Home > Blogs > Post Content

Hacked U.S. networks will need to be burned 'down to the ground' (1662 hits)

It’s going to take months to kick elite hackers widely believed to be Russian out of the U.S. government networks they have been quietly rifling through since as far back as March in Washington’s worst cyberespionage failure on record.

Experts say there simply are not enough skilled threat-hunting teams to identify all the government and private-sector systems that may have been hacked. FireEye, the cybersecurity company that discovered the worst-ever intrusion into U.S. agencies and was among the victims, has already tallied dozens of casualties. It’s racing to identify more.

“We have a serious problem. We don’t know what networks they are in, how deep they are, what access they have, what tools they left,” said Bruce Schneier, a prominent security expert and Harvard fellow.

It’s not clear exactly what the hackers were seeking, but experts say it could include nuclear secrets, blueprints for advanced weaponry and information for dossiers on key government and industry leaders.

Many federal workers — and others in the private sector — will now have to presume that unclassified networks are teeming with spies. Agencies will often have to conduct sensitive government business on Signal, WhatsApp and other encrypted smartphone apps.

“We should buckle up. This will be a long ride,” said Dmitri Alperovitch, co-founder and former chief technical officer of the leading cybersecurity firm CrowdStrike. “Cleanup is just phase one.”

The only way to be sure a network is clean is “to burn it down to the ground and rebuild it,” Schneier said.

Imagine a computer network as a mansion you inhabit, and you are certain a serial killer as been there. “You don’t know if he’s gone. How do you get work done? You kind of just hope for the best,” he said.

Deputy White House press secretary Brian Morgenstern told reporters Friday that national security adviser Robert O’Brien has sometimes been leading multiple daily meetings with the FBI, the Department of Homeland Security and the intelligence community, looking for ways to mitigate the hack.

He would not provide details, “but rest assured we have the best and brightest working hard on it each and every single day.”

The Democratic chairs of four House committees given classified briefings on the hack by the Trump administration issued a statement complaining that they “were left with more questions than answers.”

“Administration officials were unwilling to share the full scope of the breach and identities of the victims,” they said.

Morgenstern said earlier that disclosing such details only helps U.S. adversaries. President Donald Trump has not commented publicly on the matter.

What makes this hacking campaign so extraordinary is its scale — 18,000 organizations were infected from March to June by malicious code that piggybacked on popular network-management software from an Austin, Texas, company called SolarWinds.

Only a sliver of those infections were activated to allow hackers inside. FireEye says it has identified dozens of examples, all “high-value targets.” Microsoft, which has helped respond, says it has identified more than 40 government agencies, think tanks, government contractors, nongovernmental organizations and technology companies infiltrated by the hackers, 75% in the United States.

Florida became the first state to acknowledge falling victim to a SolarWinds hack. Officials told The Associated Press on Friday that hackers apparently infiltrated the state’s health care administration agency and others.

SolarWinds’ customers include most prominent Fortune 500 companies, and it’s U.S. government clients are rich with generals and spymasters.

The difficulty of extracting the suspected Russian hackers’ tool kits is exacerbated by the complexity of SolarWinds’ platform, which has dozen of different components.

“This is like doing heart surgery, to pull this out of a lot of environments,” said Edward Amoroso, CEO of TAG Cyber.

Security teams then have to assume that the patient is still sick with undetected so-called “secondary infections” and set up the cyber equivalent of closed-circuit monitoring to make sure the intruders are not still around, sneaking out internal emails and other sensitive data.

That effort will take months, Alperovitch said.

If the hackers are indeed from Russia’s SVR foreign intelligence agency, as experts believe, their resistance may be tenacious. When they hacked the White House, the Joint Chiefs of Staff and the State Department in 2014 and 2015 “it was a nightmare to get them out,” Alperovitch said.

“It was the virtual equivalent of hand-to-hand combat” as defenders sought to keep their footholds, “to stay buried deep inside” and move to other parts of the network where “they thought that they could remain for longer periods of time.”

“We’re likely going to face the same in this situation as well,” he added.

https://www.japantimes.co.jp/news/2020/12/...

Posted By: Steve Williams
Saturday, December 19th 2020 at 12:12AM
You can also click here to view all posts by this author...

Report obscenity | post comment

Share |

You can tell that directly to US Secretary of State Mike Pompeo because it is his job to know.

President Donald Trump on Saturday publicly broke with Secretary of State Mike Pompeo over Russia's involvement in a massive cyberattack on the U.S. government — and even contended that the crisis is "well under control," as his own administration cited new evidence that the hack was more pervasive than initially feared.

Trump, in his first public comment since reports of the wide-scale breach surfaced last week, downplayed the attack in a series of tweets, suggesting without evidence that China may have been responsible and hacks on U.S. voting systems might have occurred as well.

READ MORE: Trump downplays cyberattack on U.S., breaks with Pompeo on Russia's role https://www.politico.com/news/2020/12/19/p...

Saturday, December 19th 2020 at 7:47PM
Dea. Ron Gray Sr.

Mike Pompeo is just one opinion Ron. You want it so badly to be Russia, you can just taste it.

Saturday, December 19th 2020 at 11:34PM
Steve Williams

What does Russia want from us Ron? Nothing. We're not competitors since the collapse of the Soviet Union. China is our #1 world competitor. And contrary to the "Come-On-Man" China WILL eat our lunch.

Saturday, December 19th 2020 at 11:40PM
Steve Williams

I'll wait for you.

Sunday, December 20th 2020 at 4:14PM
Steve Williams

Steve, you do know that it is Mike's job to inform The President of such matter's and Trump don't want to hear that 💩about what Russia is doing to the United States of America because Trump is the best agent Putin has to gather this information from The U.S.

Some Republicans are saying Trump has been compromised and that is the reason for Trump not saying a word against Putin.

Now I don't know that but it sure looks strange, that This President took so much time to admit that this country was under attack for 6 months now, as he goes out of the door.

If it wasn't for that private company, bringing that information out to the public, it would never be known that this country as a hole in its TOP SECRET computer security systems have been HACKED at all and you are willing to say nothing about it neither don't give a damn about that because you know that you are defending TRUMP, NOW DO YOU? AGREE WITH THAT?

YOUR QUESTION: What does Russia want from us Ron? MOIRE POWER,

I WOULD SAY off the top, just to boil down the question of what Russia wants into a Tweet, I would say that Russia would like the United States to treat it as if it were the Soviet Union. In other words, it wants to be treated as a great power with global reach, a country with a right to a seat at the table in all important global decisions, a nuclear superpower, a country that is respected and feared by the rest of the world, and one that the United States treats as an equal.

Now, now do you think that would happen, Steve?

Remember, all this happened under Trump's watch.

Sunday, December 20th 2020 at 4:54PM
Dea. Ron Gray Sr.

You're crazy Ron. What Russia wants from the U.S. is to be treated like the Soviet Union? Where did you hear that nonsense? What does it even mean?

Sunday, December 20th 2020 at 7:53PM
Steve Williams

History dictates, Sir.

If it wasn't for that private company, "NOT TRUMP" bringing that information out to the public, it would never be known that this country as a hole in its TOP SECRET computer security systems that been HACKED by an unfriendly government like Russia, at all and "YOU STEVE" are willing to say nothing against this action or condemn it neither.

You just don't give a damn about the U.S. because all you want to do is be a blind defender of TRUMP to the END, NOW DO YOU AGREE WITH THAT?

Sunday, December 20th 2020 at 10:59PM
Dea. Ron Gray Sr.

I'm not concerned about Russia but I do feel threatened by China. Don't you Ron?

Monday, December 21st 2020 at 12:56AM
Steve Williams

I know that you are NOT worried about Russia, COMRADE. That is the reason why you Support Trump and he has said nothing.

Trump said, LOOK over there at China, there's nothing to see when you look at Russia. That's BULL💩 Steve and you know that to be a FACT.

NOW, on your next reply, can you show the people on Black In America your proof it was China that HACKED The U.S. Can you do that Steve?

Monday, December 21st 2020 at 11:15AM
Dea. Ron Gray Sr.

I can't prove it was China and you can't prove it was Russia. Even FireEye can't say with certainty who it was. All you need to do is think a LITTLE bit and you'll understand why. I posted an article from 2 years ago saying China was planning just such an attack as this. It comes down to motive Ron. Russia has far less motive than China. And look how quickly all the legislators and bureaucrats and media jump to point at Russia. Because they all are in bed with CHINA.

Monday, December 21st 2020 at 12:41PM
Steve Williams

Tell that BULL 💩to U.S. Officials, Law Markers, Experts, The Secretary of State and The Attorney General all agree that it appears to be the Russians.

What Happen Steve, Trump didn't tell you about the meeting? I guess not because he needs troopers like you.

Monday, December 21st 2020 at 1:21PM
Dea. Ron Gray Sr.

I'm a software engineer by trade Ron. I don't need the opinions of "U.S. Officials, Law Markers, Experts, The Secretary of State and The Attorney General."

Monday, December 21st 2020 at 7:58PM
Steve Williams

Those are the movers and shakers in the Trump administration, these are the people Trump depends on to run this country, Steve you and Trump have been FIRED by the people of the United States of America.

You are a software engineer by trade and Trump didn't include your skills, I wonder WHY? NO, wonder why TRUMP lost, Georgia, Michigan, Pennsylvania and Wisconsin Steve, because TRUMP dropped your BULL 💩.... DAMN!!!!

Monday, December 21st 2020 at 9:15PM
Dea. Ron Gray Sr.

I'm a software engineer by trade and I don't need Trump to know that there is no way to prove that Russia did the hack and every reason to think the Chinese did.

Monday, December 21st 2020 at 11:03PM
Steve Williams

So you wanted to keep TRUMP in the dark, well you got your wish You and TRUMP have been FIRED by The people of The United States of America.

You still want to provide cover for a person who doesn't give a damn about you Steve. That SAD.

Monday, December 21st 2020 at 11:21PM
Dea. Ron Gray Sr.

Trump isn't in the dark Ron. He has way more information than you and I. However, I can understand a network trace better than he can, or you. When FireEye says it's Russia let me know.

Tuesday, December 22nd 2020 at 7:45PM
Steve Williams

NO Steve, TRUMP wanted to keep you in the DARK and it looks like he did a damn good job of that.

It is DONE, STEVE, TRUMP is FIRED and you can pack your bags too. It's OVER, STOP CRYING....!!!!

Tuesday, December 22nd 2020 at 9:53PM
Dea. Ron Gray Sr.