Normally we use this space to bring together the biggest stories from all walks of the cybersecurity world. This week we are making an exception, because there really is only one story: how Russia pulled off the biggest spy hack on record.
Russia’s hack into computer management company SolarWinds began as early as March, and only emerged when the authors used this access to enter the FireEye cybersecurity company, which revealed a violation on December 9. Since then a a cascading number of victims has been identified, including the U.S. departments of state, homeland security, commerce, and the treasury, as well as the national institutes of health. The nature of the attack – and the great care taken by the hackers – means that it could be months or more before the extent of damage is known. The impact is already devastating, however, and it shows just how ill-prepared the United States had to defend against a known threat – and reply. It is also in progress.
And there is so much more. Below, we’ve rounded up the most important SolarWinds stories to date on the internet. Click on the headlines to read them and stay safe there.
Reuters has told several stories about the SolarWinds hack and its fallout, but this piece takes a step back to look at the business at the heart of it. The IT management company has hundreds of thousands of customers – including 18,000 who were vulnerable to attacks from Russia – who depend on it for network monitoring and other services. Its security practices appear to have been lacking on several fronts, including the use of the “solarwinds123” password for its update server. (It’s not suspected to be related to the current attack, but… still.)
The Wall Street Journal This week shared new details about what happened inside FireEye earlier this month, as he discovered and responded to his own compromise. The tip: An employee received an alert that someone had connected to the company’s VPN using their credentials from a new device. Over 100 FireEye employees participated in the response, which involved scanning 50,000 lines of code to identify any anomalies.
Over the past few years, the United States has invested billions of dollars in Einstein, a system designed to detect digital intrusions. But because the SolarWinds hack was a so-called ‘supply chain’ attack, in which Russia compromised a trusted tool rather than using known malware to break in, Einstein failed. in a spectacular way. The government cannot say it was not warned; a 2018 report from the Government Accountability Office recommended that agencies – and federal defense systems more broadly – take the supply chain threat more seriously.
This is a good question that will take a long time to answer. This week Microsoft has at least shared some early results: more than 40 of its customers have fallen victim to advanced compromises from Russia. (Microsoft itself was also hacked as part of the campaign.) Of those 40, nearly half were companies in the IT industry, while 18% were government targets. Eighty percent were based in the United States. It is not a comprehensive review of victims; there are probably many more of them than Microsoft has found so far. But it does at least give a glimpse into the geography and the category, which isn’t particularly heartwarming.
Don’t take our word for it for the seriousness of all this hacking. Read Tom Bossert’s New York Times editorial, in which the former homeland security adviser makes a compelling case that “the scale of this ongoing attack is difficult to overestimate” and demands a swift and decisive response in which “all elements of national power must be put on the table. (This is also a good time to mention that President Donald Trump hasn’t mentioned the SolarWinds hack at all, not once, not even a whisper. President-elect Joe Biden issued a statement, promising to ‘impose “substantial costs on those responsible for these malicious attacks.”)
More WIRED stories