What's new

Pompeo blames Russia for ‘significant’ cyber attack on US government agencies, companies

User

FULL MEMBER
Joined
Dec 12, 2020
Messages
619
Reaction score
0
Country
United States
Location
United States


Issued on: 19/12/2020 - 07:16



US Secretary of State Mike Pompeo speaking to the media in Washington, D.C., on November 24, 2020. © Saul Loeb, REUTERS


Russia was "pretty clearly" behind a devastating cyber attack on several US government agencies that also hit targets worldwide, Secretary of State Mike Pompeo said.

Microsoft said late Thursday that it had notified more than 40 customers hit by the malware, which security experts say could allow attackers unfettered network access to key government systems and electric power grids and other utilities.

"There was a significant effort to use a piece of third-party software to essentially embed code inside of US government systems," Pompeo told The Mark Levin Show on Friday.

"This was a very significant effort, and I think it's the case that now we can say pretty clearly that it was the Russians that engaged in this activity."

Roughly 80 percent of the affected customers are located in the United States, Microsoft president Brad Smith said in a blog post, with victims also found in Belgium, Britain, Canada, Israel, Mexico, Spain and the United Arab Emirates.

"It's certain that the number and location of victims will keep growing," Smith said, echoing concerns voiced this week by US officials on the serious threat from the attack.

"This is not 'espionage as usual,' even in the digital age," Smith said.

"Instead, it represents an act of recklessness that created a serious technological vulnerability for the United States and the world."

John Dickson of the security firm Denim Group said many private sector companies which could be vulnerable were scrambling to shore up security, even to the point of considering rebuilding servers and other equipment.

"Everyone is in damage assessment now because it's so big," Dickson said. "It's a severe body blow to confidence both in government and critical infrastructure."

The threat comes from a long-running attack which is believed to have injected malware into computer networks using enterprise management network software made by the Texas-based IT company SolarWinds, with the hallmarks of a nation-state attack.

James Lewis, vice president at the Center for Strategic and International Studies, said the attack may end up being the worst to hit the United States, eclipsing the 2014 hack of US government personnel records in a suspected Chinese infiltration.

"The scale is daunting. We don't know what has been taken so that is one of the tasks for forensics," Lewis said.

"We also don't know what's been left behind. The normal practice is to leave something behind so they can get back in, in the future."


National Security Agency (NSA) warning

The National Security Agency called for increased vigilance to prevent unauthorized access to key military and civilian systems.

Analysts have said the attacks pose threats to national security by infiltrating key government systems, while also creating risks for controls of key infrastructure systems such as electric power grids and other utilities.

The US Cybersecurity and Infrastructure Security Agency (CISA) said government agencies, critical infrastructure entities, and private sector organizations had been targeted by what it called an "advanced persistent threat actor."

CISA did not identify who was behind the malware attack, but private security companies pointed a finger at hackers linked to the Russian government.

Pompeo had also suggested Moscow's involvement on Monday, saying the Russian government had made repeated attempts to breach US government networks.

President-elect Joe Biden expressed "great concern" over the computer breach while Republican Senator Mitt Romney blamed Russia and slammed what he called "inexcusable silence" from the White House.

Romney likened the cyber attack to a situation in which "Russian bombers have been repeatedly flying undetected over our entire country."

CISA said the computer intrusions began at least as early as March this year, and the actor behind them had "demonstrated patience, operational security and complex tradecraft."

"This threat poses a grave risk," CISA said Thursday, adding that it "expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations."

Hackers reportedly installed malware on software used by the US Treasury Department and the Commerce Department, allowing them to view internal email traffic.

The Department of Energy, which manages the country's nuclear arsenal, confirmed it had also been hit by the malware but had disconnected affected systems from its network.

"At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission essential national security functions of the department, including the National Nuclear Security Administration," said agency spokeswoman Shaylyn Hynes.

SolarWinds said up to 18,000 customers, including government agencies and Fortune 500 companies, had downloaded compromised software updates, allowing hackers to spy on email exchanges.

Russia has denied involvement.


(AFP)
 

Issued on: 19/12/2020 - 20:00

ezgif.com-gif-maker.jpg

US President Donald Trump looks on during a ceremony presenting the Presidential Medal of Freedom to wrestler Dan Gable in the Oval Office of the White House in Washington, DC on December 7, 2020 SAUL LOEB AFP

Contradicting his secretary of state and other top officials, President Donald Trump on Saturday suggested without evidence that China — not Russia — may be behind the grave cyberattack against the United States and tried to minimized its impact.

In his first comments on the breach, Trump scoffed at the focus on the Kremlin and downplayed the intrusions, which the nation’s cybersecurity agency has warned posed a “grave” risk to government and private networks.




The Cyber Hack is far greater in the Fake News Media than in actuality. I have been fully briefed and everything is well under control,” Trump tweeted. He also claimed the media are “petrified” of “discussing the possibility that it may be China (it may!)."

There is no evidence to suggest that is the case. Secretary of State Mike Pompeo said late Friday that Russia was “pretty clearly” behind the cyberattack against the United States.

Officials at the White House had been prepared to put out a statement Friday afternoon that accused Russia of being “the main actor” in the hack, but were told at the last minute to stand down, according to one U.S. official familiar with the conversations who spoke on condition of anonymity.

It is not clear whether Pompeo got that message before his interview, but officials are now scrambling to figure out how to square the disparate accounts.

Pompeo said the government was still “unpacking" the cyberattack and some of it would likely remain classified.

This was a very significant effort and I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity,” he said in the interview with radio talk show host Mark Levin.

Russia has said it had “nothing to do” with the hacking.


Experts point to Russia

Throughout his presidency, Trump has refused to blame Russia for well-documented hostilities, including its interference in the 2016 election to help him get elected. He blamed his predecessor, Barack Obama, for Russia’s annexation of Crimea, has endorsed allowing Russia to return to the G7 group of nations and has never taken the country to task for allegedly putting bounties on U.S. soldiers in Afghanistan.

Cybersecurity experts and other U.S. officials have been clear over the past week that the operation appears to be the work of Russia. There has been no credible suggestion that any other country — including China — is responsible.

Democrats in Congress who have received classified briefings have also affirmed publicly that Russia was behind it.

It’s not clear exactly what the hackers were seeking, but experts say it could include nuclear secrets, blueprints for advanced weaponry, COVID-19 vaccine-related research and information for dossiers on government and industry leaders.


Serious hack that could have compromised financial institutions and power plants

While Trump downplayed the impact of the hacks, the Cybersecurity and Infrastructure Security Agency has said it compromised federal agencies as well as “critical infrastructure." Homeland Security, the agency’s parent department, defines such infrastructure as any “vital” assets to the U.S. or its economy, a broad category that could include power plants and financial institutions.

Worst hacking case in the history of America

One U.S. official, speaking Thursday on condition of anonymity to discuss a matter that is under investigation, described the hack as severe and extremely damaging.

This is looking like it’s the worst hacking case in the history of America,” the official said. “They got into everything.

Trump had been silent on the attacks before Saturday.

Deputy White House press secretary Brian Morgenstern on Friday declined to discuss the matter, but told reporters that national security adviser Robert O’Brien had sometimes been leading multiple daily meetings with the FBI, the Department of Homeland Security and the intelligence agencies, looking for ways to mitigate the hack.

Rest assured we have the best and brightest working hard on it each and every single day,” he said.

The Democratic leaders of four House committees given classified briefings by the administration on the hack issued a statement complaining that they “were left with more questions than answers.

Administration officials were unwilling to share the full scope of the breach and identities of the victims,” they said.

Pompeo, in the interview with Levin, said Russia was on the list of “folks that want to undermine our way of life, our republic, our basic democratic principles. [...] You see the news of the day with respect to their efforts in the cyberspace. We’ve seen this for an awfully long time, using asymmetric capabilities to try and put themselves in a place where they can impose costs on the United States.


An extensive, long-lasting attack

What makes this hacking campaign so extraordinary is its scale: 18,000 organizations were infected from March to June by malicious code that piggybacked on popular network-management software from an Austin, Texas, company called SolarWinds.

It’s going to take months to kick elite hackers out of the U.S. government networks they have been quietly rifling through since as far back as March.

Experts say there simply are not enough skilled threat-hunting teams to duly identify all the government and private-sector systems that may have been hacked. FireEye, the cybersecurity company that discovered the intrusion into U.S. agencies and was among the victims, has already tallied dozens of casualties. It's racing to identify more.

Many federal workers — and others in the private sector — must presume that unclassified networks are teeming with spies. Agencies will be more inclined to conduct sensitive government business on Signal, WhatsApp and other encrypted smartphone apps.


Only way to secure hacked networks is to restart from scratch


If the hackers are indeed from Russia’s SVR foreign intelligence agency, as experts believe, their resistance may be tenacious.

The only way to be sure a network is clean is “to burn it down to the ground and rebuild it,” said Bruce Schneier, a prominent security expert and Harvard fellow.

Florida became the first state to acknowledge falling victim to a SolarWinds hack. Officials told The Associated Press that hackers apparently infiltrated the state's health care administration agency and others.

SolarWinds’ customers include most Fortune 500 companies, and its U.S. government clients are rich with generals and spymasters.


(FRANCE 24 with AP)
 
Last edited:


Issued on: 19/12/2020 - 07:16



US Secretary of State Mike Pompeo speaking to the media in Washington, D.C., on November 24, 2020. © Saul Loeb, REUTERS


Russia was "pretty clearly" behind a devastating cyber attack on several US government agencies that also hit targets worldwide, Secretary of State Mike Pompeo said.

Microsoft said late Thursday that it had notified more than 40 customers hit by the malware, which security experts say could allow attackers unfettered network access to key government systems and electric power grids and other utilities.

"There was a significant effort to use a piece of third-party software to essentially embed code inside of US government systems," Pompeo told The Mark Levin Show on Friday.

"This was a very significant effort, and I think it's the case that now we can say pretty clearly that it was the Russians that engaged in this activity."

Roughly 80 percent of the affected customers are located in the United States, Microsoft president Brad Smith said in a blog post, with victims also found in Belgium, Britain, Canada, Israel, Mexico, Spain and the United Arab Emirates.

"It's certain that the number and location of victims will keep growing," Smith said, echoing concerns voiced this week by US officials on the serious threat from the attack.

"This is not 'espionage as usual,' even in the digital age," Smith said.

"Instead, it represents an act of recklessness that created a serious technological vulnerability for the United States and the world."

John Dickson of the security firm Denim Group said many private sector companies which could be vulnerable were scrambling to shore up security, even to the point of considering rebuilding servers and other equipment.

"Everyone is in damage assessment now because it's so big," Dickson said. "It's a severe body blow to confidence both in government and critical infrastructure."

The threat comes from a long-running attack which is believed to have injected malware into computer networks using enterprise management network software made by the Texas-based IT company SolarWinds, with the hallmarks of a nation-state attack.

James Lewis, vice president at the Center for Strategic and International Studies, said the attack may end up being the worst to hit the United States, eclipsing the 2014 hack of US government personnel records in a suspected Chinese infiltration.

"The scale is daunting. We don't know what has been taken so that is one of the tasks for forensics," Lewis said.

"We also don't know what's been left behind. The normal practice is to leave something behind so they can get back in, in the future."


National Security Agency (NSA) warning

The National Security Agency called for increased vigilance to prevent unauthorized access to key military and civilian systems.

Analysts have said the attacks pose threats to national security by infiltrating key government systems, while also creating risks for controls of key infrastructure systems such as electric power grids and other utilities.

The US Cybersecurity and Infrastructure Security Agency (CISA) said government agencies, critical infrastructure entities, and private sector organizations had been targeted by what it called an "advanced persistent threat actor."

CISA did not identify who was behind the malware attack, but private security companies pointed a finger at hackers linked to the Russian government.

Pompeo had also suggested Moscow's involvement on Monday, saying the Russian government had made repeated attempts to breach US government networks.

President-elect Joe Biden expressed "great concern" over the computer breach while Republican Senator Mitt Romney blamed Russia and slammed what he called "inexcusable silence" from the White House.

Romney likened the cyber attack to a situation in which "Russian bombers have been repeatedly flying undetected over our entire country."

CISA said the computer intrusions began at least as early as March this year, and the actor behind them had "demonstrated patience, operational security and complex tradecraft."

"This threat poses a grave risk," CISA said Thursday, adding that it "expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations."

Hackers reportedly installed malware on software used by the US Treasury Department and the Commerce Department, allowing them to view internal email traffic.

The Department of Energy, which manages the country's nuclear arsenal, confirmed it had also been hit by the malware but had disconnected affected systems from its network.

"At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission essential national security functions of the department, including the National Nuclear Security Administration," said agency spokeswoman Shaylyn Hynes.

SolarWinds said up to 18,000 customers, including government agencies and Fortune 500 companies, had downloaded compromised software updates, allowing hackers to spy on email exchanges.

Russia has denied involvement.


(AFP)

Espionage on world stage some time back fire with massive Cyber attacks.
 
NSA
Before cyber attack :
3010545.jpg

NSA after the cyber attack :
3010546.jpg

US hegemony
3011025.jpg
 

Latest posts

Back
Top Bottom