Biden administration sets the stage for retaliation against Russia over SolarWinds, election interference: report

Biden
President Joe Biden

  • The Biden administration finished an intelligence report on alleged Russian meddling, Bloomberg reported.
  • The review could lead to retaliatory action against Russia over the SolarWinds hack and election interference, according to the report.
  • Last month, Biden announced sanctions against Russian officials over the treatment of Putin critic Alexei Navalny.
  • See more stories on Insider’s business page.

The Biden administration completed an intelligence review of alleged Russian meddling in the SolarWinds cybersecurity attack and interference in US elections, Bloomberg reported Wednesday.

The review could set the stage for possible retaliatory actions like enacting sanctions or expulsion of Russian intel officers in the US, three people familiar with the matter told Bloomberg.

Now that the intelligence review is complete, the US could respond by “singling out people close to Russian President Vladimir Putin as well as agencies linked to election interference,” Bloomberg reported.

In January, a joint US intelligence task force issued a rare initial public statement to the SolarWinds hack that it was “likely Russian in nature,” Insider’s Azmi Haroun reported.

Last month, a declassified report from the Office of the Director of National Intelligence said Russia was among the countries that authorized covert influence operations aimed at altering the outcome of the 2020 election, which ended up being unsuccessful, according to Insider’s Sonam Sheth.

Representatives from the White House did not immediately respond to Insider’s request for comment. A spokesperson for the State Department declined to comment.

White House Press Secretary Jen Psaki confirmed the review in a press briefing on January 21, saying it was intended “to hold Russia to account for its reckless and adversarial actions.”

“And to this end, the President is also issuing a tasking to the intelligence community for its full assessment of the SolarWinds cyber breach, Russian interference in the 2020 election, its use of chemical weapons against opposition leader Alexei Navalny, and the alleged bounties on US soldiers in Afghanistan,” Psaki said during the press briefing.

The news of the review comes after President Joe Biden announced sanctions against Russian officials last month over the arrest and alleged poisoning of Putin critic Alexei Navalny, but has not yet acted upon the other three areas Psaki mentioned in January.

Read the original article on Business Insider

The US Senate is grilling Microsoft and SolarWinds over last year’s historic cyberattack

SolarWinds
SolarWinds Corp. banner hangs at the New York Stock Exchange (NYSE) on the IPO day of the company in New York.

  • US Senators are questioning the tech firms involved in last year’s sweeping cyberattack.
  • SolarWinds, Microsoft, FireEye, and CrowdStrike are all testifying in the Tuesday hearing, which you can livestream below.
  • Hackers installed malware into SolarWinds’ software, which was then distributed to the firm’s clients.
  • Visit the Business section of Insider for more stories.

The US Senate is questioning the chief exeutives of SolarWinds and other tech firms in a hearing Tuesday after unknown attackers, with suspected links to Russia, infiltrated the company’s software last year, compromising thousands of organizations including major federal agencies.

SolarWinds is joined in the hearing by FireEye, the cybersecurity firm that first discovered the malware in December, as well as Microsoft, whose president, Brad Smith, is present at the proceedings. CrowdStrike CEO George Kurtz will also testify; his cybersecurity firm was apparently able to stave off the hackers.

The cyberattack began in March of last year and went undetected for months. SolarWinds told the SEC that about 18,000 of its 300,000 clients were targeted in the attack. High-level government data was left exposed – the Trump administration confirmed in December that hackers had indeed infiltrated key networks, including the US Treasury and the Commerce Department. 

Read more: Why the impact of the unprecedented SolarWinds hack that hit federal agencies is ‘gargantuan’ and could hurt thousands of companies, according to cybersecurity experts

Fortune 500 companies – including Microsoft, AT&T, and McDonald’s – were among SolarWinds’ vulnerable customer base. Microsoft has said its products, including its Office 365 suite and Azure cloud, were not used in the hack, but they were targeted, with the attackers making off with some of its source code. And FireEye researchers say the hackers appear to be able to send emails and access calendars on Microsoft’s 365 suite.

Read more: Microsoft said its software and tools were not used ‘in any way’ in the SolarWinds attacks. New findings suggest a more complicated role

The White House has said it may respond to the SolarWinds hacks in a matter of weeks, which could include sanctions against the Russian government.

As Insider reported, Tuesday’s hearing will be a pivotal moment in the relationship between the US government and the cybersecurity world, namely how the industry can help federal officials stave off nation-state attacks in the future.

You can watch the live stream below. Follow along here for live updates from the hearing.

Chairman Mark Warner said the committee invited Amazon to attend the hearing but the company declined

Sen. Warner kicked off the hearing and noted that Amazon declined the Senate’s invitation to testify in Tuesday’s hearing. Sen. Marco Rubio also touched on the company’s lack of participation and said, “it would be most helpful in the future if they actually attended these hearings.” Amazon did not immediately respond to Insider’s request for comment.

Microsoft president Brad Smith said the attack’s full scope is still unfolding

In his opening statement, Smith said there’s much that we still don’t know regarding the extent of the cyberattack and that there must be reform to the relationship between Silicon Valley’s cybersecurity arm and the federal government. He also said he believes that Russia is behind the attack.

FireEye CEO Kevin Mandia used his opening statement to declare the attack as behind “exceptionally hard to detect” and also later said that this was a planned hack. “The question is where’s the next one? And where are we going to find it?” Mandia said.  

Microsoft’s Smith believes all the evidence points to Russia

Smith said earlier that “at this stage we’ve seen substantial evidence that points to the Russian foreign embassy and we’ve seen no evidence that points to anyone else.”

Mandia and CrowdStrike CEO George Kurtz agreed that the attacker was a nation-state actor. However, neither confirmed who they thought was exactly behind it. Mandia did say that his company analyzed forensics and found that it’s “most consistent with espionage and behaviors we’ve seen out of Russia.”

Read the original article on Business Insider

A Biden official says the White House’s response to the SolarWinds attack may come within weeks

biden vaccine
President Joe Biden

  • The Biden administration may respond to SolarWinds attack within weeks.
  • National security advisor Jake Sullivan said the administration is considering new sanctions. 
  • You “will be hearing about this in short order,” Sullivan said on CNN on Friday.
  • Visit the Business section of Insider for more stories.

The White House may respond to the SolarWinds hacks within weeks, a senior administration official said on CNN

Jake Sullivan, national security advisor, told CNN’s Christiane Amanpour that President Joe Biden’s administration may respond “weeks from now.” Sullivan said it would consider new sanctions, as one of a “broad range of responses.” 

SolarWinds, an IT firm providing software to the US government, was the target of a massive cybersecurity attack discovered late last year. The breach, which included systems at the US Treasury Dept. and Homeland Security, had gone undetected for months. 

In January, a joint US intelligence task force issued a statement saying the hack was “likely Russian in nature.”

“We believe we can go further than that,” Sullivan said on Friday.

He added: “We are in the process of working through, with the intelligence community, and his national security team, a series of steps to respond to SolarWinds, including steps that will hold who we believe is responsible for this accountable, and you will be hearing about this in short order.”

On Wednesday, Anne Neuberger, deputy national security advisor for cyber and emerging technology, said the US intelligence community is still “looking at who is responsible,” but that it was likely of Russian origin. 

She said at least nine federal agencies and 100 private companies were compromised. She added that the response might be “several months” away, a longer timeline than Sullivan gave. 

“The hackers launched the hack from inside the United States, which further made it difficult for the US government to observe their activity. Even within federal networks, a culture and authorities inhibit visibility, which is something we need to address,” said Neuberger in the White House Briefing Room.  

The government’s response so far has focused on removing the hackers, improving cybersecurity, and considering how to respond, she said. 

Read the original article on Business Insider

Cybersecurity firm Malwarebytes was hacked by ‘Dark Halo,’ the same group that breached SolarWinds last year

computer hack cybercrime
  • SolarWinds hackers attacked cybersecurity firm Malwarebytes, ZDNet reported. 
  • The company’s software remains “safe to use,” the CEO said.
  • Malwarebytes adds to a growing list of firms attacked by the SolarWinds hackers.
  • Visit Business Insider’s homepage for more stories.

The same group that breached IT software company SolarWinds last year has hacked cybersecurity firm Malwarebytes, ZDNet reported, adding to the growing list of major security firms targeted by the group.

Malwarebytes said hackers used a weakness in the Azure Active Directory and malicious Office 365 applications to breach the company’s internal systems, according to ZDNet. The company said the situation was not related to the SolarWinds’ breach, as Malwarebytes doesn’t use any of their systems. 

The SolarWinds hack last year was a “supply chain attack” that led to breaches at US government agencies and other businesses. SolarWinds, FireEye, Microsoft, CrowdStrike and now Malwarebytes have all been targeted by UNC2452/Dark Halo, a group US agencies have said the Russian government is behind. 

Read more: Top federal cybersecurity experts explain why the SolarWinds cyberattack is such a big deal – and why it’s too soon to declare cyberwar

Malwarebytes was not immediately available for Insider’s request for comment.

Malwarebytes learned of the breach on December 15 from the Microsoft Security Response Center and has since investigated the matter. The company’s CEO Marcin Kleczynski told ZDNet the hacker only gained access to a limited subset of internal company emails and added that the “software remains safe to use.”

Read the original article on Business Insider

Here’s a simple explanation of how the massive SolarWinds hack happened and why it’s such a big deal

SolarWinds
SolarWinds Corp. banner hangs at the New York Stock Exchange (NYSE) on the IPO day of the company in New York.

  • SolarWinds is a major IT firm that provides software for entities ranging from Fortune 500 companies to the US government. 
  • Reuters first reported that SolarWinds was the subject of a massive cybersecurity attack that spread to the company’s clients. 
  • The breach went undetected for months, and could have exposed data in the highest reaches of  government, including the US military and the White House.
  • Here’s a simple explanation of what happened and why it’s important. 

SolarWinds, a major US information technology firm, was the subject of a cyberattack that spread to its clients and went undetected for months, Reuters first reported last week. Foreign hackers, who some top US officials believe are from Russia, were able to use the hack to spy on private companies like the elite cybersecurity firm FireEye and the upper echelons of the US Government, including the Department of Homeland Security and Treasury Department. 

Here’s a simple explanation of how the massive breach happened, and why it matters. 

An unusual hack

Earlier this year, hackers secretly broke into Texas-based SolarWind’s systems and added malicious code into the company’s software system. The system, called “Orion,” is widely used by companies to manage IT resources. Solarwinds has 33,000 customers that use Orion, according to SEC documents

Most software providers regularly send out updates to their systems, whether it’s fixing a bug or adding new features. SolarWinds is no exception. Beginning as early as March, SolarWinds unwittingly sent out software updates to its customers that included the hacked code. 

The code created a backdoor to customer’s information technology systems, which hackers then used to install even more malware that helped them spy on companies and organizations. 

Read more: How hackers breached IT company SolarWinds and staged an unprecedented attack that left US government agencies vulnerable for 9 months

The victims

SolarWinds told the SEC that up to 18,000 of its customers installed updates that left them vulnerable to hackers. Since SolarWinds has many high profile clients, including Fortune 500 companies and multiple agencies in the US government, the breach could be massive.

US agencies, including parts of the Pentagon, the Department of Homeland Security, the State Department, the Department of Energy, the National Nuclear Security Administration, and the Treasury were attacked. So were private companies, like Microsoft, Cisco, Intel, and Deloitte, and other organizations like the California Department of State Hospitals, and Kent State University, the Wall Street Journal reported

And since the hack was done so stealthily, and went undetected for months, security experts say that some victims may never know if they were hacked or not, the Wall Street Journal reported

At the Treasury Department, hackers broke into dozens of email accounts and networks in the Departmental Offices of the Treasury, “home to the department’s highest-ranking officials,”  Senator Ron Wyden said. The IRS hasn’t found any evidence of being compromised, he added. Treasury Secretary Steven Mnuchin said on CNBC that the hackers have only accessed unclassified information, but the department is still investigating the extent of the breach.  

Read more: Former US cybersecurity chief Chris Krebs says officials are still tracking ‘scope’ of the SolarWinds hack

Who did it?

Federal investigators and cybersecurity experts say that Russia’s Foreign Intelligence Service, known as the SVR, is probably responsible for the attack. Russian intelligence was also credited with breaking into the email servers in the White House, the State Department, and the Joint Chiefs of Staff in 2014 and 2015. Later, the same group attacked the Democratic National Committee and members of the Hilary Clinton presidential campaign.

Russia has denied any involvement with the breach and President Trump has suggested, without evidence, that Chinese hackers may be the culprits.

Why it matters

Now that multiple networks have been penetrated, it’s expensive and very difficult to secure systems. Tom Bossert, President Trump’s former homeland security officer, said that it could be years before the networks are secure again. With access to government networks, hackers could, “destroy or alter data, and impersonate legitimate people,” Bossert wrote in an Op-Ed for the New York Times

Not only is the breach one of the largest in recent memory, but it also comes as a wake-up call for federal cybersecurity efforts. The US Cyber Command, which receives billions of dollars in funding and is tasked with protecting American networks, was “blindsided” by the attack, the New York Times reported.   Instead, a private cybersecurity firm called FireEye was the first to notice the breach when it noticed that its own systems were hacked. 

Finally, the hack could accelerate broad changes in the cybersecurity industry. Companies are turning to a new method of assuming that there are already breaches, rather than merely reacting to attacks after they are found, Business Insider previously reported. And the US government may reorganize its cybersecurity efforts by making the Cyber Command independent from National Security Agency, the Associated Press reported

Read more: Op-Ed: The fallout from the SolarWinds hack that infiltrated the US Treasury and Homeland Security will get worse before it gets better

Read the original article on Business Insider

Former US cybersecurity chief Chris Krebs says officials are still tracking ‘scope’ of the SolarWinds hack

Chris Krebs
Christopher C. Krebs, former director of the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency speaks before the Senate Judiciary Committee on May 14, 2019 in Washington, DC.

  • Chris Krebs, the former head of the Cybersecurity and Infrastructure Security Agency, said on Sunday the massive SolarWinds cybersecurity attack appears to be linked to Russia.
  • “Everything I’ve heard, whether it’s from private sector cybersecurity threat and intelligence experts, things I have heard out of Congress – it’s Russia,” Krebs said on CNN’s “State of The Union” Sunday.
  • Krebs warned that the scale of the cybersecurity breach was “probably more broad” than the hacking of SolarWinds, but said he would “be very careful about escalating” when asked if the US should retaliate.
  • Visit Business Insider’s homepage for more stories.

Chris Krebs, former head of the Cybersecurity and Infrastructure Security Agency, said the massive SolarWinds cybersecurity attack appears to be linked to Russia, but the US should be cautious in its response. 

Cybersecurity researchers said last week that from as early as March, hackers compromised software company SolarWinds’ system to spy on its clients, Business Insider’s Aaron Holmes previously reported. The company’s customers include key government agencies such as the White House, the Pentagon, and the US Treasury Department.

“Everything I’ve heard, whether it’s from private sector cybersecurity threat and intelligence experts, things I have heard out of Congress – it’s Russia,” Krebs said on CNN’s “State of The Union” on Sunday. “They’re exceptionally good at this.”

Secretary of State Mike Pompeo said on Friday that “we can say pretty clearly that it was the Russians that engaged in this activity,” and as The Washington Post reported, others familiar with the matter have attributed the cybersecurity attacks to Russia as well. However, President Donald Trump on Saturday contradicted these statements and in a series of tweets, suggesting “the possibility that it may be China,” Business Insider’s John Dorman reported.

Krebs said the US is “just getting our arms around the scope of this cyber-compromise,” and the scale of this breach is “probably more broad” than SolarWinds.

He also doubled down that the culprit behind the attacks was Russia, adding: “the Russian intelligence service, the SVR, they’re really the best of the best out there.”

However, when pressed by host Jake Tapper about whether the US should retaliate against Russia, Krebs cautioned he would “be very careful about escalating this.”

“I think there needs to be a conversation globally, internationally across like-minded countries about what is acceptable,” he added.

Krebs was fired from his role as the head of CISA last month not long after he publicly pushed back against Trump’s baseless claims of voter fraud in the election, Business Insider’s Sonam Sheth reported.

Read the original article on Business Insider

Former US cybersecurity chief Chris Krebs warned not to ‘conflate’ voting system security with SolarWinds hack despite Trump’s claim

GettyImages 1143764852
Christopher Krebs, former director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, during a Senate Judiciary Committee hearing on May 14, 2019.

  • Former top US cybersecurity official Chris Krebs warned on Twitter Saturday not to “conflate” the security of the US voting system with the massive SolarWinds cyberattack.
  • “The proof is in the paper,” Krebs tweeted, later adding that you “can’t hack paper.”
  • Krebs’ warning came shortly after President Donald Trump tweeted there could also have been “a hit on our ridiculous voting machines during the election.”
  • Trump also suggested that China could be behind the cyber attack and not Russia, which experts and Secretary of State Mike Pompeo have said is likely the culprit.
  • News surfaced earlier this month that the IT firm SolarWinds suffered a hack when bad actors launched malware in the company’s software, which was later distributed to some of its 300,000 clients. Microsft and AT&T are among its customer base.
  • Visit Business Insider’s homepage for more stories.

Ousted US cybersecurity official Chris Krebs warned on Twitter Saturday not to confuse voting system security with the massive SolarWinds hack.

“Do not conflate voting system security and SolarWinds,” tweeted Krebs, who served as US Cybersecurity and Infrastructure Security Agency Director until late November. “The proof is in the paper. You can audit or recount again to confirm the outcome. Like they did in Georgia. And Michigan. And Wisconsin. And Arizona. Can’t hack paper.” 

The tweet was posted shortly after Trump posted on Twitter suggesting that the cyber attack could be behind what he and other Republicans are peddling as election fraud and faulty voting systems.

“There could also have been a hit on our ridiculous voting machines during the election, which is now obvious that I won big, making it an even more corrupted embarrassment for the USA,” Trump tweeted. Twitter placed a warning label on the tweet, which read: “Election officials have certified Joe Biden as the winner of the U.S. Presidential Election.”

Presidential electors in all 50 states confirmed on Monday that Joe Biden indeed earned over 270 Electoral College votes, confirming that he won the 2020 election and will be the next president of the United States.

 

In his tweet, Trump also accused the media of overblowing the cybersecurity hack and questioned if it was China that was behind it instead of Russia. Experts have said the hackers likely were located in Russia, and Secretary of State Mike Pompeo said Friday that officials can “say pretty clearly” that Russians were involved.

Trump fired Krebs in late November after the cybersecurity official said there was “no manipulation of the vote on the machine-count side,” even after states like Georgia recounted votes by hand.

“The proof is in the ballots,” Krebs said on a “60 Minutes” segment. “The recounts are consistent with the initial count.”

News surfaced in early December that IT company SolarWinds suffered an attack that has been confirmed to have infiltrated US government agencies. The hackers were able to spy on companies and federal agencies since March, when they secretly launched malware in software that was handed out to some of the firm’s 300,000 clients. It’s unclear which of the firm’s clients were affected, but its customer base includes big industry names like Microsoft and AT&T.

The Trump administration acknowledged that the hackers gained access to official networks, and the Department of Homeland Security and the State Department are also victims of the attack.

Security researchers are now working to identify weak points in SolarWinds’ security system that could have enabled the hack. One researcher told Reuters that he warned the company in 2019 that its “solarwinds123” password for its server could be accessed by anyone.

“This could have been done by any attacker, easily,” researcher Vinoth Kumar told the outlet.

Read the original article on Business Insider

Mike Pompeo says Russia was ‘pretty clearly’ behind the massive SolarWinds cyberattack that compromised US national security

Mike Pompeo
US Secretary of State Mike Pompeo speaks during a briefing at the State Department in Washington DC on November 10, 2020.

  • Secretary of State Mike Pompeo has claimed Russia is behind the massive SolarWinds cyberattack that targeted several US government agencies earlier this year.
  • “We can say pretty clearly that it was the Russians that engaged in this activity,” Pompeo said on the “Mark Levin Show” on Friday night.
  • SolarWinds said that at least 18,000 of its customers had been affected by the hack, including cybersecurity company FireEye and the Pentagon.
  • President Trump has not yet commented on the attack. President-elect Joe Biden said this week that he would make cyber-security a “top priority” of his administration.
  • Visit Business Insider’s homepage for more stories.

Russia was “pretty clearly” behind a massive SolarWinds cyberattack that targeted several US government agencies, Secretary of State Mike Pompeo said on Friday.

Speaking on the “Mark Levin Show”, Pompeo said there was “a significant effort to use a piece of third-party software to essentially embed code inside US government systems,” according to the BBC.

“We can say pretty clearly that it was the Russians that engaged in this activity,” Pompeo said, NBC reported. “I can’t say much more as we’re still unpacking precisely what it is, and I’m sure some of it will remain classified.”

“This was a very significant effort, and I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity,” he added.

The massive national security breach, which targeted software made by firm SolarWinds, was discovered last week but had been going on for months.

SolarWinds said that at least 18,000 of its customers downloaded the software update containing the malicious code that enabled the hackers to infiltrate internal systems.

Among those who were targeted were cybersecurity company FireEye, tech giant Microsoft, the Pentagon, and the Department of Homeland Security.

An office within the Department of Energy, which manages nuclear weapons, was also targeted although officials said that the arsenal’s security had not been compromised.

Cybersecurity experts say it could take some of those organizations years to figure out the extent of the cyberattack and what data, if any, was actually stolen.

President Trump has not yet commented on the attack.

President-elect Joe Biden, who will be inaugurated on January 20, vowed this week that he would make cyber-security a “top priority” of his administration. 

“We will elevate cybersecurity as an imperative across the government, further strengthen partnerships with the private sector, and expand our investment in the infrastructure and people we need to defend against malicious cyberattacks,” he said on Thursday.

Read the original article on Business Insider

Here’s a list of the US agencies and companies that were reportedly hacked in the suspected Russian cyberattack

hacker person keyboard cyber security
The full extent of the attack is not yet known.

  • Thousands of companies and US government agencies were at risk of being spied on for months following a sweeping cyberattack reportedly carried out by Russian hackers.
  • The full extent of the attack is not yet known, but the list of victims is said to include the Department of Homeland Security and the Pentagon, among others.
  •  Read below for a list of the government agencies and firms that have reportedly been breached.
  • Visit Business Insider’s homepage for more stories.

A massive cyber attack reportedly executed by a Russian intelligence agency put thousands of companies and US government agencies at risk of being spied on or having data stolen for up to nine months.

The software firm SolarWinds was breached earlier this year when hackers broke into its system and inserted malicious code into one of its software platforms. Customers who updated their software from March to June added the malware to their networks, giving the hackers a backdoor into their systems.

SolarWinds has hundreds of thousands of clients across the globe, including government agencies and most Fortune 500 companies. The company said up to 18,000 of its customers downloaded the software update that contained the malicious code.

Investigating the extent of the cyberattacks may take years, but some organizations have already emerged as compromised, meaning the hackers had potential access to their networks. But it will take long-term investigations for some firms and agencies to determine what data, if any, were stolen or manipulated.

Here’s a list of the major US agencies and firms that were reportedly breached:

Department of State

The State Department is among the US agencies said to have been breached, The Washington Post first reported. Russians had also hacked into part of the department’s system in 2014.

Department of Homeland Security

Reuters first reported the breach at the Department of Homeland security, the agency responsible for cybersecurity, border security, and, recently, the distribution of the coronavirus vaccine. The department’s Cybersecurity and Infrastructure Security Agency also oversaw the secure presidential election last month.

National Institutes of Health

The Post also reported the National Institutes of Health, housed in the Department of Health and Human Services, was also compromised. Reports emerged in the summer that the SVR, a Russian intelligence agency, had targeted the COVID-19 vaccine research.

The Pentagon

Parts of the Pentagon, the headquarters of the Department of Defense, were breached, an unnamed US official reportedly told The New York Times. The official said the extent of the attack was unknown.

Department of Energy

Politico reported the Energy Department, including its National Nuclear Security Administration, was subject to the cyber attack. In a statement, a spokesperson said the breach was “isolated to business networks only,” and did not impact national security functions of the department, which includes managing the nuclear weapons stockpile.

Department of the Treasury

The Treasury Department, which manages national finances, was among the first confirmed breaches of the federal government, Reuters reported. Hackers were reportedly spying on internal emails, but the extent of the attack is still unknown.

Department of Commerce

The Commerce Department was also one of the first agencies to have confirmed a breach. Sources told Reuters hackers also appeared to be spying on department emails.

State and local governments

Sources told Bloomberg that up to three state governments were hit by the attack, though they did not name which states. The Intercept reported that the network of the city of Austin, Texas was also breached.

Microsoft

Microsoft confirmed Thursday it was compromised in the cyberattack. Reuters initially reported the breach may have made the tech giant’s customers vulnerable, but Microsoft denied this. The company said there is no evidence its products or customer data were targeted.

FireEye

FireEye, one of the world’s leading cybersecurity firms, announced on December 8 that its systems had been hacked by a nation-state, marking the first discovery of the sweeping cyberattack.

Read the original article on Business Insider

Members of Congress ‘left with more questions than answers’ after classified briefing about SolarWinds, saying administration ‘unwilling to share the full scope of the breach’

SolarWinds
SolarWinds Corp banner hangs at the New York Stock Exchange (NYSE) on the IPO day of the company in New York, U.S., October 19, 2018

  • Lawmakers heard from the Department of Homeland Security, the Federal Bureau of Investigation, and the Office of the Director of National Intelligence in a classified meeting today regarding the SolarWinds hack.
  • A statement issued afterwards said that, “Administration officials were unwilling to share the full scope of the breach and identities of the victims.”
  • President Trump has largely stayed silent in what is being analyzed as one of the most sophisticated hacks targeting the US government in history.
  • Visit Business Insider’s homepage for more stories.

In a classified meeting on Friday, lawmakers from the House Homeland Security and Oversight Committees received a briefing on the known extent of the mass hacking campaign against the US government.

Lawmakers heard from the Department of Homeland Security, the Federal Bureau of Investigation, and the Office of the Director of National Intelligence.

In a statement issued afterward, the committees’ chairs said that after hearing from the Trump Administration, “we are left with more questions than answers.” The statement added that “Even in the midst of an unprecedented cyberattack with far-reaching implications for our national security, Administration officials were unwilling to share the full scope of the breach and identities of the victims.”

The committees stressed the severity of the hack and called for the administration to give Congress a fuller picture. The statement said that the US government’s network defenses “do not match the constantly evolving capabilities of our adversaries,” adding that the committees need “the Administration to tell Congress what resources and authorities they need to ensure this does not happen again.” 

The committees’ chairs called on the agencies to deliver an in-person briefing on Capitol Hill as soon as possible. 

After leaving the briefing, the House Subcommittee on National Security Chairman Stephen Lynch, told reporters, “this hack was so big in scope that even our cybersecurity experts don’t have a real sense yet in terms of the breadth of the inclusion itself.” Lynch added that “there are as many as 18,000 individual entities, both private and government, that have been compromised,” and that vetting would take time.

A Republican member of the House Oversight and Reform Committee, Rep. Bob Gibbs, told reporters, “I’m not too impressed with the confidence of our cybersecurity people.”

House Committee on Oversight and Reform member Rep. Jamie Raskin, a Democrat, said, “There’s a lot more that we don’t know than what we do know. I’m hopeful the government will learn exactly how this was perpetrated on us and what is the full scope of the damage.”

Others shared their disappointment and mounting concern.

House Homeland Security Committee Chairman Bennie Thompson said, “It was telephonic and it just didn’t give us what we wanted. They offered to come next week. We said next week? Are you serious? We’ll invite them back tomorrow.”

House Oversight Committee Chairwoman Carolyn Maloney told reporters, “I am shocked. National security is the number one challenge and responsibility to protect our people. Every agency is compromised…It is serious. It is deep.” 

The hack took place over the course of months via IT management software SolarWinds, which monitors servers in order to prevent outages. Hackers reportedly entered the system via patch updates made by SolarWinds in March and June. Over the last few weeks, virtually every US agency, including Defense, Treasury, Commerce, State, Energy, and the National Institutes of Health were targeted in the supply chain attack.

President Donald Trump has largely stayed silent in what is being analyzed as one of the most sophisticated hacks targeting the US government in history.

Read the original article on Business Insider