Tag Archive for: russian

Cyberattack on U.S. government is just part of a vast and ignored Russian threat

/in


ANALYSIS/OPINION:

Russia’s recent mass-scale cyber intelligence operation, targeting multiple government agencies, corporations and think tanks, was a catastrophic event.

The Russians compromised vital U.S. infrastructure, defense and technology industries, and critical government agencies, such as the Departments of Homeland Security, Defense, State, Energy and Treasury. The attackers exhibited highly sophisticated tradecraft, exceptional operational stealth, and extreme patience and determination. 

What very few Americans realize is that this is but a single page out of Russian President Vladimir Putin’s war plan for defeating America. The success of this operation resulted from a failure to recognize the systemic Russian threat to the United States and treat it with the seriousness it requires. While the American leadership class is focused on the long-range threat from China and fantasies about Mr. Putin deputizing President Trump as a secret agent, the present and ongoing danger from the Kremlin is frighteningly minimized.

A close reading of unclassified, often highly technical, Russian-language sources has convinced me that Russia expects eventual war with the United States and is preparing for it. 

Source…

Microsoft says suspected Russian hackers viewed source code

/in


(Bloomberg) — Microsoft Corp. said the suspected Russian hackers behind the stunning breach of numerous U.S. government agencies also accessed the company’s internal source code, although no customer data or services were compromised.

“We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories,” Microsoft said Thursday in a blog post that updated its continuing investigation of the attack. “The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made.”

A Microsoft spokesperson declined to say which source code the hackers viewed. Source code shows how computer programs work and is used to build products. Gaining access to such code could have given the hackers valuable insight into how they might exploit programs or evade detection. Microsoft said its security philosophy, or “threat model,” anticipates that its source code will be viewed, and that defenses are built with that in mind.

Microsoft had previously said it, too, had received a malicious update of software from information technology provider SolarWinds Corp. that was used to breach government agencies and companies around the world. The details of the campaign are still largely unknown, including how many organizations were victimized and what was taken by the hackers. Bloomberg News reported in December that investigators have determined at least 200 organizations were attacked as part of the campaign.

Microsoft said the hackers didn’t use the SolarWinds update to reach the internal account, but declined to elaborate on exactly how the attackers gained access. The company also didn’t specify in the blog post which code repositories were accessed, nor how long the hackers were inside the company’s network, but reiterated that there is no indication its systems were used to attack others.

“This activity has not put at risk the security of our services or any customer data, but we want to be transparent and share what we’re learning as we combat what we believe is a very sophisticated nation-state…

Source…

Opinion | Russian hacking attack shows a major flaw

/in


The apparent Russian hack of thousands of computer systems, including those of major government agencies and major corporations, represents a serious threat to our nation’s security. It seems obvious now that it was foolish to have so many entities dependent on software produced by one company, SolarWinds. Once some skillful intruder is able to get entry into this software, as the Russians apparently did by piggybacking on updates to the software, everyone who uses the software is vulnerable to the attack.

Source…

Former Government Cybersecurity Head Blames Russian Intelligence For Massive Hack

/in


Christopher Krebs, the former top cybersecurity official in the U.S., says Russia is to blame for a massive breach that’s affected the State Department, the Pentagon, the Treasury Department, the Department of Homeland Security and other departments and agencies.

“I understand it is, in fact, the Russians,” Krebs told Steve Inskeep on Morning Edition.

“It’s the Russian SVR, which is their foreign intelligence service. They are really the best of the best out there. They’re a top flight cyber intelligence team, and they used some very sophisticated techniques to really find the seams in our cyberdefenses here in the United States and seem to be quite successful in penetrating some very sensitive places.”

Determining blame for cyberattacks is complex. The agency Krebs led until November, the Cybersecurity and Infrastructure Security Agency, described the hackers as “patient, well-resourced, and focused,” but did not blame any one entity.

But Krebs joins Secretary of State Mike Pompeo, Attorney General William Barr, and lawmakers including Sens. Jim Inhofe, R-Okla., Jack Reed, D-R.I., and Mitt Romney, R-Utah, in pointing toward Russia as the culprit.

President Trump has instead suggested China could be behind the hack.

Trump fired Krebs in November after Krebs said the November election was secure and free of interference.

Krebs talked with NPR about how the hack happened, if it’s an “attack” or “espionage,” and how the U.S. should respond. Here are excerpts:

When I think about Internet security as a layman, I’m aware that one of the easiest ways to get at me would be … that I’m offered some update that’s not an update or asked to click on a link that’s not really what it purports to be. Does it surprise you that the government was caught in this rather straightforward way?

I actually would maybe characterize it a little bit differently in that the majority of attacks these days or cyber compromises are getting someone to click on a link via an email or open an attachment. And that’s really attempting to come in through the front door.

This is a little bit different in that it is a supply chain compromise and they’re exploiting trusted relationships between the government in…

Source…