by Nicole Perlroth
A few weeks before the publication in early February of This Is How They Tell Me the World Ends, Nicole Perlroth’s disquieting account of the global trade in cyberweapons, multiple US government agencies and major corporations learned that they had been hit with one of the biggest cyberattacks in history. By all accounts, the operation—discovered in early December by the security firm FireEye, whose own closely guarded hacking tools were stolen—had been going on for at least nine months. Hackers believed to be agents of the Russian foreign intelligence service, SVR, appear to have embedded malware into a routine software upgrade from SolarWinds, a Texas-based IT company. When hundreds of the 18,000 users of the firm’s Orion network management system downloaded the upgrade, the malware opened those systems to the hackers. Further analysis revealed that about a third of the victims had not been SolarWinds clients, and thus the hackers must have been using other tactics in addition to the “trojanized” Orion software. Another point of entry may have been a backdoor in software developed by a Czech company called JetBrains, run by Russian nationals, that supplies its software testing product, TeamCity, to 300,000 businesses around the world, one of which is SolarWinds.
In fact, as reported by The New York Times, the hackers used multiple strategies to compromise the networks of an estimated 250 companies and federal agencies, including the Commerce Department, the Pentagon, the State Department, and the Department of Justice. According to the Associated Press, they “probably gained access to the vast trove of confidential information hidden in sealed documents, including trade secrets, espionage targets, whistleblower reports and arrest warrants.” Microsoft’s network was also hacked, and the source code to three of its products, including its cloud computing service, Azure, was stolen.
None of the alarms put in place by the government or private companies to detect such intrusions was tripped. In the daily White House press briefing on February 17, Anne Neuberger, the deputy national security adviser for cyber and emerging technology, pointed out that “the intelligence community largely has no visibility into private sector networks. The hackers launched the hack from inside the United States, which further made it difficult for the US government to observe their activity.”
In their analysis of the attack, security researchers at Microsoft found that the hackers’ methods included hijacking authentication credentials and password spraying—testing commonly used passwords on thousands of accounts at a time, hoping that at least one would be the key that turns the lock. Login credentials are for sale on the dark web, as Perlroth, who covers cybersecurity for The New York Times, found out when a hacker she was interviewing accurately relayed to her what she thought was her own clever and secure e-mail password. (She quickly changed it and began using two-factor authentication.)
No comments:
Post a Comment