers access to those systems that clicked on the update through a secret backdoor from where they could peruse files at their leisure.
Smith estimates that at least 1000 engineers were involved in the SolarWinds attacks. He expects the attacks to continue.
The hack was discovered by FireEye, a cybersecurity company whose mission is to identify evolving threats and tactics and find solutions that prevent cyber intruders from accessing computer networks. FireEye works primarily with governments and major companies. It’s founder and CEO is Kevin Mandia a former Air Force intelligence officer.
FireEye used SolarWinds to help them manage their system but when a FireEye employee noticed that a dual-step login featured two phone numbers, it triggered an investigation that determined that the intruders were impersonating employees to log in and enter the network so that they could steal FireEye’s proprietary tools. From there, the hackers access the systems of FireEye’s clients.
The question for FireEye investigators was, how did the hackers break in? There was no evidence of malware or phishing that would give them a handle from which to launch the investigation. But once they zeroed in on SolarWinds as a source for the compromise and tore it apart, they found the malware and alerted the world.
The amount of damage that the SolarWinds hack caused is incalculable. They surfed through the files and emails of multiple U.S. agencies as well as some of the world’s biggest high-tech firms. Microsoft’s Smith says that it’s almost certain that the malware spread to other networks that have not yet been identified.
Trump, who was involved in contesting the results of the 2020 presidential election when news of SolarWinds broke, blamed the attack on the Chinese but almost immediately his Attorney General, Secretary of State, Secretary of Homeland Security and FBI said that they had determined that the attack came from Russia. The main suspect is the SVR, a Russian spy agency. Russia denies involvement.
Supply Chain Disruption
If, in fact, the attack was launched from Russia, it’s not the first time that the Russians have set out to disrupt a whole society with a supply chain disruption tactic.
The strategy was developed during Russia’s war in the Ukraine where they broke into thousands of Ukraine’s networks by sabotaging a widely-used piece of software.
In that case, the goal wasn’t to spy but to cause the devices to self-destruct. Brad Smith says, “It literally damaged more than 10% of that nation’s computers in a single day. The television stations couldn’t produce their shows because they relied on computers. Automated teller machines stopped working. Grocery stores couldn’t take a credit card. Now, what we saw with this attack was something that was more targeted, but it just shows how if you engage in this kind of tactic, you can unleash an enormous amount of damage and havoc.”
Chris Inglis, who served as deputy director of the National Security Agency where he oversaw America’s top cyber warriors, discussed the government’s failure to detect the hack before it could do the kind of damage that it’s done.
Inglis says that, since the government doesn’t oversee private sector networks, it wouldn’t have found it on the non-government systems at any rate. However, the government’s failure to find the virus on their own networks is disappointing. They relied on a cyber-detection program called “Einstein” which the hackers outsmarted by setting up their attacks from U.S.-based servers instead of the overseas servers that are monitored by the NSA.
Inglis explained to CBS News, “U.S. Intelligence Community, U.S. Department of Defense, can suggest what the intentions of other nations are based upon what they learn in their rightful work overseas. But they can’t turn around and focus their unblinking eye on the domestic infrastructure. That winds up making it more difficult for us.”
Once they have access a network, it’s hard to remove the hackers, says Inglis. Cybersecurity experts are still working on trying to understand the various manifestations of the virus, other places that it might have infiltrated and how it might be activated to do further damage.
Jon Miller, a former hacker who now builds cyberweapons for his own Boldend company, reminds us that the Internet safety that we take for granted is not at all secure. Any device, he says, can be easily compromised. “When you buy something from a tech company, a new phone or a laptop, you trust that that is secure when they give it to you.
And what they’ve shown us in this attack is that is not the case. They have the ability to compromise those supply chains and manipulate whatever they want. Whether it’s financial data, source code, the functionality of these products. They can take control.”