Russian hack’s sophistication impresses even the experts


“This is classic espionage,” said Thomas Rid, a political science professor at the Johns Hopkins School of Advanced International Studies who specializes in cybersecurity issues. “It’s done in a highly sophisticated way. … But this is a stealthy operation.”

The impact may ultimately prove to be profound. SolarWinds, the maker of widely used network-management software that the Russians manipulated to enable their intrusions, reported in a federal filing Monday that “fewer than 18,000” of its customers may have been impacted. That’s a small slice of the company’s more than 300,000 customers worldwide, including the Pentagon and the White House, but still represents a large number of important networks worldwide. (Russia has denied any role in the attacks.)

FireEye, in a blog post explaining the nature of the attack on Sunday, described the victims as including “government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East. We anticipate there are additional victims in other countries and verticals.”

In the U.S. government, the known targets included the Treasury, Commerce and Homeland Security departments, and the impact is likely to be far broader, given the wide use of network tools by SolarWinds, which is based in Austin.

But the potentially good news is that quiet attackers tend to prioritize surreptitious entrances and exits, while avoiding wholesale ransacking of computer systems that could tip off defenders. Quiet hackers typically are more focused on covering their tracks than simply backing up a digital truck and taking everything they can.

The potential bad news, however, is that quiet attacks can be effective at gathering highly specific, sensitive information over the course of months or even years. While the details of what was taken and from whom are not yet public — the agencies and companies themselves may not even know for a while — the Russian operation dates at least as far back as March and was described as active as recently as Sunday.

That nine-month stretch included, to name just a few of the most important events that would have created copious computer files interesting to…

Source…