In mid-December, the United States Treasury and Department of Defense reported an attack-of-unknown-magnitude on their servers and data centers.
As the news broke early one morning, the hack seemed to be one of America’s largest on record. It touched sensitive information in the Treasury Department concerning citizens’ information as well as public policy deliberations. However, by the day’s end, the scope of the cyber-attack had grown massively.
The US Intelligence services quickly attributed the attack to a division of Russia’s intelligence service, dubbed Cozy Bear.
PATTERN OF INTRUSION
“Cozy Bear” has been amongst the most active hacking divisions in the world. They have been active over the last eight years with successful infiltrations of American government servers in 2016 at the Democratic National Convention as well as several incursions into White House servers all throughout President Obama’s tenure.
This hack, however, was particularly damaging, as the reach and potential for compromise is still unknown.
The Russian hacking group was able to infiltrate the US government, seemingly at large, through the private energy firm, SolarWind, which it used as a vessel. SolarWind holds several large contracts with the US Government, particularly with the Defense Department. On the morning of December 14th, the news was broken about SolarWind having been compromised. The company revealed that they had their software infected with Russian malware.
rampant virus, not contained
This corrupted update was uploaded onto the devices of over eighteen thousand private and public sector clients. Within an hour of the initial news break, the outreach of the attack had begun to grow exponentially. Even more disconcerting, is the fact that while President Trump has called the hack, “under control”. In reality, neither SolarWind, the Defense Department nor the Intelligence Agencies have reported that the virus has been contained and expunged from the infected computers.
MORE THAN EVER IMAGINED
Microsoft has been part of the task force that is seeking to defend and end the threat of this cyberattack. But here has been little good news. Rather, industry leaders have sounded the alarm that this hack has had a greater impact than anyone in the government and news services seem to understand. To them, Russian now has control and information on a massive segment of the cyber-activity of major US government agencies as well as information on some 400 of America’s Fortune 500 companies.
SolarWind also had foreign clients such as the governments of Belgium, Spain, Israel and the United Kingdom. Although, to the public, cyber-threats are commonly referred to the potential for identity theft, credit card fraud or perhaps even ransomware. In this case, the Russian hackers not only have the potential to commit all of those existential cyber crimes, but they now hold the blueprints to the entire cyber-makeup of the US government and economy.
Further simplified, the Russians have full knowledge of how American firms protect themselves from such attacks. So, as the US grapples with the size of this attack, its success and incredibly deep penetration have left the US almost entirely defenseless against further cyber-incursions.
The President’s reaction has been similar to that of previous cyber-attacks conducted by the Russians. Most notably, the Russian interference in the 2016 election in a series of acts that sought to promote Donald Trump and win him the office.
Trump’s reaction to these facts was three-fold. First, he minimized the effect of the attacks. Then, he went on to question the integrity and findings of his own intelligence agencies. Finally, he doubted whether it was indeed Russia at the helm of the attacks, opting to believe the word of Russian President Vladimir Putin.
president’s little-to-no response
It must be noted that the intelligence chiefs and officers –who conclusively argued that these attacks were widespread and wholly financed and enacted by the Russians– were each appointed by the Trump Administration. They therefore are not the ‘deep state’ or ‘angry democrats’ he so often claims them to be. That said, the attack prompted little-to-no response by the President. He only stopped to shrug his shoulders and claim that the attack was small, under control and not necessarily from Russia.
Cyber security analysts have been appalled by the President’s handling of the largest hack in American history. Of late, however, the news cycle surrounding the President has been so action-packed, to say the least, that what defense specialists see as the greatest threat to American security and economy barely earns an ounce of attention by the government.
Biden inherits the mess
This leaves President-elect Joe Biden with a significant mess to clean up. On the heels of an infection that touched every corner of the US Government, from Commerce to the Pentagon, the clean-up will be massive. Fortunately, cyber-security and countering Russian aggression has been on the President-elect’s agenda since inception. Biden has given firm warnings against foreign nations meddling in American cyber-space and elections and has mentioned that ‘all options’ are on the table in retaliation for such attacks.
Thus, in January, when the President will be sworn in, there is little doubt that his first national security briefings will concern this issue. Whether it means the reconstruction of American cyber defenses, or a more active and aggressive US cyber retaliation is to be seen. Either way, it can be said with relative certainty the incoming president will act. He will not ignore, minimize and deflect the greatest cyber threat and attack in American –if not world– history.
About the Article
Reflection on the ongoing threat of damage inflicted by the insidious Russian cyber hack of U.S. agencies.