At least three government agencies have been the target of a major cyberspying campaign, apparently by the Russian government. We learned this week that hackers have been spying on the U.S. departments of Commerce, Treasury and even Homeland Security since the spring, and officials say it’s likely there are more victims that haven’t been revealed yet.
The attackers got in by corrupting software updates from the company SolarWinds, which provides network management tools to the agencies. I spoke with Kim Zetter, a cybersecurity journalist and author. The following is an edited transcript of our conversation.
Kim Zetter: This is something that we call a supply chain attack, so instead of the attackers going directly after their targets — for instance, finding a vulnerability in the Commerce website or servers and going at them directly — they came at them in a sort of a circuitous way. And they went after the software company who supplies them with the software, and they injected malicious code into trusted code that this software company makes.
Molly Wood: So far, it seems to have affected the departments of Commerce, Treasury and Homeland Security. How big a deal does this seem like it’s gonna be?
Zetter: In terms of what the hackers did once they got on those systems, we’re still learning about that, and it’s probably going to take weeks, possibly even months. And so what we’ve learned so far is that they were monitoring emails on some systems in the Commerce Department. But with DHS, I mean, DHS is helping to secure civilian-government networks, and also critical infrastructure in the private sector, and that includes election systems. They have spent a lot of the last three years trying to help state and local counties get up to speed on their security for the election. So there is a potential there about learning about nonpublic intelligence about vulnerabilities in critical infrastructure and potentially in the election systems that DHS was trying to help secure.
Wood: I mean, it really does seem like no good can come of finding out that hackers have penetrated DHS, in particular, during our pandemic response and the lead up to the election. Do you have any concern that the people who are attempting to cast doubt on the results of this election will seize on this hack?
Zetter: Yes, they already have. They are talking about the Dominion Voting Systems company, which, of course, is featured prominently in the Trump campaign’s challenging of the election results. And I have no doubt that we will see more of that trying to connect the Dominion Systems to the SolarWinds hack.
Wood: Seems like nothing good can come of that either.
Zetter: Yeah, I mean we are in a perfect storm of all of this converging at a time when conspiracy theories run rampant and there’s a lot of mistrust, and this just speeds that.
Related links: More insight from Molly Wood
In addition to being the agency responsible for securing the 2020 election, DHS is also involved in securing the distribution of COVID-19 vaccines. This story is, of course, still developing.
The Cybersecurity and Infrastructure Security Agency, or CISA, issued an emergency directive Sunday night, calling on civilian agencies to immediately stop using SolarWind software. And Chris Krebs, the fired former head of CISA, tweeted his support for what remains of his team. Krebs, his deputy and the head of securing elections at CISA have all left or been fired from the agency. Kim Zetter told us, and Krebs reiterated on Twitter, that the remaining staffers are professional and more than up to the task. It’s still concerning, of course, that there’s turnover in the agency, and turnover in the federal government, and that handoff is still being impeded by the Trump administration, which could make it harder to assess and report the damage from this hacking campaign.
And, as Zetter mentioned, plenty of right-wing and conspiracy sites are working hard to tie this hack to the Dominion voting machines that they’ve already lobbed all kinds of fake claims about. This is where I should note that Dominion on Monday stated unequivocally that it does not now and never has used the SolarWinds software that was used in these attacks. The breach was first reported by the cybersecurity firm FireEye, which itself was hacked as part of this campaign. The company said the attack represented “top-tier operational tradecraft.”
Listening makes you smarter…
donating makes it all possible.
Our mission is to raise the economic intelligence of the country, exploring the intersection of the economy, tech, and our daily lives. As a nonprofit news organization, we count on your support – now more than ever before.