A former Homeland Security adviser for the Trump administration is sounding the alarm on the months-long Russian hack of government agencies and corporations, saying the vastness of the intrusion is “hard to overstate.”
“The Russians have had access to a considerable number of important and sensitive networks for six to nine months,” Thomas Bossert wrote in an op-ed that ran Wednesday in the New York Times.
The Russian hackers, he wrote, “surely have used its access to further exploit and gain administrative control over the networks it considered priority targets. For those targets, the hackers will have long ago moved past their entry point, covered their tracks and gained what experts call ‘persistent access,’ meaning the ability to infiltrate and control networks in a way that is hard to detect or remove.”
“The magnitude of this ongoing attack is hard to overstate,” he said.
And, Bossert continued, the attacks come at the “worst possible time” during the handoff to President-elect Joe Biden’s team and during the coronavirus pandemic when the country is “at its most vulnerable.”
“We need to understand the scale and significance of what is happening,” he wrote.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued a directive late Sunday ordering federal agencies to disconnect servers that may have been compromised and scan their networks for “malicious actors.”
A number of federal departments — including Commerce, Treasury, Homeland Security and the Pentagon — said they had been victims of the hack believed to be carried out by a group working with the Russian Foreign Intelligence Service.
The hack came to light after cybersecurity firm FireEye announced it had been breached.
The hackers accessed the computer systems of the government agencies and a number of Fortune 500 companies by inserting malware in the server software SolarWinds.
“The attackers gained access to SolarWinds software before updates of that software were made available to its customers. Unsuspecting customers then downloaded a corrupted version of the software, which included a hidden back door that gave hackers access to the victim’s network,” Bossert wrote, explaining how the intrusions worked.
“Evidence in the SolarWinds attack points to the Russian intelligence agency known as the S.V.R., whose tradecraft is among the most advanced in the world,” Bossert wrote.
SolarWind had said the malware has been piggybacking on its software since spring, giving the hackers plenty of time to siphon information that could be exploited for a number of nefarious uses, including undermining “pubic and consumer trust in data, written communications and services.”
“In the networks that the Russians control, they have the power to destroy or alter data, and impersonate legitimate people. Domestic and geopolitical tensions could escalate quite easily if they use their access for malign influence and misinformation — both hallmarks of Russian behavior,” Bossert said.
Despite the Trump administration coming to an end, he urged the president to muster whatever leverage he has to “severely punish the Russians.”
And he called on Biden to plan on taking charge of the crisis come Jan. 20.
“We are sick, distracted, and now under cyberattack. Leadership is essential,” Bossert said.