Search This Blog

Tuesday, December 15, 2020

Russian Hackers Breach US Government Trying To Steal Information From Government Clients

 If you look up "government hacking" on Wikipedia, this is the first paragraph:

"Government hacking permits the exploitation of vulnerabilities in electronic products, such as software, to gain remote access to information of interest. This information allows government investigators to monitor user activity and interfere with device operation. Government attacks on security may include malware and encryption backdoors. The National Security Agency's PRISM program and Ethiopia's use of FinSpy are notable examples."

This has been a constant issue for many years, and will be for many years to come. The question is, exactly how secure is any county's data? How protected is my own data? Should we trust that our provider is securing our data properly?

Who do/can you trust?

Betsy Combier,
Editor, ADVOCATZ Blog
Editor, NYC Rubber Room Reporter
Editor, New York Court Corruption
Editor, National Public Voice
Editor, NYC Public Voice
Editor, Inside 3020-a Teacher Trials

Russian hackers breach U.S. government, targeting agencies, private companies

The CEO of cybersecurity company FireEye said they appeared to be trying to steal information from government clients

A Commerce Department spokesman confirmed a breach, saying it occurred at an unidentified bureau.

Department officials alerted the FBI and a cybersecurity agency within the Department of Homeland Security, the spokesman said, declining to comment further.

The White House National Security Council also confirmed that it was looking into another potential intrusion at the Treasury Department after Reuters reported that foreign government-backed hackers accessed internal government emails.

The hackers appear to have gotten access by first breaking into SolarWinds, an Austin-based company that provides remote information technology services to an long list of clients around the world, including a number of U.S. government agencies and major corporations.

The U.S. Cybersecurity and Infrastructure Security Agency issued a rare emergency directive Sunday night, instructing federal agencies to immediately stop using the version of SolarWinds products.

The company’s president and CEO, Kevin Thompson, said in an emailed statement: “We believe that this vulnerability is the result of a highly-sophisticated, targeted and manual supply chain attack by a nation state. We are acting in close coordination with FireEye, the Federal Bureau of Investigation, the intelligence community, and other law enforcement to investigate these matters. As such, we are limited as to what we can share at this time.”

In a filing to the Securities and Exchange Commission, SolarWinds reported that it had informed 33,000 customers that they may have been affected, and estimated that "fewer than 18,000" could have potentially been compromised.

The Washington Post first reported that the Russia's Foreign Intelligence Service, or SVR, carried out the attack by hacking SolarWinds.

Among the SVR's targets was FireEye, a major U.S. cybersecurity company with extensive government contracts, The Post reported. The company's CEO said last week that it had been hacked "by a nation with top-tier offensive capabilities."

A private cybersecurity official briefed on the matter confirmed the SVR's involvement to NBC News.

FireEye CEO Kevin Mandia said the hackers' primary goal appeared to be to steal information from the company's government clients.

The Russian Embassy in Washington called news of the breach "groundless attempts by the American media to accuse Russia of hacking attacks on U.S. government bodies."

"Attacks in the information space do not correspond to the foreign policy principles of our country, its national interests and understanding of how relations between states are built," the statement continued, adding that Russia does not conduct "offensive operations in the virtual environment."

It wasn't clear how much information the hackers accessed, although the company said they obtained tools used by FireEye's Red Team, the section tasked with defending against new cyberattacks.

The Post reported that the Commerce Department breach targeted Solar Winds, an information technology system used by tens of thousands of organizations. NBC News hasn't independently confirmed the report.

The FBI and the National Security Agency declined to comment Sunday.

In a statement, the Homeland Security Department's cybersecurity agency said it was investigating "recently discovered activity on government networks."

The agency said it was providing technical assistance to help blunt potential compromises.

Ken Dilanian is a correspondent covering intelligence and national security for the NBC News Investigative Unit; Josh Lederman is a national political reporter for NBC News.; Tim Stelloh is a reporter for NBC News based in California; Kevin Collier is a reporter covering cybersecurity, privacy and technology policy for NBC News.

US investigating computer hacks of government agencies
Buffalo News, By BEN FOX and FRANK BAJAK Associated Press, Dec 13, 2020

U.S. government agencies and private companies rushed Monday to secure their computer networks following the disclosure of a sophisticated and long-running cyber-espionage intrusion suspected of being carried out by Russian hackers.

The full extent of the damage is not yet clear. But the potential threat was significant enough that the Department of Homeland Security's cybersecurity unit directed all federal agencies to remove compromised network management software and thousands of companies were expected to do the same.

What was striking about the operation was its potential scope as well as the manner in which the perpetrators managed to pierce cyber defenses and gain access to email and internal files at the Treasury and Commerce departments and potentially elsewhere.

The intrusion was stark evidence of the vulnerability of even supposedly secure government networks, even after well-known previous attacks.

"It's a reminder that offense is easier than defense and we still have a lot of work to do," said Suzanne Spaulding, a former U.S. cybersecurity official who is now a senior adviser at the Center for Strategic and International Studies.

The identity of the perpetrator remained unclear. A U.S. official, speaking on condition of anonymity because of an ongoing investigation, told The Associated Press on Monday that Russian hackers are suspected.

The Washington Post, citing unnamed sources, said the attack was carried out by Russian government hackers who go by the nicknames APT29 or Cozy Bear and are part of that nation's foreign intelligence service.

The intrusion came to light after a prominent cybersecurity firm, FireEye, learned it had been breached and alerted that foreign governments and major corporations were also compromised. The company did not say who it suspected, though many experts believed Russia was responsible given the level of skill involved.

U.S. authorities acknowledged that federal agencies were affected by the breach on Sunday, providing few details. The Cybersecurity and Infrastructure Security Agency, known as CISA, said in an unusual directive that the widely used network software SolarWinds had been compromised and should be removed from any system using it.

SolarWinds is used by hundreds of thousands of organizations around the world, including most Fortune 500 companies and multiple U.S. federal agencies. The perpetrators were able to embed malware in a security update issued by the company, based in Austin, Texas. Once inside, they could impersonate system administrators and have total access to the infected networks, experts said.

"Quite honestly, my heart sank when I saw some of the details, just the amount of information they could potentially have if they are reading everyone's emails and they are accessing sensitive files within places like Treasury or Commerce," said Ben Johnson, a former National Security Agency cyber-engineer who is now chief technology officer of software security firm Obsidian.

A Comprehensive Overview of Government Hacking Worldwide

No comments:

Post a Comment

All comments must not use profanity and must not be defamatory. Please respect the rights of people who may have different opinions than you do.