{"id":7429,"date":"2020-12-20T09:54:09","date_gmt":"2020-12-20T01:54:09","guid":{"rendered":"https:\/\/newmalaysiatimes.com\/?p=7429"},"modified":"2020-12-20T09:54:14","modified_gmt":"2020-12-20T01:54:14","slug":"powerful-tradecraft-how-foreign-cyber-spies-compromised-america","status":"publish","type":"post","link":"https:\/\/newmalaysiatimes.com\/?p=7429","title":{"rendered":"‘Powerful tradecraft’: how foreign cyber spies compromised America"},"content":{"rendered":"\n

(Reuters<\/a>) – Speaking at a private dinner for tech security executives at the St. Regis Hotel in San Francisco in late February, America\u2019s cyber defense chief boasted how well his organizations protect the country from spies.<\/p>\n\n\n\n

U.S. teams were \u201cunderstanding the adversary better than the adversary understands themselves,\u201d said General Paul Nakasone, boss of the National Security Agency (NSA) and U.S. Cyber Command, according to a Reuters reporter present at the Feb. 26 dinner. His speech has not been previously reported.<\/p>\n\n\n\n

Yet even as he spoke, hackers were embedding malicious code into the network of a Texas software company called SolarWinds Corp, according to a timeline published by Microsoft and more than a dozen government and corporate cyber researchers.<\/p>\n\n\n\n

A little over three weeks after that dinner, the hackers began a sweeping intelligence operation that has penetrated the heart of America\u2019s government and numerous corporations and other institutions around the world.<\/p>\n\n\n\n

The results of that operation came to light on Dec. 13, when Reuters reported that suspected Russian hackers had gained access to U.S. Treasury and Commerce Department emails. Since then, officials and researchers say they believe at least half-a-dozen U.S. government agencies have been infiltrated and thousands of companies infected with malware in what appears to be one of the biggest such hacks ever uncovered.<\/p>\n\n\n\n

Secretary of State Mike Pompeo said on Friday Russia was behind the attack, calling it \u201ca grave risk\u201d to the United States. Russia has denied involvement.<\/p>\n\n\n\n

Revelations of the attack come at a vulnerable time as the U.S. government grapples with a contentious presidential transition and a spiraling public health crisis. And it reflects a new level of sophistication and scale, hitting numerous federal agencies and threatening to inflict far more damage to public trust in America\u2019s cybersecurity infrastructure than previous acts of digital espionage.<\/p>\n\n\n\n

Much remains unknown — including the motive or ultimate target.<\/strong><\/p>\n\n\n\n

Seven government officials have told Reuters they are largely in the dark about what information might have been stolen or manipulated — or what it will take to undo the damage. The last known breach of U.S. federal systems by suspected Russian intelligence — when hackers gained access to the unclassified email systems at the White House, the State Department and the Joint Chiefs of Staff in 2014 and 2015 — took years to unwind<\/p>\n\n\n\n

\"cyber\"<\/figure><\/div>\n\n\n\n

U.S. President Donald Trump on Saturday downplayed the hack and Russia\u2019s involvement, maintaining it was \u201cunder control\u201d and that China could be responsible. He accused the \u201cFake News Media\u201d of exaggerating its extent.<\/p>\n\n\n\n

The NSC, however, acknowledged that a \u201csignificant cyber incident\u201d had taken place. \u201cThere will be an appropriate response to those actors behind this conduct,\u201d said NSC spokesman John Ullyot. He did not respond to a question on whether Trump had evidence of Chinese involvement in the attack.<\/p>\n\n\n\n

Several government agencies, including the NSA and the Department of Homeland Security, have issued technical advisories on the situation. Nakasone and the NSA declined to comment for this story.<\/p>\n\n\n\n

Lawmakers from both parties said they were struggling to get answers from the departments they oversee, including Treasury. One senate staffer said his boss knew more about the attack from the media than the government.<\/p>\n\n\n\n

\u2018POWERFUL TRADECRAFT\u2019<\/p>\n\n\n\n

The hack first came into view last week, when U.S. cybersecurity firm FireEye Inc disclosed that it had itself been a victim of the very kind of cyberattack that clients pay it to prevent.<\/p>\n\n\n\n

Publicly, the incident initially seemed mostly like an embarrassment for FireEye. But hacks of security firms are especially dangerous because their tools often reach deeply into the computer systems of their clients.<\/p>\n\n\n\n

Days before the hack was revealed, FireEye researchers knew something troubling was afoot and contacted Microsoft Corp and the Federal Bureau of Investigation, three people involved in those communications told Reuters. Microsoft and the FBI declined to comment.<\/p>\n\n\n\n

Their message: FireEye has been hit by an extraordinarily sophisticated cyber-espionage campaign carried out by a nation-state, and its own problems were likely just the tip of the iceberg.<\/p>\n\n\n\n

About half a dozen researchers from FireEye and Microsoft, set about investigating, said two sources familiar with the response effort. At the root of the problem, they found, was something that strikes dread in cybersecurity professionals: so-called supply-chain compromises, which in this case involved using software updates to install malware that can spy on systems, exfiltrate information, and potentially wreak other types of havoc.<\/p>\n\n\n\n

In 2017, Russian operatives used the technique to knock out private and government computer systems across Ukraine, after hiding a piece of malicious code in a widely used accountancy program that was then used to deploy a destructive virus known as NotPetya. Russia has denied that it was involved. The malware quickly infected computers in scores of other countries, crippling businesses and causing hundreds of millions of dollars of damage.<\/p>\n\n\n\n

The latest U.S. hack employed a similar technique: SolarWinds said its software updates had been compromised and used to surreptitiously install malicious code in nearly 18,000 customer systems. Its Orion network management software is used by hundreds of thousands of organizations.<\/p>\n\n\n\n

Once downloaded, the program signaled back to its operators where it had landed. In some cases where access was especially valuable, the hackers used it to deploy more active malicious software to spread across its host.<\/p>\n\n\n\n

In some of the attacks, the intruders combined the administrator privileges granted to SolarWinds with Microsoft\u2019s Azure cloud platform – which stores customers\u2019 data online – to forge authentication \u201ctokens.\u201d Those gave them far longer and wider access to emails and documents than many organizations thought was possible.<\/p>\n\n\n\n

Hackers could then steal documents through Microsoft\u2019s Office 365, the online version of its most popular business software, the NSA said on Thursday in an unusual technical public advisory. Also on Thursday, Microsoft announced it found malicious code in its systems.<\/p>\n\n\n\n

A separate advisory issued by the U.S. Cybersecurity and Infrastructure Security Agency on Dec. 17 said that the SolarWinds software was not the only vehicle being used in the attacks and that the same group had likely used other methods to implant malware.<\/p>\n\n\n\n

\u201cThis is powerful tradecraft, and needs to be understood to defend important networks,\u201d Rob Joyce, a senior NSA cybersecurity adviser, said on Twitter.<\/p>\n\n\n\n

It is unknown how or when SolarWinds was first compromised. According to researchers at Microsoft and other firms that have investigated the hack, intruders first began tampering with SolarWinds\u2019 code as early as October 2019, a few months before it was in a position to launch an attack.<\/p>\n\n\n\n

\u201cHARDENING OUR NETWORKS\u201d<\/p>\n\n\n\n

Pressure is growing on the White House to act.<\/p>\n\n\n\n

Republican Senator Marco Rubio said \u201cAmerica must retaliate, and not just with sanctions.\u201d Mitt Romney, also a Republican, likened the attack to repeatedly allowing Russian bombers to fly undetected over America. Senator Dick Durbin, a Democrat, has called it \u201cvirtually a declaration of war.\u201d<\/p>\n\n\n\n

Democratic lawmakers said they had received little information from the Trump administration beyond what\u2019s in the media. \u201cTheir briefings were obtuse, sorely lacking in details and really seemed an attempt to provide us with the barest of minimum in information that they had to give us,\u201d Democratic Representative Debbie Wasserman Schultz told reporters after a classified briefing.<\/p>\n\n\n\n

Ullyot, the National Security Council spokesman, declined to comment on the congressional briefings. The White House was \u201cfocused on investigating the circumstances surrounding this incident, and working with our interagency partners to mitigate the situation,\u201d he said in a statement to Reuters.<\/p>\n\n\n\n

President-elect Joe Biden has warned that his administration would impose \u201csubstantial costs\u201d on those responsible. House of Representatives Intelligence Committee Chairman Adam Schiff, also a Democrat, said Biden \u201cmust make hardening our networks \u2013 both public and private infrastructure \u2013 a major priority.\u201d<\/p>\n\n\n\n

The attack puts a spotlight on those cyber defenses, reviving criticism that the U.S. intelligence agencies are more interested in offensive cyber operations than protecting government infrastructure.<\/p>\n\n\n\n

\u201cThe attacker has the advantage over defenders. Decades worth of money, patents and effort have done nothing to change that,\u201d said Jason Healey, a cyber conflict researcher at Columbia University and former White House security official in the George W. Bush administration.<\/p>\n\n\n\n

\u201cNow we learn with the SolarWinds hack that if anything, the defenders are falling farther behind. The overriding priority must be to flip this so that defenders have the easier time.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"

(Reuters) – Speaking at a private dinner for tech security executives at the St. Regis…<\/p>\n","protected":false},"author":1,"featured_media":7430,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[59],"tags":[],"class_list":["post-7429","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-world"],"featured_image_urls":{"full":["https:\/\/newmalaysiatimes.com\/wp-content\/uploads\/2020\/12\/Screen-Shot-2020-12-20-at-09.48.52.png",925,588,false],"thumbnail":["https:\/\/newmalaysiatimes.com\/wp-content\/uploads\/2020\/12\/Screen-Shot-2020-12-20-at-09.48.52-150x150.png",150,150,true],"medium":["https:\/\/newmalaysiatimes.com\/wp-content\/uploads\/2020\/12\/Screen-Shot-2020-12-20-at-09.48.52-300x191.png",300,191,true],"medium_large":["https:\/\/newmalaysiatimes.com\/wp-content\/uploads\/2020\/12\/Screen-Shot-2020-12-20-at-09.48.52-768x488.png",640,407,true],"large":["https:\/\/newmalaysiatimes.com\/wp-content\/uploads\/2020\/12\/Screen-Shot-2020-12-20-at-09.48.52.png",640,407,false],"1536x1536":["https:\/\/newmalaysiatimes.com\/wp-content\/uploads\/2020\/12\/Screen-Shot-2020-12-20-at-09.48.52.png",925,588,false],"2048x2048":["https:\/\/newmalaysiatimes.com\/wp-content\/uploads\/2020\/12\/Screen-Shot-2020-12-20-at-09.48.52.png",925,588,false],"newsium-slider-full":["https:\/\/newmalaysiatimes.com\/wp-content\/uploads\/2020\/12\/Screen-Shot-2020-12-20-at-09.48.52.png",925,588,false],"newsium-featured":["https:\/\/newmalaysiatimes.com\/wp-content\/uploads\/2020\/12\/Screen-Shot-2020-12-20-at-09.48.52.png",925,588,false],"newsium-medium":["https:\/\/newmalaysiatimes.com\/wp-content\/uploads\/2020\/12\/Screen-Shot-2020-12-20-at-09.48.52.png",720,458,false]},"author_info":{"info":["Editor"]},"category_info":"World<\/a>","tag_info":"World","comment_count":"0","_links":{"self":[{"href":"https:\/\/newmalaysiatimes.com\/index.php?rest_route=\/wp\/v2\/posts\/7429","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newmalaysiatimes.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newmalaysiatimes.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newmalaysiatimes.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newmalaysiatimes.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7429"}],"version-history":[{"count":1,"href":"https:\/\/newmalaysiatimes.com\/index.php?rest_route=\/wp\/v2\/posts\/7429\/revisions"}],"predecessor-version":[{"id":7431,"href":"https:\/\/newmalaysiatimes.com\/index.php?rest_route=\/wp\/v2\/posts\/7429\/revisions\/7431"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newmalaysiatimes.com\/index.php?rest_route=\/wp\/v2\/media\/7430"}],"wp:attachment":[{"href":"https:\/\/newmalaysiatimes.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7429"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newmalaysiatimes.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7429"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newmalaysiatimes.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7429"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}