Comment: Mystery — and fear — mounts over SolarWinds hack

Months after the first incursions by Russian hackers, we still don’t know how bad the damage is.

By Timothy L. O’Brien / Bloomberg Opinion

Brad Smith, Microsoft’s president, made it clear in a Senate Intelligence Committee hearing last week that the federal government and leading members of the business community still don’t fully understand how digital burglars pulled off one of the most dangerous computer hacks in history.

“Who knows the entirety of what happened here?” asked Smith. “Right now, the attacker is the only one who knows the entirety of what they did.”

Intelligence analysts and technologists believe that the “attacker” is the Russian government and that about 1,000 of its operatives orchestrated a massive breach of at least 100 companies around the globe, as well as nine U.S. agencies. The Russians crept onto those servers by targeting SolarWinds, an Austin, Texas-based company that is a leading provider of network and information-technology software. Other undisclosed vendors may also have been involved.

The attack, which came to light late last year, set off alarms in the highest reaches of the government and corporate America, prompting the Biden administration to disclose plans to retaliate against Russia in coming weeks. The White House hasn’t offered details about what that response will entail, but has said it would involve more than diplomatic or economic sanctions. The response is also meant to signal the government’s distaste for a range of Russian activities, including digital disruption (such as interfering in U.S. elections), theft (such as sponsoring ransomware botnets and attempting to steal covid-19 vaccine research) and political vendettas (such as the poisoning and imprisonment of the Russian dissident Alexei Navalny).

But as two committees in the House of Representatives held a joint hearing Friday on the SolarWinds hack, featuring the same witnesses who testified before the Senate last Tuesday, it’s clear that glaring problems remain. Computer networks are vulnerable, information about how to defend and respond to attacks is scattered among private and public stakeholders who don’t freely share it with one another, and the Russian hack may be ongoing.

Although the Russians initially penetrated networks in the fall of 2019, and began lifting information last spring, the breach didn’t become publicly known until December, when FireEye — a Milpitas, Calif., company specializing in digital warfare — disclosed that it had been hacked. Cybersleuths in the federal government — including the National Security Agency — had not been aware of the hack. Corporate heavyweights at Microsoft weren’t aware until FireEye alerted them shortly after Thanksgiving and asked for help conducting a forensic analysis.

“Without this transparency, we would likely still be unaware of this campaign,” Smith said of FireEye’s alert. “In some respect, this is one of the most powerful lessons for all of us. Without this type of transparency, we will fall short in strengthening cybersecurity.”

It turned out that hackers had accessed and exploited Microsoft source code that authenticates customers using some of the software giant’s programs. Microsoft has since acknowledged that it hadn’t made sure its programs could detect the theft of identity tools providing cloud-computing access to its clients; a reminder that the cloud, overall, remains vulnerable to hackers and may be impossible to fully protect. FireEye also discovered attackers had breached its own private, in-house data center by piggybacking malware on a software update from SolarWinds. And SolarWinds, which hadn’t adequately protected its own systems, proved to be a leading nexus for a large portion of the attacks.

After sneaking into SolarWinds, the hackers deposited malware that gave them powers so broad they enjoyed “God-mode,” the ability to skirt encrypted protections and control everything on a network. The hackers masked their presence by replacing legitimate tools and utilities with their own and then depositing time bombs on a network. Then they covered their tracks by restoring the legitimate files. The malware was placed on SolarWinds’ supply chain, allowing it to travel onto victims’ networks whenever SolarWinds sent its customers a software update.

Sudhakar Ramakrishna, the chief executive of SolarWinds, said at the Senate hearing that his company still isn’t entirely sure how the hackers penetrated its systems, though his team has narrowed its investigation to three possibilities; unreassuring testimony given how long ago his company was breached. As many as 17,000 companies were imperiled in the Russian hack, according to Senate testimony.

Legislators attending Tuesday’s session, overseen by Sen. Mark Warner, D-Va., said they’re considering a national data breach reporting law, which would mandate hacking disclosures the private sector has long resisted due to concerns about reputational damage and legal liabilities. But Smith and Kevin Mandia, FireEye’s chief executive, both said that companies will have to embrace greater disclosure if they want to protect themselves.

Amazon.com, which operates a ubiquitous cloud computing business, was repeatedly criticized by legislators for not sending a representative to testify, even though hackers breached its servers and used them as staging grounds to strip data from government networks. Amazon has said it wasn’t victimized in the hack, and has already shared what it knows with law enforcement and the government.

Smith and Mandia also said that companies and governments seeking to protect themselves need to increase public-private collaboration and information-sharing, and take practical steps to strengthen supply-chain security, insulate networks and redefine how nation-states conduct themselves in cyberspace (good luck with that last one).

“There are still too many missing pieces of the puzzle,” Smith said. “We need a full examination of what other cloud services and networks the Russians have accessed. Before we as a nation can secure our digital ecosystem, we need to know that the Russian attackers are no longer present in the dozens or hundreds of networks in which they have accessed data or information through this attack.”

Scared yet?

Timothy L. O’Brien is a senior columnist for Bloomberg Opinion.

Talk to us

> Give us your news tips.

> Send us a letter to the editor.

> More Herald contact information.

More in Opinion

toon
Editorial cartoons for Wednesday, Jan. 15

A sketchy look at the news of the day.… Continue reading

Everett Mayor Ray Stephenson, center, talks with Alaska Airlines Inc. CEO Brad Tilden after the groundbreaking ceremony for the new Paine Field passenger terminal on Monday, June 5, 2017 in Everett, Wa. (Andy Bronson / The Herald)
Editorial: Alliance makes renewed pitch for economic efforts

Leading in the interim, former Everett mayor Ray Stephanson is back as a catalyst for growth.

Welch: Spreading ‘tax policy love around’ would come at a cost

A state tax on wealth might sound fair, but it could chase some from the state and lose crucial revenue.

Firefighters are silhouetted against an engulfed home while keeping the flames from jumping to an adjacent home on Glenrose Avenue during the Eaton fire on Jan. 8, in Altadena, Calif. (Gina Ferazzi / Los Angeles Times)
Comment: What Shakespeare’s plays reveal by wildfires’ light

‘All the world’s a stage,’ with our possessions and homes subject to the same theatrical impermanence.

Comment: Trump escaped penalty, but ‘felon’ tag sticks; for now

Even though a 5-4 majority allowed his sentencing to go forward, it could yet rule on appeal.

Goldberg: Hegseth did not impress; that’s fine with GOP

The nominee for Defense fails on character and the job’s basics. Yet, his confirmation seems assured.

Participants in Northwest WA Civic Circle's discussion among city council members and state lawmakers (clockwise from left) Mountlake Terrace City Council member Dr. Steve Woodard, Stanwood Mayor Sid Roberts, Edmonds City Council member Susan Paine, Rep. April Berg, D-Mill Creek; Herald Opinion editor Jon Bauer, Mountlake Terrace City Council member Erin Murray, Edmonds City Council member Neil Tibbott, Civic Circle founder Alica Crank, and Rep. Shelly Kolba, D-Kenmore.
Editorial: State, local leaders chew on budget, policy needs

Civic Circle, a new nonprofit, invites the public into a discussion of local government needs, taxes and tools.

toon
Editorial: News media must brave chill that some threaten

And readers should stand against moves by media owners and editors to placate President-elect Trump.

FILE - The afternoon sun illuminates the Legislative Building, left, at the Capitol in Olympia, Wash., Oct. 9, 2018. Three conservative-backed initiatives that would give police greater ability to pursue people in vehicles, declare a series of rights for parents of public-school students and bar an income tax were approved by the Washington state Legislature on Monday, March 4, 2024.   (AP Photo/Ted S. Warren, File)
Editorial: Legislation that deserves another look in Olympia

Along with resolving budgets, state lawmakers should reconsider bills that warrant further review.

Comment: With GOP senators cowed, Trump will get his Cabinet

Few Republicans, after drawing the line at Gaetz, seem willing to confront any of Trump’s nominees.

toon
Editorial cartoons for Tuesday, Jan. 14

A sketchy look at the news of the day.… Continue reading

Douthat: Merger of U.S., Canada may be in interests of both

With an unclear future ahead of it, it has more to gain as part of the U.S. than as its neighbor.

Support local journalism

If you value local news, make a gift now to support the trusted journalism you get in The Daily Herald. Donations processed in this system are not tax deductible.