The Associated Press has learned that suspicious Russian hackers can access the email accounts belonging to the head of the Trump administration’s Department of Homeland Security, as well as the email accounts of cybersecurity personnel in the department, whose work includes hunting threats from abroad.
At that time, the intelligence value of the hacking of the current secretary Chad Wolf and his staff has not yet been made public, but its symbolic meaning is clear. Their accounts were accessed as part of the so-called SolarWinds invasion, which raised the question of how the US government can protect its individuals, companies, and institutions if it cannot protect itself.
For many security experts and federal officials, the short answer is: it is impossible-at least some major changes will be required.
Ohio Senator Rob Portman, the top Republican on the Senate Committee on Homeland Security and Government Affairs, said: “The SolarWinds hack is a victory for our foreign adversaries and a failure for the Department of Homeland Security.” “We are talking about the Department of Homeland Security’s The jewel in the crown.”
The Biden administration tried to strictly limit the scope of the SolarWinds attack when weighing the retaliatory measures taken against Russia. But the Associated Press’s inquiry revealed new details about the violations of the Department of Homeland Security and other agencies (including the Department of Energy), where the hackers visited the schedules of senior officials.
The Associated Press interviewed more than a dozen current and former US government officials. They declined to be named because the ongoing investigation into the hacking incident is confidential.
In particular, the Department of Homeland Security’s vulnerabilities exacerbated concerns after the SolarWinds attack and the broader hacking attack affecting the Microsoft Exchange email program, especially because in both cases these hackers were not detected by the government but by private companies. of.
In December of last year, officials discovered what they described as a massive, months-long cyber espionage campaign, mainly through hackers attacking a widely used software from SolarWinds Inc. in Texas. At least nine federal agencies and dozens of private sector companies have been hacked.
The US authorities said that this violation appeared to be the work of Russian hackers. General Paul Nakazon, who leads the Pentagon’s cyber forces, said last week that the Biden administration is considering a “series of options” in response. Russia denied any role in this hacking operation.
Since then, a series of fascinating hacking incidents have further highlighted the loopholes in the U.S. public and private sectors. Hackers tried to poison the water supply of a small town in Florida in February, but were unsuccessful. This month, a new vulnerability was announced, involving thousands of Microsoft Exchange email servers, which the company said was implemented by Chinese national hackers. China denied participating in Microsoft’s violations.
Virginia Democratic Senator and head of the Senate Intelligence Committee, Mark Warner, said the government’s initial response to the discovery of the SolarWinds hack was unique.
Warner said at a recent cybersecurity conference: “I am shocked that the length of time we have been in the dark varies.”
Wolf and other senior officials of the Department of Homeland Security used new cell phones that had been cleaned up and the popular encrypted messaging system Signal to communicate within a few days of the hacking.
A former government official confirmed that the Federal Aviation Administration was one of the agencies affected by this vulnerability. He said that the agency’s response was blocked by outdated technology and worked hard to determine how many servers to run SolarWinds software.
The FAA initially told the Associated Press in mid-February that it was not affected by the SolarWinds hack, and only issued a second statement a few days later, stating that it is still investigating.
In addition to Wolfe, at least one other cabinet member was affected. A former high-ranking official said that hackers were able to obtain the schedule of officials from the Department of Energy, including the then secretary Dan Brouillette. The timetable is not confidential and is subject to public records laws.
Department of Energy spokesman Kevin Liao said: “No evidence has been found that the network that maintains the schedule of senior officials has been compromised.”
The new disclosures provide a more comprehensive description of what kind of data the SolarWinds hackers used. Several congressional hearings have been held on this issue, but the details are obviously insufficient.
Pat Fallon, a representative of R-Texas, said at a hearing that the DHS secretary’s email had been hacked, but did not provide other details. The Associated Press was able to identify Wolf. Wolf declined to comment, saying only that he had multiple e-mail accounts as a secretary.
Sarah Peck, a spokesperson for the Department of Homeland Security, said that “a small number of employees’ accounts have been attacked” and that the agency “no longer sees signs of damage to our network”.
The Biden administration has promised to issue an executive order soon to address “the federal government’s major gap in modernization and cybersecurity technology.” However, the list of obstacles facing the federal government is long: powerful foreign hackers are supported by the government, These governments are not afraid of US retaliation, outdated technology, lack of well-trained cybersecurity professionals, and complex leadership and supervision structures.
The recently approved stimulus package includes new funding of US$650 million for the Cyber Security and Infrastructure Security Agency to strengthen the country’s cyber defense capabilities. Federal officials say this is only an advance payment for larger program expenditures used to improve threat detection.
The head of the cybersecurity agency, Brandon Wales, said at a recent House Committee hearing: “We must improve our game.”
The agency operates a threat detection system called Einstein. It was shocked by officials that it failed to discover the SolarWinds vulnerability before a private security company discovered the vulnerability. Eric Goldstein, the agency’s executive assistant director for cybersecurity, told Congress that Einstein’s technology was designed ten years ago and was “obsolete.”
Anthony Ferrante, the former director of the National Security Council responsible for cyber incident response and the current senior managing director of FTI Consulting, said that part of the problem is the lack of skilled labor, whether it is the government or the private sector.
A private company also discovered a Microsoft Exchange hacker that has not yet affected any federal government agency.
One problem that plagues decision makers is that foreign hackers are increasingly using US-based virtual private networks (VPNs) to evade detection by US intelligence agencies, which legally limits the monitoring of domestic infrastructure. Officials recently stated that SolarWinds hackers used Amazon Web Services and GoDaddy’s hosting services to evade detection.
The Biden administration does not intend to strengthen the government’s surveillance of the US Internet in response. Instead, it hopes to focus on establishing closer partnerships and improving information sharing with private companies that are already well-known on the domestic Internet.
Responsibilities for responding to violations, preventing new violations, and monitoring these efforts remain undetermined. Last month, the leader of the Senate Intelligence Committee initially criticized the Biden administration for the “unorganized response” of the White House administration to the SolarWinds hack. The statement clarified its leadership structure.
The Biden government asked Anne Neuberger, deputy national security adviser for cyber and emergency technology, to respond to SolarWinds and Microsoft’s violations. It did not appoint the director of the national network, nor did it appoint a new position, which frustrated some members of Congress.
Maine Independent Senator Angus King said: “We are trying to wage a multi-line war without anyone in charge.
The Biden administration said it is reviewing how best to create new positions. White House spokesperson Emily Horne said: “Cybersecurity is the top priority.”
PS5 vs Xbox Series X: Which is the best “next generation” game console in India? We discussed this on the weekly technical podcast Orbital, you can subscribe via Apple Podcast, Google Podcast or RSS, download the episode, or click the play button below.