by Nicole Perlroth
A few weeks before the publication in early February of This Is How They Tell Me the World Ends, Nicole Perlroth’s disquieting account of the global trade in cyberweapons, multiple US government agencies and major corporations learned that they had been hit with one of the biggest cyberattacks in history. By all accounts, the operation—discovered in early December by the security firm FireEye, whose own closely guarded hacking tools were stolen—had been going on for at least nine months. Hackers believed to be agents of the Russian foreign intelligence service, SVR, appear to have embedded malware into a routine software upgrade from SolarWinds, a Texas-based IT company. When hundreds of the 18,000 users of the firm’s Orion network management system downloaded the upgrade, the malware opened those systems to the hackers. Further analysis revealed that about a third of the victims had not been SolarWinds clients, and thus the hackers must have been using other tactics in addition to the “trojanized” Orion software. Another point of entry may have been a backdoor in software developed by a Czech company called JetBrains, run by Russian nationals, that supplies its software testing product, TeamCity, to 300,000 businesses around the world, one of which is SolarWinds.
In fact, as reported by The New York Times, the hackers used multiple strategies to compromise the networks of an estimated 250 companies and federal agencies, including the Commerce Department, the Pentagon, the State Department, and the Department of Justice. According to the Associated Press, they “probably gained access to the vast trove of confidential information hidden in sealed documents, including trade secrets, espionage targets, whistleblower reports and arrest warrants.” Microsoft’s network was also hacked, and the source code to three of its products, including its cloud computing service, Azure, was stolen.