Quote Of The Year

Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

or

H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."

Wednesday, December 23, 2020

I Think This Is A Massively Larger Deal Than Is Being Made Clear In The Lay Press.

This appeared a last week:

Russian hackers target US nuclear weapons stockpile

Cameron Stewart

The agency holding America’s nuclear weapons stockpile has been hacked in a suspected Russian attack as a part of one of the largest cyber espionage operations ever conducted against the United States.

Fears are mounting in Washington as more is revealed about the extent of the hacks which have hit the departments of Defence, State, Treasury, Energy, Agriculture, Homeland Security and Commerce.

On Friday (AEDT) it was revealed that hackers had accessed the networks of the National Nuclear Security Administration which maintains the US nuclear weapons stockpile.

Suspicious cyber activity was also found in the famous Los Alamos laboratories in New Mexico where the first nuclear bombs were designed as part of the Manhattan Project in World War Two. These days the labs at Los Alamos conduct atomic research related to both civil nuclear power and nuclear weapons.

US cyber security agencies warned that they were still exploring the extent of the hacking and what information had been compromised. They said it would be a difficult and slow operation to restore security across the raft of compromised US agencies.

The hacks are suspected to have been orchestrated by Russia although this has not been confirmed publicly. The president-elect Joe Biden has responded by declaring that he would make cybersecurity “a top priority at every level of government” and would not ‘stand idly by’ while the US was attacked by adversaries.

Mr Biden’s comments were also aimed at Donald Trump who has not sought to punish Russia over cyberattacks and who has not yet commented on the current one.

“Our adversaries should know that, as President, I will not stand idly by in the face of cyber assaults on our nation,” Mr Biden said. He said the US would in the future impose “substantial costs on those responsible for such malicious attacks.”

“There’s a lot we don’t yet know, but what we do know is a matter of great concern. I have instructed my team to learn as much as we can about this breach,’ he said.

US security agencies believe the hacks have been going on since March.

The cybersecurity unit of the Department of Homeland Security warned on Friday (AEDT) that the hack “poses a grave risk to the federal government and state, local, tribal and territorial governments as well as critical infrastructure entities and other private sector organisations”.

Removing the malware from the infected networks would be an enormously difficult challenge the Cybersecurity and Infrastructure Security Agency (CISA) said.

“Removing this threat actor from compromised environments will be highly complex and challenging for organisations,” CISA said.

CISA has described the attack as ‘a significant and ongoing cybersecurity campaign’ against the US.

More here:

https://www.theaustralian.com.au/world/russian-hackers-target-us-nuclear-weapons-stockpile/news-story/917125b08e5e4ff087a0f459520b7759

There is further coverage here:

Microsoft hacked in massive Russian cyber attack

Hannah Murphy and Demetri Sevastopulo

Dec 18, 2020 – 3.40pm

San Francisco/ Washington | US cyber officials warned that the massive espionage campaign unearthed this week posed a “grave risk” to the government, critical infrastructure and private sector, as the US department of energy was the latest agency to confirm it had been breached.

Microsoft also admitted late on Thursday (Friday AEDT) that it had been hacked, making it the second tech company, after FireEye, to be caught up in what is quickly turning into the most sweeping cybersecurity crisis on record.

Thousands of businesses and government agencies may have been exposed after downloading compromised software from SolarWinds, a Texas-based IT group. Brad Smith, Microsoft president, said the software company had identified 40 customers that had been breached, and called it “an act of recklessness that created a serious technological vulnerability for the United States and the world”.

The energy department said on Thursday that it was “responding to a cyber incident” as part of an ongoing investigation.

However, a spokesperson for the agency said there was no evidence so far that the attack had any impact on national security functions, including the National Nuclear Security Administration, which is responsible for managing and safeguarding the US nuclear weapons arsenal. Politico first reported the energy department breach.

Earlier on Thursday, the US Cybersecurity and Infrastructure Security Agency (CISA) warned that the hackers had also gained access to systems using means other than the SolarWinds software, and of the difficulty involved in finding and removing hackers from compromised systems.

CISA said the hackers had “demonstrated sophistication and complex tradecraft in these intrusions” and that it would be “highly complex and challenging” to eject the perpetrators.

It added that it had “evidence” of “access vectors, other than the SolarWinds Orion platform” which were being investigated. Microsoft said that it had “found absolutely no indications that our systems were used to attack others”.

The agency cited a report published by cyber group Volexity detailing attacks by the same hackers against an unnamed US think-tank, including one that used new methods to bypass multi-factor authentication security.

FireEye, SolarWinds and some US officials have blamed “nation-state” hackers for the breach, which first came to light at the end of last week. Cyber security experts, plus several politicians, have singled out Russian intelligence as the culprit, although Russia has strongly denied any involvement.

“Today’s classified briefing on Russia’s cyber attack left me deeply alarmed, in fact downright scared,” Richard Blumenthal, Democratic senator from Connecticut wrote on Twitter on Wednesday. “Americans deserve to know what’s going on. Declassify what’s known & unknown.”

House committees for homeland security and oversight have launched probes into the hack and urged the FBI, the DHS and the intelligence agencies to share more information..

“While investigations and technical forensic analyses are still ongoing, based on preliminary reporting, it is evident that this latest cyber intrusion could have potentially devastating consequences for US national security,” the committees’ chairs said.

President-elect Joe Biden said in a statement that he had been briefed by US government officials on the attack and vowed to impose “substantial cost” on adversaries who penetrate US computer systems.

“We need to disrupt and deter our adversaries from undertaking significant cyber attacks in the first place,” Mr Biden said. “Our adversaries should know that, as president, I will not stand idly by in the face of cyber assaults on our nation.”

Cisa warned that the hackers “demonstrated an ability to exploit software supply chains and shown significant knowledge of Windows networks”.

More here:

https://www.afr.com/policy/foreign-affairs/microsoft-hacked-in-massive-russian-cyber-attack-20201218-p56osb

Reading between the lines it seems there have been multiple breaches with differing methods and at different times with some software being in place and providing access for many months.

It would be foolish to believe what has happened in the US is not happening here and we should really be looking very hard to find where it is happening – despite the cleverness of the malware tools to avoid detection.

I note Trump is in denial about the seriousness and the source of the problem:

Trump downplays Russia hack, clashes with Pompeo

By David MIllward

December 20, 2020 — 7.00am

Washington: Donald Trump is at odds with one of his closest allies, Secretary of State Mike Pompeo, over who was responsible for the massive cyber-attack on the US government.

While Mr Pompeo fell into line with the consensus that Russia orchestrated the hack, Mr Trump suggested without evidence that China may have been the culprit, and that it may have also helped rig the election in favour of Joe Biden.

Playing down the severity of the attack, the US President wrote: "The Cyber Hack is far greater in the Fake News Media than in actuality.

"I have been fully briefed and everything is well under control. Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!).

"There could also have been a hit on our ridiculous voting machines during the election, which is now obvious that I won big, making it an even more corrupted embarrassment for the USA."

Mr Pompeo was the first member of the Trump administration to blame the Kremlin, endorsing the findings of the US intelligence community.

"I think it's the case that now we can say pretty clearly that it was the Russians that engaged in this activity," Mr Pompeo said in an interview on Friday.

"This was a very significant effort ... we're still unpacking precisely what it is."

Considered one of Mr Trump's staunchest supporters, Mr Pompeo was vocal in endorsing the President's claim that last month's election had been stolen. His willingness to speak out on the hack before Mr Trump was seen as evidence of the Secretary of State demonstrating his independence amid speculation he could be a contender for the Republican nomination in 2024.

More here:

https://www.smh.com.au/world/north-america/trump-downplay-russia-hack-clashes-with-pompeo-20201220-p56ozs.html

I will leave it to others to decide who they believe…

David.

 

1 comment:

Sarah Conner said...

Looks like we were part of a coordinated attack using the same methods. News emerging NSW Health, Rio Tinto, Serco all reporting incidents. As someone mentioned Solarwinds and M365 are used extensively and lazily across government. I guess we will know in a few years if ADHA or MyHR was compromised.