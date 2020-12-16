Clear
BREAKING NEWS Weather blamed for fatal crash on I-70 Full Story

Why the US government hack is literally keeping security experts awake at night

The US government is reeling from multiple data breaches at top federal agencies, the result of a worldwide hacking campaign with possible ties to Russia.

Posted: Dec 16, 2020 10:40 AM
Updated: Dec 16, 2020 10:40 AM
Posted By: By Brian Fung, CNN Business

The US government is reeling from multiple data breaches at top federal agencies, the result of a worldwide hacking campaign with possible ties to Russia. Investigators are still trying to figure out how much of the government may have been affected and how badly it may have been compromised.

But what little we know has cybersecurity experts extremely worried — with some describing the attack as a literal wakeup call.

"I woke up in the middle of the night last night just sick to my stomach," said Theresa Payton, who served as White House Chief Information Officer under President George W. Bush. "On a scale of 1 to 10, I'm at a 9 — and it's not because of what I know; it's because of what we still don't know."

On Sunday evening, the Commerce Department acknowledged it had been hit by a data breach after Reuters first reported that sophisticated hackers compromised the agency through a third-party software vendor known as SolarWinds. While SolarWinds is not a household name, it works with many businesses and organizations that are.

Since then, more details have emerged suggesting a much wider pattern of compromise. As many as 18,000 SolarWinds customers — out of a total of 300,000 — may have been running software containing the vulnerability that allowed the hackers to penetrate the Commerce Department, the company disclosed in an investor filing this week.

Here's why the cyberattacks disclosed this week are keeping experts up at night — based on who was targeted, the suspected identities of the attackers and their playbook, according to analysts contacted by CNN Business and published security reports.

All federal agencies on alert

One reason the attack is so concerning is because of who may have been victimized by the spying campaign.

At least three US agencies have publicly confirmed they were compromised: The Department of Commerce, the Department of Homeland Security and the Agriculture Department.

But the range of potential victims is much, much larger, raising the troubling prospect that the US military, the White House or public health agencies responding to the pandemic may have been targeted by the foreign spying, too. The Justice Department, the National Security Agency and even the US Postal Service have all been cited by security experts as potentially vulnerable.

All federal civilian agencies have been told to review their systems in an emergency directive by DHS officials. It's only the fifth such directive to be issued by the Cybersecurity and Infrastructure Security Agency since it was created in 2015.

It isn't just the US government in the crosshairs: The elite cybersecurity firm FireEye, which itself was a victim of the attack, said companies across the broader economy were vulnerable to the spying, too. The software vulnerability that enabled the spying has been found in the tech and telecom industry, as well as at consulting firms and energy companies, according to FireEye.

Security experts say this is merely the beginning. In the coming days, we may learn that many more companies and agencies have been compromised than we initially suspected. And we still don't know what information may have been lost or stolen.

Extraordinarily skilled attackers

Another reason to worry is that the attackers appear to have been extraordinarily skilled and determined.

"The campaign demonstrates top-tier operational tradecraft and resourcing consistent with state-sponsored threat actors," FireEye said, adding that the breaches appear to date as far back as the spring. "Each of the attacks require meticulous planning and manual interaction."

Attributing any cyberattack is hard under the best of circumstances and even more challenging when a sophisticated actor works to cover their tracks, as these did. But US officials have tentatively said that the culprit may have links to Russia.

That agents of a foreign government may have been responsible for the breaches is a worrisome sign of not only the attackers' capabilities, but also their motives. These weren't opportunistic cybercriminals indiscriminately probing whatever targets they could find in hopes of extorting their victims for a quick payday. These were highly motivated attackers who selected each of their victims for a specific purpose that remains unknown.

"If you compromise somebody's network for 6 months, there's a lot of opportunity," said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, a security think tank. "It's an amazing coup for the Russians — really impressive."

An unusual and creative hack

A third reason for concern is the unusual and creative way the attackers carried out their operation: By disguising the initial attack within legitimate software updates issued by SolarWinds.

"SolarWinds is one of the most widely used and effective tools for network monitoring, including across federal networks and major corporations," said Jamie Barnett, a retired Navy rear admiral and senior vice president at the cybersecurity firm RigNet. "It takes a state-level cyberattack to get into the SolarWinds updates and patches."

By piggybacking on otherwise trusted software updates, the attackers cleverly took advantage of the normal and recommended best practice of keeping software up to date. Thousands of companies and government agencies could thus have been exposed simply for doing the right thing.

That's what's so scary: It's not clear what could have been done differently in this case, because the very process meant to reassure users that "this software can be trusted" was itself compromised.

Once inside a target, the attackers waited patiently until they collected enough data on authorized users to impersonate them, allowing the hackers to move through a victim's network undetected for months, according to an analysis by the cybersecurity firm CrowdStrike.

The degree of access the hackers enjoyed, as well as the length of time they were able to collect information, may wind up making this "a much worse cyberattack than the Office of Personnel Management breach" disclosed by the US government in 2015, said Barnett. That breach, attributed to Chinese-linked hackers, resulted in the theft of vast troves of personal data on millions of federal employees and security clearance applicants.

The rising frequency and intensity of state-sponsored hacking has some security cybersecurity leaders reiterating calls for a global treaty on cyberwarfare.

"We need a set of binding rules," Microsoft president Brad Smith said at an event Tuesday held by the Ronald Reagan Foundation and Institute. "And we need a commitment by the democracies of the world to hold authoritarian regimes accountable, so they keep their hands off of civilians in this time of peace when it comes to cyberspace."

Other experts are increasingly questioning the reliance of many businesses on just a handful of third-party vendors, and saying that perhaps society makes it a little too easy for data to be accessed or shared, particularly during a pandemic when working remotely is normal for countless individuals.

"It begs the question: 'In cybersecurity, do we have a 'too big to fail' situation? And did it happen right under our noses, while we were telling everybody to spend more, to tool up, to get products?" said Payton.

Related Content

Scroll for more content...
Terre Haute
Overcast
31° wxIcon
Hi: 37° Lo: 28°
Feels Like: 25°
Robinson
Overcast
30° wxIcon
Hi: 35° Lo: 26°
Feels Like: 25°
Indianapolis
Overcast
30° wxIcon
Hi: 36° Lo: 28°
Feels Like: 24°
Rockville
Broken Clouds
26° wxIcon
Hi: 36° Lo: 27°
Feels Like: 20°
Casey
Overcast
28° wxIcon
Hi: 35° Lo: 27°
Feels Like: 28°
Brazil
Overcast
31° wxIcon
Hi: 36° Lo: 27°
Feels Like: 25°
Marshall
Overcast
31° wxIcon
Hi: 36° Lo: 27°
Feels Like: 25°
A Little Light Snow
WTHI Planner
WTHI Temps
WTHI Radar

Most Popular Stories

Latest Video

Image

Wednesday: Some light snow possible, perhaps mixing with rain. Minor accumulation. High: 35°

Image

TH South West Vigo wrestling

Image

Evansville Memorial Vincennes Lincoln Girls

Image

Linton Clay City

Image

TH South Cloverdale

Image

Moore to the Story: Twitch and the pandemic

Image

Vincennes Levee project looks to wrap up by end of the year

Image

Scars and Stories Tattoo owner reacts to damage caused by devastating Wabash Avenue Fire

Image

Local law firm makes a donation to 14th and Chestnut

Image

Tuesday Late Forecast

WTHI Events

 

In Case You Missed It

${article.thumbnail.title}

Here's how you can get energy assistance help this winter

Image

VIDEO: Merom Bluff in the fall

${article.thumbnail.title}

Burn ban now in effect in Vigo county

${article.thumbnail.title}

McDonald's to offer free drinks to teachers next week

${article.thumbnail.title}

Researchers study jail populations during pandemic

${article.thumbnail.title}

Salvation Army to start a new monthly food drive

${article.thumbnail.title}

BOP resuming inmate visitation next month as cases climb at FCC

Image

Spiritual advisor says Keith Nelson is resigned to fact he will be executed Friday

Image

Reminder: Tax Day is July 15th

${article.thumbnail.title}

Terre Haute Children's Museum opens Thursday

Illinois Coronavirus Cases

(Widget updates once daily at 7 p.m. CT)

Cases: 863477

Reported Deaths: 15587
CountyCasesDeaths
Cook3580147458
DuPage55495912
Will46879685
Lake43764726
Kane37534543
Winnebago22182323
Madison18164337
McHenry16908185
St. Clair16706312
Champaign1256275
Sangamon12117148
Peoria11466167
McLean1025477
Rock Island9995203
Kankakee9945137
Tazewell8741146
LaSalle7542182
Kendall751666
Macon7398159
DeKalb598160
Adams555964
Vermilion506375
Boone457756
Williamson4483100
Whiteside4297150
Clinton397974
Coles383267
Ogle355255
Knox3476100
Effingham347445
Grundy346333
Henry332438
Jackson324645
Marion308690
Stephenson290748
Macoupin284048
Randolph283430
Livingston277950
Morgan272168
Franklin270140
Monroe262255
Bureau250863
Jefferson242966
Logan242139
Lee241259
Fayette241041
Woodford235840
Christian232252
Iroquois209242
Fulton190621
McDonough179845
Jersey167529
Shelby163131
Douglas162221
Montgomery150719
Perry148541
Lawrence145421
Union143029
Saline140532
Crawford138721
Bond135315
Cass134526
Warren133728
Jo Daviess125824
Carroll123028
Pike120835
Edgar115226
Hancock115020
Wayne113938
Clay110328
Moultrie110117
Richland109222
Ford102431
Greene102138
Washington101911
Clark101122
Mercer94620
Piatt9185
White88914
Johnson87812
Mason87032
Wabash86610
Cumberland81422
Jasper80413
Massac77616
De Witt76321
Menard6305
Marshall5097
Pulaski4972
Schuyler4944
Hamilton4848
Stark38910
Brown3888
Henderson3635
Calhoun3441
Edwards3214
Alexander3105
Putnam2950
Scott2851
Unassigned2740
Gallatin2494
Hardin1794
Pope1501
Out of IL190

Indiana Coronavirus Cases

(Widget updates once daily at 8 p.m. ET)

Cases: 434642

Reported Deaths: 6968
CountyCasesDeaths
Marion59531988
Lake35347533
Allen24421401
St. Joseph21913288
Elkhart20996282
Hamilton19517216
Vanderburgh12910171
Tippecanoe1270151
Porter10887117
Johnson9745197
Hendricks9190185
Vigo8002129
Madison7336144
Monroe707176
Clark696796
Delaware6624119
LaPorte6257116
Kosciusko600559
Howard543289
Bartholomew467873
Wayne4465122
Warrick433481
Floyd427385
Hancock417775
Grant413864
Marshall404961
Cass367336
Boone359356
Dubois346535
Morgan346157
Noble345351
Henry342246
Jackson327741
Dearborn315938
Shelby283568
Clinton265628
Lawrence262656
Gibson261447
DeKalb257342
Knox255733
Miami232922
Wabash232431
Adams230828
Montgomery228036
Steuben212716
Harrison211030
Jasper210125
Ripley206833
Whitley206517
Daviess202761
Huntington198618
Putnam196534
Fayette190841
White187424
LaGrange183840
Decatur180552
Jefferson174724
Wells169243
Randolph165828
Scott163031
Clay162229
Posey159024
Greene157355
Jennings142724
Sullivan142522
Jay138420
Starke132531
Fountain127019
Fulton118622
Washington116011
Spencer114910
Carroll107314
Owen104116
Perry102021
Parke10177
Franklin99728
Orange97028
Vermillion96421
Rush88910
Tipton86029
Blackford78120
Newton74318
Pike72123
Pulaski66424
Benton6353
Brown5528
Crawford4906
Martin4898
Switzerland3935
Warren3856
Union3752
Ohio3007
Unassigned0311