Coincidental timing? Sources claim State Department hit by cyber attack – a ‘possible serious breach’

Share:

WASHINGTON, DC- Two so-called “election integrity” bills currently making their way through the House and Senate—HR1 and S1 respectively—include language to allow voting over the internet.

So, we are supposed to “trust the government” to conduct safe and secure elections over the internet when they cannot secure their own computer infrastructure?

Fox Business (and numerous other outlets) are reporting that the State Department—in the midst of a national security crisis in Afghanistan—was hit by what is described as a “serious” cyber-attack.

According to an unnamed source, State was hit by an unknown source and notifications of a “possible serious breach” were issued, according to Jacqui Heinrich of Fox News.

It’s unclear when the breach occurred, but it is believed to have happened a couple of weeks back. Heinrich said the Department of Defense’s Cyber Command made the notifications.

According to a State Department spokesman, he could not divulge the nature or scope of any cybersecurity incidents.

“The Department takes seriously its responsibility to safeguard its information and continuously takes steps to ensure information is protected,” the spokesman said.

“For security reasons, we are not in a position to discuss the nature or scope of any alleged cybersecurity incidents at this time.”

The New York Post reported that it did not appear the mission in Afghanistan was in any way compromised, according to officials.

Fox Business said the State Department also refused to say what, if any steps were put in place to mitigate such an attack.

The report of the possible breach came only weeks after a report issued by the Senate’s Homeland Security Committee rated the State Department’s overall information security program as a “D”—which is the lowest possible rating within the security model developed by the federal government.

That report, Fox Business said, found the department’s security protocols to be “ineffective in four of five function areas” and also underscored the fact that “sensitive security information” was at risk.

Among areas which auditors found significant issues was sensitive information such as names, dates of birth, and social security numbers used for the vetting of passports, the report said.

“Auditors identified weaknesses related to State’s protection of sensitive information and noted the Department ‘did not have an effective data protection and privacy program in place,” the committee said.

In addition to the above shortfalls, the Senate report also targeted the State Department for not performing timely and required security assessments which were addressed in a 2015 Inspector General report.

According to the New York Post, the State Department was among a number of federal agencies, as well as thousands of private data networks targeted in last December’s SolarWinds breach, an attack that was blamed on Russia-based hackers.

The discovery of that attack, which occurred in March 2020 was of an unknown extent and Homeland Security said they had not yet found what the full range of intrusions were.

In an interview last December with Mark Levin, then-Secretary of State Mike Pompeo said, “We’re still unpacking precisely what it is,” although he pinned the blame solely and squarely on Russia.

Among agencies impacted in that breach were the Pentagon, the Department of Energy’s National Nuclear Security Administration, and the Departments of Commerce, Treasury and Homeland Security.

In addition to government agencies, private corporations such as Cisco Systems and Cox Communications were also impacted.

Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) said at the time that the cyberhackers, who piggybacked on the widely used SolarWinds server software, “demonstrated patience, operational security, and complex trade-craft in these intrusions.” CISA also noted that neutralizing the threat to infrastructure would be “highly complex and challenging.”

Do you want to join our private family of first responders and supporters?  Get unprecedented access to some of the most powerful stories that the media refuses to show you.  Proceeds get reinvested into having active, retired and wounded officers, their families and supporters tell more of these stories.  Click to check it out.

LET Unity

For more on the SolarWinds attack and our reporting on it, we invite you to:

DIG DEEPER

MILPITAS, CA – In case you didn’t take the cyber attack on U.S businesses and government offices seriously, or realize the scope of it all, experts are saying that drastic action is needed to correct the overall problem.

In fact, they’re saying of the “system” that we need to “burn it down” and start from scratch.

Cyber attack update – no choice but to burn it down
Screenshot courtesy of YouTube

It’s going to take months to kick elite hackers widely believed to be Russian out of the U.S. government networks they have been quietly rifling through since as far back as March in Washington’s worst cyber-espionage failure on record.

Experts say there simply are not enough skilled threat-hunting teams to duly identify all the government and private-sector systems that may have been hacked.

18,000 organizations were infected from March to June by malicious code that piggybacked on popular network-management software from an Austin, Texas, company called SolarWinds.

FireEye, the cybersecurity company that discovered the intrusion into U.S. agencies and was among the victims, has already tallied dozens of casualties. It’s racing to identify more.

It’s not clear exactly what the hackers were seeking, but experts say it could include nuclear secrets, blueprints for advanced weaponry, COVID-19 vaccine-related research and information for dossiers on key government and industry leaders.

Only a sliver of those infections were activated to allow hackers inside. FireEye says it has identified dozens of examples, all “high-value targets.”

Microsoft, which has helped respond, says it has identified more than 40 government agencies, think tanks, government contractors, non-governmental organizations and technology companies infiltrated by the hackers, 75% in the United States.

SolarWinds’ customers include most Fortune 500 companies, and it’s U.S. government clients are rich with generals and spymasters.

Bruce Schneier, Harvard fellow and prominent security expert said:

“We have a serious problem. We don’t know what networks they are in, how deep they are, what access they have, what tools they left.”

“The only way to be sure a network is clean is to burn it down to the ground and rebuild it.

“Imagine a computer network as a mansion you inhabit, and you are certain a serial killer as been there. You don’t know if he’s gone. How do you get work done? You kind of just hope for the best.”

Dmitri Alperovitch, co-founder and former chief technical officer of the leading cybersecurity firm CrowdStrike advised:

“We should buckle up. This will be a long ride.  Cleanup is just phase one.”

Alperovitch added that if the hackers are indeed from Russia’s SVR foreign intelligence agency, as experts believe, their resistance may be tenacious. When they hacked the White House, the Joint Chiefs of Staff and the State Department in 2014 and 2015 “it was a nightmare to get them out.”

He commented further:

“It was the virtual equivalent of hand-to-hand combat as defenders sought to keep their footholds, to stay buried deep inside and move to other parts of the network where they thought that they could remain for longer periods of time.

“We’re likely going to face the same in this situation as well.”

FireEye executive Charles Carmakal said the intruders are especially skilled at camouflaging their movements. Their software effectively does what a military spy often does in wartime — hide among the local population, then sneak out at night and strike.

“It’s really hard to catch some of these,” he said.

Brian Morgenstern, Deputy White House press secretary told reporters Friday that national security adviser Robert O’Brien has sometimes been leading multiple daily meetings with the FBI, the Department of Homeland Security and the intelligence community, looking for ways to mitigate the hack.

He would not provide details, “but rest assured we have the best and brightest working hard on it each and every single day.”

The Democratic chairs of four House committees given classified briefings on the hack by the Trump administration issued a statement complaining that they “were left with more questions than answers.”

The group stated:

“Administration officials were unwilling to share the full scope of the breach and identities of the victims.”

Details on the source of the hack have been distributed in different fashions.

Secretary of State Mike Pompeo said on a conservative talk show Friday:

“I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity.”

Brian Morgenstern said that disclosing such details only helps U.S. adversaries. President Donald Trump has not commented publicly on the matter.

Florida became the first state to acknowledge falling victim to a SolarWinds hack. Officials told The Associated Press on Friday that hackers apparently infiltrated the state’s health care administration agency and others.

Do you want to join our private family of first responders and supporters?  Get unprecedented access to some of the most powerful stories that the media refuses to show you.  Proceeds get reinvested into having active, retired and wounded officers, their families and supporters tell more of these stories.  Click to check it out.

LET Unity

Here’s the original article we brought to you on Friday:

Act of war? Nuclear weapons agency, countless others breached in ‘hack of the century’: ‘Grave risk’ to America

December 18, 2020

AUSTIN, TX – A massive cyber attack on the supply chain company SolarWinds in Austin has been felt through the entire government, including control systems for some of our nuclear weapons and tracking systems, analysts say.

According to SolarWinds, this malware was present as a Trojan horse in updates from March through June 2020.

This means any customers who downloaded the Trojaned updates also got the malware.

While not all customers who got the malware have seen it used for attacks, it has been leveraged for broader attacks against the networks of some strategically critical and sensitive organizations.

Those attacked include FireEye, the US Treasury Department, the US Department of Commerce’s National Telecommunications and Information Administration (NTIA), the Department of Health’s National Institutes of Health (NIH), the Cybersecurity and Infrastructure Agency (CISA), the Department of Homeland Security (DHS), and the US Department of State.

Hackers believed to be part of a nation state have had access to federal networks since March after exploiting a vulnerability in updates to IT group SolarWinds’s Orion software.

The hack has compromised the Treasury, State and Homeland Security departments and branches of the Pentagon, though it is expected to get worse. SolarWinds counts many more federal agencies as customers, along with the majority of U.S. Fortune 500 companies.

Cyber attack believed to come from Russia like a declaration of war, senators say
Screenshot courtesy of KXON Austin and YouTube

Richard Clark, cybersecurity czar who served under President George W. Bush, explained:

“This is the largest espionage attack in history.  This is as though the Russians got a passkey, a skeleton key for about half the locks in the country. Think about it that way. It’s 18,000 companies and government institutions scattered around the U.S. And the world. This is an espionage attack.”

James Inhofe (R-OK), Senate Armed Services Committee Chairman,  and Jack Reed (D-RI), ranking member released a joint statement on Thursday:

“The cyber intrusion appears to be ongoing and has the hallmarks of a Russian intelligence operation.

“One of the immediate steps the Administration can take to improve our cyber posture is signing the NDAA (National Defense Authorization Act) into law.  The NDAA is always ‘must-pass’ legislation – but this cyber incident makes it even more urgent that the bill become law without further delay.”

On Thursday, Politico reported that the Energy Department’s National Nuclear Security Administration, which maintains the nation’s nuclear weapons stockpile, was also compromised, further raising the stakes.

Lawmakers say the scope of the attack, widely presumed to be by Russia, which has denied responsibility, demands some kind of response.

Senate Minority Whip Dick Durbin (D-IL) said:

“We can’t be buddies with Vladimir Putin and have him at the same time making this kind of cyberattack on America.  This is virtually a declaration of war by Russia on the United States and we should take that seriously.”

Senator Mitt Romney (R-UT) also commented on Thursday:

“This incident is like Russian bombers flying undetected over the entire country.”

Romney harshly criticized President Trump for not doing enough to counter the attack.

“Our national security is extraordinarily vulnerable.  In this setting, not to have the White House aggressively speaking out and protesting and taking punitive action is really, really quite extraordinary.”

Senator Angus King (I-ME), co-chair of the Cyberspace Solarium Commission (CSC) reacted:

“No response is not appropriate, and that’s been our national policy by and large for the past 10 or 15 years.  I want somebody in the Kremlin, sitting around that table to say, ‘wait a minute boss, if we do this we are liable to get whacked in some way,’ and right now they are not making that calculus.”

Mark Montgomery, a senior fellow at the Foundation for Defense of Democracies, blamed those attacks on the fact that all those countries felt they could do so without incurring a U.S. response.

He compared the state of U.S. cyber defenses to the unprepared state of U.S. health care systems at the beginning of 2020, and advocated for both Congress and the incoming administration to immediately take steps to respond to the latest attack.

Montgomery stated:

“I think we need to look at all the different tools, law enforcement tools such as indictments, and if necessary, military tools that remove the ability of the adversary to use similar tools to attack us.”

Montgomery agreed with the urgent need to sign the bipartisan bill into law, noting that if Trump chose not to, it could further dampen his legacy on cyber defense.

“This NDAA gives the president the opportunity to put his fingerprints on the long-term solutions to our cybersecurity challenges, and to leave the playing field with a win.  If he chose not to, his cyber legacy would be an event like SolarWinds.”

Theresa Payton, White House chief information officer during the George W. Bush administration and the current CEO of the cyber consultancy group Fortalice Solutions stated:

“If somebody flew a plane into our airspace, a military plane, we have an international accord for that, and we don’t really have that for the digital domain.”

In a response independent of the government, Microsoft has released what it calls the “Death Star.”

This week Microsoft took a series of dramatic steps against the recent SolarWinds supply chain attack. In the size, speed and scope of its actions, Microsoft has reminded the world that it can still muster firepower like no one else as a nearly-overwhelming force for good.

Microsoft revealed late Thursday that it had identified more than 40 government agencies, think tanks, non-governmental organizations and IT companies infiltrated by the hackers. It said four in five were in the United States — nearly half of them tech companies — with victims also in Canada, Mexico, Belgium, Spain, the United Kingdom, Israel and the United Arab Emirates.

In a blog post, Microsoft stated:

“This is not ‘espionage as usual,’ even in the digital age. Instead, it represents an act of recklessness that created a serious technological vulnerability for the United States and the world.”

More on Microsoft’s “Death Star” reactions from GeekWire:

“The speed, scope and scale of Microsoft’s response were unprecedented. Specifically, Microsoft did four things over the course of four days that effectively undid the work of the attackers:

1) On Dec. 13, the day this became public, Microsoft announced that it removed the digital certificates that the Trojaned files used. These digital certificates allowed Microsoft Windows systems to believe that those compromised files were trustworthy. In this single act, Microsoft literally overnight told all Windows systems to stop trusting those compromised files which could stop them from being used.

2) That same day, Microsoft announced that it was updating Microsoft Windows Defender, the antimalware capability built into Windows, to detect and alert if it found the Trojaned file on the system.

3) Next, on Tuesday, Dec. 15, Microsoft and others moved to “sinkhole” one of the domains that the malware uses for command and control (C2): avsvmcloud[.]com. SInkholing is a legal and technical tactic to deprive attackers of control over malware. In Sinkholing, an organization like Microsoft goes to court to wrest control of a domain being used for malicious purposes away from its current holder, the attacker.

When successful, the organization can then use its ownership of that domain to sever the attacker’s control over the malware and the systems the malware controls. Sinkholed domains can also be used to help identify compromised systems: when the malware reaches out to the sinkholed domain for instructions, the new owners can identify those systems and attempt to locate and warn the owners. Sinkholing is a tactic that was first used in big attacks in the 2008-2009 battle against Conficker and has been a standard tactic in Microsoft’s toolkit for years, including most recently against TrickBot.

4) Finally, on Wednesday, Dec. 16, Microsoft basically changed its phasers from “stun” to “kill” by changing Windows Defender’s default action for Solorigate from “Alert” to “Quarantine,” a drastic action that could cause systems to crash but will effectively kill the malware when it finds it. This action is important, too, because it gives other security companies license now to follow suit with this drastic step: Microsoft’s size and leadership of its platform give cover to other security companies that they wouldn’t otherwise have.”

_

Want to make sure you never miss a story from Law Enforcement Today?  With so much “stuff” happening in the world on social media, it’s easy for things to get lost.  

Make sure you click “following” and then click “see first” so you don’t miss a thing!  (See image below.)  Thanks for being a part of the LET family!

Facebook Follow First

 

Share:
Related Posts