Tag: Russian

Categories
Business

Russian Marketing campaign Promotes Homegrown Vaccine and Undercuts Rivals

Russian Campaign Promotes Homegrown Vaccine and Undercuts Rivals

Intelligence officials in the United States noticed the first surge in Russia against Spanish-speaking communities in August when President Vladimir V. Putin announced that he had given Sputnik V approval. Since then, Russia’s campaign has intensified, said two intelligence officials, who spoke to the New York Times on condition of anonymity because they were not authorized to speak to reporters.

State Department officials described Russia’s campaign of influence as a combination of state-sponsored media in Russia, highlighting reports warning of the dangers of US vaccines and promoting reports enthusiastic about the Russian-made vaccine.

A report was distributed at the Foreign Ministry last month detailing Russia’s efforts, officials said. A department spokeswoman said Russia was trying to promote its own vaccine while trying to “sow suspicion of Western vaccines” in the US. The Foreign Ministry’s Global Engagement Center analyzed over 1,000 Russian-facing Twitter accounts and found that Spanish-language accounts showed the greatest engagement. Russia’s campaign, the spokeswoman said, “undermines collective global efforts to end the global pandemic.”

The campaign of influence in Mexico best understands the efforts of the branches with ties to the Kremlin. It was different from previous Russian disinformation campaigns that put false and misleading information online. As social media companies have become more aggressive to root out disinformation, Russian operations have focused on promoting selective news that bypasses the truth, rather than rejecting it.

The new approach has been particularly effective as the Spanish-language Twitter and Facebook accounts of Russia Today and Sputnik, two state-controlled media outlets, are consistently among the most influential in Latin America, First Draft researchers said. “They have cultivated a large audience and are consistently in the top 10 most shared stories or links,” Longoria said.

In a statement, Russia Today said: “The RT stories referenced form part of our coverage and have been reported by many other news outlets. Although The Times frames them as part of a “disinformation” campaign, it nowhere points to any errors, inaccuracies or falsehoods in these stories, thereby unduly affecting RT coverage. “Sputnik didn’t respond to a request for comment.

Categories
Politics

Blinken requires Russian launch of Alexei Navalny

Blinken calls for Russian release of Alexei Navalny

Russian opposition politician Alexei Navalny attends a rally marking the 5th anniversary of the murder of opposition politician Boris Nemtsov and protests against proposed changes to the country’s constitution on February 29, 2020 in Moscow, Russia.

Shamil Zhumatov | Reuters

WASHINGTON – Foreign Minister Anthony Blinken has condemned the Russian authorities’ “persistent use of tough tactics” against peaceful protesters who took to the streets across Russia on Sunday to demand the release of opposition leader Alexei Navalny.

For the second year in a row, tens of thousands gathered across the country to draw attention to Navalny, a loud critic of Russian President Vladimir Putin, who was arrested by authorities earlier this month.

According to a surveillance group, more than 4,500 people were arrested by the Russian authorities for participating in the protests.

“We again call on Russia to release those detained for the exercise of their human rights, including Aleksey Navalny,” Blinken wrote in a tweet.

Last year, Navalny was medically evacuated to Germany from a Russian hospital after falling ill after reports that something had been added to his tea. Russian doctors treating Navalny denied that the Kremlin critic had been poisoned, blaming his comatose condition for low blood sugar levels.

In September, the German government announced that the 44-year-old Russian dissident had been poisoned by a chemical agent on nerves and described the toxicological report as “clear evidence”. The nerve agent was in the Novichok family, which was developed by the Soviet Union.

The Kremlin has repeatedly denied having played a role in Navalny’s poisoning.

Earlier this month, Navalny flew from Berlin to Russia, where he had recovered for almost half a year since being poisoned last summer. He was arrested at passport control.

The Russian authorities had issued an arrest warrant for Navalny, alleging that he had violated the three and a half year suspended sentence he received in 2014 for embezzlement.

“Mr. Navalny should be released immediately, and the perpetrators of the outrageous attack on his life must be held accountable,” wrote Jake Sullivan, Biden’s national security adviser, on Twitter shortly after his arrest.

Last week Blinken expressed “deep concern” about the treatment of Navalny and the general human rights situation in Russia.

“It remains to be seen how concerned and perhaps even frightened the Russian government seems to be of a man, Mr. Navalny,” Blinken told reporters during a press conference on Wednesday.

Newly confirmed Secretary of State Antony Blinken speaks to reporters during his first press conference at the State Department in Washington on January 27, 2021.

Carlos Barria | Reuters

“As the President said, we are examining all these measures, which are of great concern to us, whether they are the treatment of Mr Navalny and, in particular, the obvious use of a chemical weapon in an attempt to assassinate him. ” “Added the nation’s top diplomat.

Blinken also said Wednesday that the Biden administration is investigating the hack on SolarWinds, reports of Russia’s bounties to American forces in Afghanistan, and possible election disruptions.

Biden previously vowed to “work with our allies and partners to hold the Putin regime accountable for its crimes”. He had previously accused the Trump administration of not representing Moscow strictly enough.

Categories
World News

Russian Court docket Orders Aleksei Navalny Saved in Jail

Russian Court Orders Aleksei Navalny Kept in Jail

“If they really wanted to, they would most likely have got it,” Putin said.

Despite the Kremlin sacking Mr Navalny and his supporters as part of As a misguided minority, the opposition leader has shown that he can attract the attention of millions of people in Russia.

Shortly after returning to Moscow, Mr Navalny’s team published an investigation describing a secret palace on the shores of the Black Sea allegedly built for Mr Putin and paid for by state-owned companies. Navalny’s ally Lyubov Sobol said the video version of the investigation was viewed by more than 100 million people on YouTube, with 70 percent viewing from Russia. On Monday, Mr Putin denied Mr Navalny’s allegations and called the video investigation “boring”.

While he was in prison, Mr. Navalny was dragged out of daily political life in his cell, said Olga Mikhailova, his lawyer. For example, he was unaware that several members of his team had been arrested and that his home had been ransacked by the police.

According to OVD-Info, an activist group tracking arrests during protests, Russian authorities arrested more than 4,000 people across the country last week in protests demanding the release of Mr Navalny. At least seven criminal cases against protesters have opened, Moscow police said in a statement, warning people not to participate in protests that have not been sanctioned.

When his supporters are under increasing pressure from the authorities and speak on the video link from prison on Thursday, Mr Navalny tries to lift their spirits.

“They are not and never will be masters of our country,” said Navalny, referring to Mr. Puting and his government. “Lots of people, tens of millions, agree with me,” he said. “And we will never allow these people to conquer and rob our country.”

Categories
Politics

As Understanding of Russian Hacking Grows, So Does Alarm

As Understanding of Russian Hacking Grows, So Does Alarm

On Election Day, General Paul M. Nakasone, the nation’s top cyberwarrior, reported that the battle against Russian interference in the presidential campaign had posted major successes and exposed the other side’s online weapons, tools and tradecraft.

“We’ve broadened our operations and feel very good where we’re at right now,” he told journalists.

Eight weeks later, General Nakasone and other American officials responsible for cybersecurity are now consumed by what they missed for at least nine months: a hacking, now believed to have affected upward of 250 federal agencies and businesses, that Russia aimed not at the election system but at the rest of the United States government and many large American corporations.

Three weeks after the intrusion came to light, American officials are still trying to understand whether what the Russians pulled off was simply an espionage operation inside the systems of the American bureaucracy or something more sinister, inserting “backdoor” access into government agencies, major corporations, the electric grid and laboratories developing and transporting new generations of nuclear weapons.

At a minimum it has set off alarms about the vulnerability of government and private sector networks in the United States to attack and raised questions about how and why the nation’s cyberdefenses failed so spectacularly.

Those questions have taken on particular urgency given that the breach was not detected by any of the government agencies that share responsibility for cyberdefense — the military’s Cyber Command and the National Security Agency, both of which are run by General Nakasone, and the Department of Homeland Security — but by a private cybersecurity company, FireEye.

“This is looking much, much worse than I first feared,” said Senator Mark Warner, Democrat of Virginia and the ranking member of the Senate Intelligence Committee. “The size of it keeps expanding. It’s clear the United States government missed it.”

“And if FireEye had not come forward,” he added, “I’m not sure we would be fully aware of it to this day.”

Interviews with key players investigating what intelligence agencies believe to be an operation by Russia’s S.V.R. intelligence service revealed these points:

  • The breach is far broader than first believed. Initial estimates were that Russia sent its probes only into a few dozen of the 18,000 government and private networks they gained access to when they inserted code into network management software made by a Texas company named SolarWinds. But as businesses like Amazon and Microsoft that provide cloud services dig deeper for evidence, it now appears Russia exploited multiple layers of the supply chain to gain access to as many as 250 networks.

  • The hackers managed their intrusion from servers inside the United States, exploiting legal prohibitions on the National Security Agency from engaging in domestic surveillance and eluding cyberdefenses deployed by the Department of Homeland Security.

  • “Early warning” sensors placed by Cyber Command and the National Security Agency deep inside foreign networks to detect brewing attacks clearly failed. There is also no indication yet that any human intelligence alerted the United States to the hacking.

  • The government’s emphasis on election defense, while critical in 2020, may have diverted resources and attention from long-brewing problems like protecting the “supply chain” of software. In the private sector, too, companies that were focused on election security, like FireEye and Microsoft, are now revealing that they were breached as part of the larger supply chain attack.

  • SolarWinds, the company that the hackers used as a conduit for their attacks, had a history of lackluster security for its products, making it an easy target, according to current and former employees and government investigators. Its chief executive, Kevin B. Thompson, who is leaving his job after 11 years, has sidestepped the question of whether his company should have detected the intrusion.

  • Some of the compromised SolarWinds software was engineered in Eastern Europe, and American investigators are now examining whether the incursion originated there, where Russian intelligence operatives are deeply rooted.

The intentions behind the attack remain shrouded. But with a new administration taking office in three weeks, some analysts say the Russians may be trying to shake Washington’s confidence in the security of its communications and demonstrate their cyberarsenal to gain leverage against President-elect Joseph R. Biden Jr. before nuclear arms talks.

“We still don’t know what Russia’s strategic objectives were,” said Suzanne Spaulding, who was the senior cyberofficial at the Homeland Security Department during the Obama administration. “But we should be concerned that part of this may go beyond reconnaissance. Their goal may be to put themselves in a position to have leverage over the new administration, like holding a gun to our head to deter us from acting to counter Putin.”

The U.S. government was clearly the main focus of the attack, with the Treasury Department, the State Department, the Commerce Department, the Energy Department and parts of the Pentagon among the agencies confirmed to have been infiltrated. (The Defense Department insists the attacks on its systems were unsuccessful, though it has offered no evidence.)

But the hacking also breached large numbers of corporations, many of which have yet to step forward. SolarWinds is believed to be one of several supply chain vendors Russia used in the hacking. Microsoft, which had tallied 40 victims as of Dec. 17, initially said that it had not been breached, only to discover this week that it had been — and that resellers of its software had been, too. A previously unreported assessment by Amazon’s intelligence team found the number of victims may have been five times greater, though officials warn some of those may be double counted.

Publicly, officials have said they do not believe the hackers from Russia’s S.V.R. pierced classified systems containing sensitive communications and plans. But privately, officials say they still do not have a clear picture of what might have been stolen.

They said they worried about delicate but unclassified data the hackers might have taken from victims like the Federal Energy Regulatory Commission, including Black Start, the detailed technical blueprints for how the United States plans to restore power in the event of a cataclysmic blackout.

The plans would give Russia a hit list of systems to target to keep power from being restored in an attack like the one it pulled off in Ukraine in 2015, shutting off power for six hours in the dead of winter. Moscow long ago implanted malware in the American electric grid, and the United States has done the same to Russia as a deterrent.

One main focus of the investigation so far has been SolarWinds, the company based in Austin whose software updates the hackers compromised.

But the cybersecurity arm of the Department of Homeland Security concluded the hackers worked through other channels, too. And last week, CrowdStrike, another security company, revealed that it was also targeted, unsuccessfully, by the same hackers, but through a company that resells Microsoft software.

Because resellers are often entrusted to set up clients’ software, they — like SolarWinds — have broad access to Microsoft customers’ networks. As a result, they can be an ideal Trojan horse for Russia’s hackers. Intelligence officials have expressed anger that Microsoft did not detect the attack earlier; the company, which said Thursday that the hackers viewed its source code, has not disclosed which of its products were affected or for how long hackers were inside its network.

“They targeted the weakest points in the supply chain and through our most trusted relationships,” said Glenn Chisholm, a founder of Obsidian Security.

Interviews with current and former employees of SolarWinds suggest it was slow to make security a priority, even as its software was adopted by America’s premier cybersecurity company and federal agencies.

Employees say that under Mr. Thompson, an accountant by training and a former chief financial officer, every part of the business was examined for cost savings and common security practices were eschewed because of their expense. His approach helped almost triple SolarWinds’ annual profit margins to more than $453 million in 2019 from $152 million in 2010.

But some of those measures may have put the company and its customers at greater risk for attack. SolarWinds moved much of its engineering to satellite offices in the Czech Republic, Poland and Belarus, where engineers had broad access to the Orion network management software that Russia’s agents compromised.

The company has said only that the manipulation of its software was the work of human hackers rather than of a computer program. It has not publicly addressed the possibility of an insider being involved in the breach.

None of the SolarWinds customers contacted by The New York Times in recent weeks were aware they were reliant on software that was maintained in Eastern Europe. Many said they did not even know they were using SolarWinds software until recently.

Even with its software installed throughout federal networks, employees said SolarWinds tacked on security only in 2017, under threat of penalty from a new European privacy law. Only then, employees say, did SolarWinds hire its first chief information officer and install a vice president of “security architecture.”

Ian Thornton-Trump, a former cybersecurity adviser at SolarWinds, said he warned management that year that unless it took a more proactive approach to its internal security, a cybersecurity episode would be “catastrophic.” After his basic recommendations were ignored, Mr. Thornton-Trump left the company.

SolarWinds declined to address questions about the adequacy of its security. In a statement, it said it was a “victim of a highly-sophisticated, complex and targeted cyberattack” and was collaborating closely with law enforcement, intelligence agencies and security experts to investigate.

But security experts note that it took days after the Russian attack was discovered before SolarWinds’ websites stopped offering clients compromised code.

Billions of dollars in cybersecurity budgets have flowed in recent years to offensive espionage and pre-emptive action programs, what General Nakasone calls the need to “defend forward” by hacking into adversaries’ networks to get an early look at their operations and to counteract them inside their own networks, before they can attack, if required.

But that approach, while hailed as a long-overdue strategy to pre-empt attacks, missed the Russian breach.

By staging their attacks from servers inside the United States, in some cases using computers in the same town or city as their victims, according to FireEye, the Russians took advantage of limits on the National Security Agency’s authority. Congress has not given the agency or homeland security any authority to enter or defend private sector networks. It was on these networks that S.V.R. operatives were less careful, leaving clues about their intrusions that FireEye was ultimately able to find.

By inserting themselves into the SolarWinds’ Orion update and using custom tools, they also avoided tripping the alarms of the “Einstein” detection system that homeland security deployed across government agencies to catch known malware, and the so-called C.D.M. program that was explicitly devised to alert agencies to suspicious activity.

Some intelligence officials are questioning whether the government was so focused on election interference that it created openings elsewhere.

Intelligence agencies concluded months ago that Russia had determined it could not infiltrate enough election systems to affect the outcome of elections, and instead shifted its attention to deflecting ransomware attacks that could disenfranchise voters, and influence operations aimed at sowing discord, stoking doubt about the system’s integrity and changing voters’ minds.

The SolarWinds hacking, which began as early as October 2019, and the intrusion into Microsoft’s resellers, gave Russia a chance to attack the most vulnerable, least defended networks across multiple federal agencies.

General Nakasone declined to be interviewed. But a spokesman for the National Security Agency, Charles K. Stadtlander, said: “We don’t consider this as an ‘either/or’ trade-off. The actions, insights and new frameworks constructed during election security efforts have broad positive impacts for the cybersecurity posture of the nation and the U.S. government.”

In fact, the United States appears to have succeeded in persuading Russia that an attack aimed at changing votes would prompt a costly retaliation. But as the scale of the intrusion comes into focus, it is clear the American government failed to convince Russia there would be a comparable consequence to executing a broad hacking on federal government and corporate networks.

Intelligence officials say it could be months, years even, before they have a full understanding of the hacking.

Since the extraction of a top Kremlin informant in 2017, the C.I.A.’s knowledge of Russian operations has been diminished. And the S.V.R. has remained one of the world’s most capable intelligence services by avoiding electronic communications that could expose its secrets to the National Security Agency, intelligence officials say.

The best assessments of the S.V.R. have come from the Dutch. In 2014, hackers working for the Dutch General Intelligence and Security Service pierced the computers used by the group, watching them for at least a year, and at one point catching them on camera.

It was the Dutch who helped alert the White House and State Department to an S.V.R. hacking of their systems in 2014 and 2015, and last month, they caught and expelled from the Netherlands two S.V.R. operatives accused of infiltrating technology companies there. While the group is not known to be destructive, it is notoriously difficult to evict from computer systems it has infiltrated.

When the S.V.R. broke into the unclassified systems at the State Department and White House, Richard Ledgett, then the deputy director of the National Security Agency, said the agency engaged in the digital equivalent of “hand-to-hand combat.” At one point, the S.V.R. gained access to the NetWitness Investigator tool that investigators use to uproot Russian back doors, manipulating it in such a way that the hackers continued to evade detection.

Investigators said they would assume they had kicked out the S.V.R., only to discover the group had crawled in through another door.

Some security experts said that ridding so many sprawling federal agencies of the S.V.R. may be futile and that the only way forward may be to shut systems down and start anew. Others said doing so in the middle of a pandemic would be prohibitively expensive and time-consuming, and the new administration would have to work to identify and contain every compromised system before it could calibrate a response.

“The S.V.R. is deliberate, they are sophisticated, and they don’t have the same legal restraints as we do here in the West,” said Adam Darrah, a former government intelligence analyst who is now director of intelligence at Vigilante, a security firm.

Sanctions, indictments and other measures, he added, have failed to deter the S.V.R., which has shown it can adapt quickly.

“They are watching us very closely right now,” Mr. Darrah said. “And they will pivot accordingly.”

Categories
Business

Microsoft Says Russian Hackers Considered A few of Its Supply Code

Microsoft Says Russian Hackers Viewed Some of Its Source Code

Microsoft said Thursday that the far-reaching Russian hack by US government agencies and private companies had penetrated its network further than the company had previously understood.

While the hackers, who presumably work for the Russian secret service SVR, apparently did not use Microsoft’s systems to attack other victims, they were able to view the Microsoft source code through an employee account.

Microsoft said the hackers couldn’t get into email or their products and services, and that they couldn’t change the source code displayed. No information was given on how long hackers had been on the networks or what source code of the products was displayed. Microsoft originally said it was not injured in the attack.

“Our investigation of our own environment has revealed no evidence of access to manufacturing services or customer data,” the company said in a blog post. “The ongoing investigation also found no evidence that our systems were used to attack others.”

The hack, which may still be ongoing, appears to have started as early as October 2019. At the time, hackers breached SolarWinds, a Texan company that provides technology monitoring services to government agencies and 425 of the Fortune 500 companies. The compromised software was then used to break into the Commerce, Treasury, State and Energy departments, along with FireEye, a leading cybersecurity company that first exposed the breach last month.

Investigators are still trying to understand what the hackers stole, and active investigations suggest that the attack is more widespread than originally thought. Last week, CrowdStrike, a FireEye competitor, announced that it had been unsuccessfully attacked by the same attackers. In this case, the hackers used Microsoft resellers, companies that sell software on Microsoft’s behalf, to try to gain access to their systems.

The Department of Homeland Security has confirmed that SolarWinds was just one of several ways the Russians attacked American agencies, tech and cybersecurity companies.

President Trump has publicly suggested that China, not Russia, may have been the culprit behind the hack – a finding that has been denied by Secretary of State Mike Pompeo and other senior members of the administration. Mr Trump has also privately referred to the attack as a “joke”.

President-elect Joseph R. Biden Jr. has accused Mr. Trump of downplaying the hack, saying his administration will not be able to trust the software and networks that federal agencies rely on to do business.

Ron Klain, Mr Biden’s chief of staff, said the administration was planning a response beyond sanctions.

Economy & Economy

Updated

Dec. Dec. 23, 2020 at 8:59 p.m. ET

“Those responsible will have consequences,” Klain told CBS last week. “It’s not just sanctions. There are also steps and things we could do to reduce the ability of foreign actors to repeat this type of attack or, worse, carry out more dangerous attacks. “

Security experts said the scope of the hack cannot be fully known yet. SolarWinds has announced that its compromised software has found its way onto 18,000 networks of its customers. While SolarWinds, Microsoft, and FireEye believe the number of actual casualties could be limited to dozens, ongoing research suggests the number could be much larger.

“This hack is far worse and more powerful than we realize today,” said Dmitri Alperovitch, chairman of the Silverado Policy Accelerator and former chief technology officer at CrowdStrike. “We should be prepared for the fact that many more shoes will fall in the coming months.”

American officials are still trying to understand whether the hack was traditional espionage, similar to what the National Security Agency does with foreign networks, or whether the Russians built so-called backdoors into systems at government agencies, large corporations, the power grid, and the United States have nuclear weapons labs for future attacks.

Officials believe the hack stopped on unclassified systems but are concerned about sensitive unclassified data that the hackers may have obtained.

Microsoft said Thursday that its investigation found unusual activity on a small number of employee accounts. It was then found that one was used to display “a number of source code repositories”.

“The account did not have permission to change any code or technical systems, and our investigation also confirmed that no changes were made,” the company said on its blog post.

Unlike many technology companies, Microsoft does not rely on the secrecy of its source code to keep its products safe. Employees can easily view the source code, and the risk models assume that attackers can access it immediately, which suggests that the consequences of the breach could be limited.

Some government officials have been frustrated that Microsoft, which for a private company may have the largest window into global cyber activity, did not recognize the government and alerted them to the hack sooner. Federal agencies and intelligence agencies learned of the SolarWinds breach from FireEye.

Brad Smith, president of Microsoft, said the hack was a government failure to share threat intelligence intelligence between government agencies and the private sector. In a December interview, he called the hack a “moment of reckoning”.

“How will our government react to this?” Asked Mr. Smith. “It feels like the nation has lost sight of the lessons of September 11th. Twenty years after something terrible happened, people forget what they need to do to be successful. “

Categories
Business

Treasury Division’s Senior Leaders Have been Focused by Russian Hacking

Treasury Department’s Senior Leaders Were Targeted by Russian Hacking

But on Monday there was no public statement attributing the hacking to Russia, possibly reflecting Mr Trump’s reluctance to confront Moscow on the matter and the doubts he has expressed about the gravity of the attack.

According to a senior administrative official, the meeting should “take stock of the information, investigations and actions taken to remediate the attack.” There was no preparation in this description to impose costs on the attacker. Mr Trump did not attend the meeting.

Both President-elect Joseph R. Biden Jr. and his new Chief of Staff Ron Klain have stated in recent days that the post-tenure response would go beyond sanctions to undermine the aggressor’s abilities. But he is likely to find that the government’s response options are limited for fear of escalation.

The list of attendees at the meeting was noteworthy as it gave clues as to which parts of the government may have been affected. White House officials said Treasury Secretary Steven Mnuchin, Secretary of Commerce Wilbur Ross, Acting Homeland Security Secretary Chad F. Wolf and Secretary of Energy Dan Brouillette were in attendance. All of these agencies have previously been identified as targets of hacking by news organizations.

John Ratcliffe, Director of National Intelligence, attended the meeting; likewise Gina Haspel, the CIA director, and General Paul M. Nakasone, the director of the National Security Agency and commander of the United States Cyber ​​Command. Secretary of State Mike Pompeo, who became the first senior civil servant to recognize that Russia was the most likely source of the attack before it was undercut by Mr Trump, did not attend. His deputy Stephen E. Biegun stood up for him.

General Nakasone, a veteran cyber warrior responsible for defending the national security systems, has been silent since the hacking was exposed. It was extremely embarrassing for the NSA and Cyber ​​Command that a private company, FireEye, was the first to alert the government that it had been hacked.

According to the details released by Wyden, after using the SolarWinds software update to break into Treasury’s systems, the Russian hackers performed a complex step in the Microsoft Office 365 system to create an encrypted “token” that identifies a computer for the larger network.

Categories
Politics

Billions Spent on U.S. Cyberdefenses Didn’t Detect Large Russian Hack

Billions Spent on U.S. Cyberdefenses Failed to Detect Giant Russian Hack

He urged the government to downgrade what it knows and what it doesn’t.

On Wednesday morning, Illinois Democrat Senator Richard J. Durbin called the Russian cyberattack “practically a declaration of war”.

So far, however, President Trump has not said anything, perhaps knowing that his term is beginning to end, with questions about what he knew about Russian cyber operations and when. The National Security Agency has largely remained silent and has hidden behind the classification of the secret services. Even the Cybersecurity and Infrastructure Security Agency, the group within the Department of Homeland Security tasked with defending critical networks, picked up the Russian mega-hack in a noticeably quiet manner.

Mr Blumenthal’s message on Twitter was the first official confirmation that Russia was behind the intrusion.

Trump administration officials have confirmed that several federal agencies – the State Department, the Department of Homeland Security, parts of the Pentagon, and the Treasury Department and the Department of Commerce – have been compromised. Investigators struggled to determine the extent to which the military, intelligence services and nuclear laboratories were affected.

The same questions are asked at many Fortune 500 companies that use the Orion network management tool, made by SolarWinds, based in Austin, Texas. The Los Alamos National Laboratory, which develops nuclear weapons, uses it, as does large defense companies.

“How is that not a massive secret service failure, especially since we were supposedly all Russian threat actors before the elections,” asked Robert Knake, a senior cyber officer in the Obama administration, on Twitter on Wednesday. “Did the NSA fall into a huge honey pot while the SVR” – Russia’s most sophisticated spy agency – “quietly plundered” the government and private industry?

Of course, even after placing its probes and beacons on networks around the world, the NSA is barely all-seeing. But if there is a larger investigation – and it’s hard to see how to avoid it – the responsibilities of the agency, led by General Paul M. Nakasone, one of the country’s most skilled cyber warriors, will be paramount.

Categories
World News

Russian Hackers Broke Into Federal Companies, U.S. Officers Suspect

Russian Hackers Broke Into Federal Agencies, U.S. Officials Suspect

According to investigators, the global campaign included the hackers who put their code into regular updates to software used by a company called SolarWinds to manage networks. Its products are widely used on corporate and federal networks, and the malware has been carefully minimized to avoid detection.

The Austin, Texas-based company says it has more than 300,000 customers, including most of the country’s Fortune 500 companies. However, it is unclear how many of them are using the Orion platform that the Russian hackers infiltrated or if they were all targets.

If the Russia connection is confirmed, it will be the subtlest known theft of American government data by Moscow since a two-year rampage in 2014 and 2015 that gave Russian intelligence agencies access to the unclassified email systems at the White House State Department and the joint chiefs of staff. It took years to undo the damage, but President Barack Obama decided at the time not to name the Russians as the perpetrators – a move many in his administration now see as a mistake.

Encouraged, the same group of hackers penetrated the systems of the Democratic National Committee and top officials in Hillary Clinton’s campaign, sparking investigations and fears that permeated both the 2016 and 2020 competitions. Another, more disruptive Russian intelligence agency, the GRU, is believed to be responsible for posting the hacked emails to the DNC

“There seems to be a lot of casualties to this campaign, both in government and in the private sector,” said Dmitri Alperovitch, chairman of Silverado Policy Accelerator, a geopolitical think tank that co-founded CrowdStrike, a cybersecurity company four years ago that helped Find Russians in the systems of the Democratic National Committee. “No different from what we saw from this actor in 2014-2015 when he ran a massive campaign and successfully compromised numerous victims.”

Russia was one of several countries that also hacked American research institutions and pharmaceutical companies. That summer, Symantec Corporation warned that a Russian ransomware group was taking advantage of the sudden change in American work habits caused by the pandemic and injecting code into corporate networks at unprecedented speeds and breadth.

According to private sector investigators, the attacks on FireEye resulted in a wider hunt to find out where else the Russian hackers would have been able to infiltrate both federal and private networks. According to official sources, FireEye provided the NSA and Microsoft with some critical pieces of computer code that were looking for similar attacks on federal systems. That led to the emergency warning last week.