What led to the worst cyber attack in US? | Multiple US agencies hacked in massive cyber attacks
Experts in Washington are confident that the hacking was organized by hackers under the control of a foreign state, and they do not exclude that this is Russia.
The computer hacking of US government agencies that occurred in December and affected a large number of departments was very large-scale, and it will take an indefinite amount of time and money to stop it. Experts interviewed by the Russian service of the Voice of America say this..
In the US Congress, closed briefings were held at which representatives of the special services spoke about what they knew about the attack carried out by hacking into the products of the IT company SolarWinds. These products are used by the US Department of State, the Pentagon, the Treasury, the Department of Energy and other components of the executive power system in America. It is already clear that the hackers’ actions were long-term – they used for their own purposes the updates released by SolarWinds in the period from March to June of this year..
At the same time, not a single American official has confirmed the connection of this hacking activity with Moscow, as the Washington Post did earlier this week – according to its information, the attack was behind the APT29 group or Cozy Bear, associated with the Russian Foreign Intelligence Service..
President of the Cyber Threat Alliance Michael Daniel, a former special adviser to US President Barack Obama in the field of cybersecurity, says in an interview with Voice of America that a hack of this magnitude could only be carried out with the support of foreign state structures:
“It was a very measured, very complex, well thought out and extremely meticulous penetration into our networks. And even very good defenses can allow such penetrations to pass, allowing the adversary to achieve some success. The fact that this happened does not mean that the computer security systems of the US government are bad – it is just a reminder that no one can be guaranteed to be protected from such intrusions. To carry out such an operation for such a long time and such a level of complexity, so highly organized, in my opinion, is impossible without the participation of the group behind which the state stands “.
Daniel believes that Russia is indeed at the very top of the list of countries suspected of being involved in the attack: “Thinking about Russia in this case is very natural, I would even say that Russian intelligence may well be behind this operation. However, let me remind you that no one has yet asserted this from our officials. In addition, it seems to me important that the operation was reconnaissance, not sabotage – its purpose, from what we know about it, was to extract information, and not to inflict obvious damage. “.
The former adviser to the President of the United States on computer security recalled that Moscow is known precisely for subversive operations in cyberspace, such as hacking during election campaigns in order to directly damage the political process. However, in this case, Michael Daniel believes, the United States was simply spied on: “This does not mean that such actions need to be put up, on the contrary, they need to be resisted as effectively as possible, but I mean that in general, intelligence services in the world are doing just that. – get information “.
Atlantic Council cybersecurity expert Will Loomis disagrees that no direct damage has been done. According to him, now the US government departments, and many private companies, have an incredible amount of work to do:
“We are now discovering that hundreds of companies have been attacked, including Microsoft, and perhaps we will learn in the coming days that other large companies have been affected. We already know that Canada, Belgium, Mexico, UAE and other countries have also been affected. Most likely, a lot of extremely valuable information was stolen, or its integrity was violated. It will take weeks, maybe months, before we fully understand the scope of this attack. And in order to close the security gaps in the structures affected by this operation, serious funds can be spent, the size of which is now impossible to read. So, the economic damage is already obvious, and it is not small “.
Will Loomis is also sure that the perpetrators of the cyber network hacking operation in US government agencies in this case were not just, as Vladimir Putin once put it, “patriotic hackers”:
“More than half of the attacks of this kind, when a hacker code is introduced into the software of a well-proven company, which opens the“ back door ”into the system, according to our information, were carried out by groups associated with the state. In the past couple of years, we have seen the appearance on the black market of a fairly large number of funds with such opportunities, however, the volume and organization of this operation allows us to conclude that the state is most likely behind it. And although now it is impossible to speak about anything with 100% certainty, taking into account some technical signs, the majority of the expert community believes that this was done by a group associated with the state structures of Russia “.
With even greater confidence that Russia is behind the hack, says James Lewis, an expert at the Center for Strategic and International Studies (CSIS): “It was an extremely successful attack on the Russians, and they were probably able to gain access to about 20 thousand facilities in various government agencies and American companies, and possibly more. We can say that we are dealing with one of the largest government hacks in history. At the moment, we do not know two things: what information they were able to obtain and what they left in the system … In cyber attacks, code may be left that would make it easier for hackers to return if necessary. So, a lot of work remains to be done to find out what information was received and what traces were left. “.
According to Lewis, Russia continues its aggressive actions against the United States, since the cybersphere makes it possible to inflict serious damage at minimal cost. The weak reaction of the current administration to Russian meddling in the 2016 presidential elections was an additional incentive for Moscow: “The Putin regime is very hostile towards the West and the United States, and they have identified the cyber sphere as one of the areas where they can act most actively with minimal risk. They think the risk is low because the US has not responded particularly to election meddling. This was perceived by the Russians as a “green light” “.
The CSIS expert is confident that Washington should review the rules and regulations in the field of cybersecurity, as well as – together with its European allies – develop a strategy to resist Russia’s actions and decide how to respond to this attack..
“We need to determine what retaliatory actions will be appropriate against Russia. Will it be the expulsion of diplomats? Will we block the Internet in Moscow for a day? Or will it be something more serious? ”- says James Lewis.
Reporter for the Russian Voice of America Service in Moscow. Collaborates with Voice of America since 2012. For a long time he worked as a correspondent and host of programs for the BBC Russian Service and Radio Liberty. Specialization – international relations, politics and legislation, human rights.
I will follow
Voice of America journalist. Prior to that, she worked for international non-governmental organizations in Washington and London, in the Russian-language version of the Estonian daily newspaper “Postimees” and as a spokesman for the Estonian Ministry of Internal Affairs. Interests – international relations, politics, economics