Wonder if this explains why Gmail and YouTube were off line the other day? If the attack is that deep, then the UK government is probably hit too?
-----------------------------------------------------------------------------------------------------------
Four days ago, on December 13, Reuters broke the story that computer hackers had breached U.S. government agencies, including the Treasury Department and the Commerce Department. It was serious enough that the National Security Council had been called into an emergency meeting on Saturday. While no nation has yet been charged with this attack, officials agree that it looks like a Russian operation.
On Monday, the story got worse. Also hit were the Department of Homeland Security, the State Department, and the National Institutes of Health. Officials at the Cybersecurity and Infrastructure Security Agency (CISA) in the Department of Homeland Security told all federal agencies to disconnect the products containing the malware that had been used to breach the firewalls. Those products had been installed as far back as March, meaning that the attackers had been able to observe crucial aspects of our government from the inside for as much as nine months. Government officials found out about the breach only after a private cybersecurity firm, FireEye, realized it had been hacked and alerted the FBI. Hackers planted the malware they used to get into the systems on a patch issued by the software company, SolarWinds, which produces widely used management software.
The story is getting worse still.
Today CISA said that the hackers used many different tools to get into government systems, taking them into critical infrastructure, which could include the electrical grid, telecommunications companies, defense contractors, and so on. Officials said that the hacks were “a grave risk to the federal government.”
Later in the day, it came out that the Energy Department and the National Nuclear Security Administration, which oversees our nuclear weapons, was also hit, although a Department of Energy spokesperson said that there is no evidence that the hackers breached critical defense systems, including the NNSA.
Microsoft’s president, Brad Smith, today said the company had identified 40 different companies, government agencies, and think tanks the hackers infiltrated, and that those forty were just the tip of the iceberg. Smith said that more companies had been hit than government agencies, “with a big focus on I.T. companies, especially in the security industry.”
The Associated Press quoted a U.S. official as saying: “This is looking like it’s the worst hacking case in the history of America. They got into everything.” Tom Kellermann, the cybersecurity strategy chief of the software company VMware, told Ben Fox of the Associated Press that the hackers could now see everything in the federal agencies they’ve hacked, and that, now that they have been found out, “there is viable concern that they might leverage destructive attacks within these agencies.”
It is not clear yet how far the hackers have penetrated, and we will likely not know for months. But given the fact they have had access to our systems since March and have almost certainly been planting new ways into them (known as “back doors”), all assumptions are that this is serious indeed.
Heather Cox Richardson
------------------------------------------------------------------------------------
Donald, did you renew the anti-virus software like we said?
What do you mean: "Vlad said he'd sort it"
-----------------------------------------------------------------------------------------------------------
Four days ago, on December 13, Reuters broke the story that computer hackers had breached U.S. government agencies, including the Treasury Department and the Commerce Department. It was serious enough that the National Security Council had been called into an emergency meeting on Saturday. While no nation has yet been charged with this attack, officials agree that it looks like a Russian operation.
On Monday, the story got worse. Also hit were the Department of Homeland Security, the State Department, and the National Institutes of Health. Officials at the Cybersecurity and Infrastructure Security Agency (CISA) in the Department of Homeland Security told all federal agencies to disconnect the products containing the malware that had been used to breach the firewalls. Those products had been installed as far back as March, meaning that the attackers had been able to observe crucial aspects of our government from the inside for as much as nine months. Government officials found out about the breach only after a private cybersecurity firm, FireEye, realized it had been hacked and alerted the FBI. Hackers planted the malware they used to get into the systems on a patch issued by the software company, SolarWinds, which produces widely used management software.
The story is getting worse still.
Today CISA said that the hackers used many different tools to get into government systems, taking them into critical infrastructure, which could include the electrical grid, telecommunications companies, defense contractors, and so on. Officials said that the hacks were “a grave risk to the federal government.”
Later in the day, it came out that the Energy Department and the National Nuclear Security Administration, which oversees our nuclear weapons, was also hit, although a Department of Energy spokesperson said that there is no evidence that the hackers breached critical defense systems, including the NNSA.
Microsoft’s president, Brad Smith, today said the company had identified 40 different companies, government agencies, and think tanks the hackers infiltrated, and that those forty were just the tip of the iceberg. Smith said that more companies had been hit than government agencies, “with a big focus on I.T. companies, especially in the security industry.”
The Associated Press quoted a U.S. official as saying: “This is looking like it’s the worst hacking case in the history of America. They got into everything.” Tom Kellermann, the cybersecurity strategy chief of the software company VMware, told Ben Fox of the Associated Press that the hackers could now see everything in the federal agencies they’ve hacked, and that, now that they have been found out, “there is viable concern that they might leverage destructive attacks within these agencies.”
It is not clear yet how far the hackers have penetrated, and we will likely not know for months. But given the fact they have had access to our systems since March and have almost certainly been planting new ways into them (known as “back doors”), all assumptions are that this is serious indeed.
Heather Cox Richardson
------------------------------------------------------------------------------------
Donald, did you renew the anti-virus software like we said?
What do you mean: "Vlad said he'd sort it"
Cool beans!
Comment