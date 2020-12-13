Russian hackers broke into federal agencies, suspected of US officials
The Trump administration admitted on Sunday that hackers acting on behalf of a foreign government – almost certainly a Russian intelligence agency, according to federal and private experts – broke into a range of key government networks, including departments. Treasury and Commerce, and had access to their messaging systems.
Officials said a hunt was underway to determine whether other parts of government fell victim to what appeared to be one of the most sophisticated, and perhaps the most significant, attacks on federal systems. over the past five years. Several said a range of national security-related agencies were also affected, although it was not clear whether the systems contained highly classified material.
In public, the Trump administration has said little about the hack, suggesting that while the government was concerned about Russia’s interference in the 2020 election, key agencies working for the administration – and unrelated to them. elections – were in fact under a sophisticated attack which they were not aware of until recent weeks.
“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any problems related to this situation,” said John Ullyot, spokesperson for the National Security Council, in a press release. The Commerce Department admitted that one of its agencies had been targeted, without naming it, and the cybersecurity agency of the Department of Homeland Security, whose leader was sacked by President Trump last month for saying there was no widespread voter fraud, said in a statement he was also called out.
The motive for the attack on the Treasury and Commerce departments remains elusive, two people familiar with the matter said. A government official said it was too early to say how damaging the recent attacks were and how much material had been lost.
The revelation came less than a week after the National Security Agency, which is tasked with both penetrating foreign computer networks and defending the federal government’s most sensitive national security systems, issued a warning that “Russian state sponsored actors” exploited loopholes in a system widely used within the federal government.
At the time, the NSA declined to elaborate on what prompted the urgent warning. Soon after, FireEye, a leading cybersecurity company, announced that the pirates working for a state had stolen some of its valuable tools for finding vulnerabilities in the systems of its clients, including the federal government. This investigation also pointed to SVR, one of Russia’s leading intelligence agencies.
If the connection with Russia is confirmed, it will be the most sophisticated known theft of U.S. government data by Moscow since a two-year frenzy in 2014 and 2015 in which Russian intelligence agencies gained access to messaging systems. unclassified in the White House, State. Department and Joint Chiefs of Staff. It took years to undo the damage, but President Barack Obama decided at the time not to name the Russians as the perpetrators – a move many in his administration now see as a mistake.
Emboldened, the same group of hackers then hacked into the systems of the Democratic National Committee and senior Hillary Clinton campaign officials, triggering inquiries and fears that permeated the 2020 contest.
“There seem to be many victims of this campaign, both in government and in the private sector,” said Dmitri Alperovitch, chairman of Silverado Policy Accelerator, a geopolitical think tank, co-founder of CrowdStrike, a cybersecurity company that helped find the Russians in the Democratic National Committee systems four years ago. “Kind of like what we saw in 2014-2015 of this actor, when they led a massive campaign and managed to compromise many victims.”
According to private sector investigators, the attacks on FireEye led to a broader hunt to find out where Russian hackers could have infiltrated federal and private networks. FireEye provided key pieces of computer code to the NSA and Microsoft, officials said, who searched for similar attacks on federal systems. This led to the emergency alert last week.
Most of the hacks involve stealing usernames and passwords, but it was much more sophisticated. This involved the creation of counterfeit tokens, essentially electronic indicators that provide assurance to Microsoft or Google about the identity of the computer system to which its email systems speak. By using an extremely difficult to detect flaw, hackers were able to trick and gain access to the system.
Reporting was contributed by Alan rappeport, Maggie Haberman, Julian Barnes and Zolan Kanno-Youngs.
