I Was the Homeland Security Adviser to Trump. We’re Being Hacked.
As Moderna’s vaccine joins the Pfizer one to have received approval in the US building up the good news in the run up to the holidays, the major negative story breaking in the world of geo-politics is the massive hack on networks of both public and private organisations across the world, ranging from the US nuclear weapons agency to 425 of the Fortune 500 companies including Microsoft. In this rather alarmist piece, Trump’s Homeland Security Adviser, Thomas Bossert, helps us understand the issue in grave detail before categorically accusing a Russian state agency for the malicious attack and calling for a concerted effort by the Trump and the incoming Biden administration to defend.
“At the worst possible time, when the United States is at its most vulnerable — during a presidential transition and a devastating public health crisis — the networks of the federal government and much of corporate America are compromised by a foreign nation. We need to understand the scale and significance of what is happening.
Last week, the cybersecurity firm FireEye said it had been hacked and that its clients, which include the United States government, had been placed at risk. This week, we learned that SolarWinds, a publicly traded company that provides software to tens of thousands of government and corporate customers, was also hacked.
The attackers gained access to SolarWinds software before updates of that software were made available to its customers. Unsuspecting customers then downloaded a corrupted version of the software, which included a hidden back door that gave hackers access to the victim’s network.
This is what is called a supply-chain attack, meaning the pathway into the target networks relies on access to a supplier. Supply-chain attacks require significant resources and sometimes years to execute. They are almost always the product of a nation-state. Evidence in the SolarWinds attack points to the Russian intelligence agency known as the S.V.R., whose tradecraft is among the most advanced in the world.
…The magnitude of this ongoing attack is hard to overstate.
The Russians have had access to a considerable number of important and sensitive networks for six to nine months. The Russian S.V.R. will surely have used its access to further exploit and gain administrative control over the networks it considered priority targets. For those targets, the hackers will have long ago moved past their entry point, covered their tracks and gained what experts call “persistent access,” meaning the ability to infiltrate and control networks in a way that is hard to detect or remove.
While the Russians did not have the time to gain complete control over every network they hacked, they most certainly did gain it over hundreds of them. It will take years to know for certain which networks the Russians control and which ones they just occupy.”