Just how bad was the hack of U.S. government agencies that was discovered last week? Some cyber experts say it could be the worst in U.S. history — even more serious than the 1990s “Moonlight Maze” hack that stole documents that, if stacked one atop another, would be three times the size of the Washington Monument.
The damage assessment is in its infancy but given the number of agencies targeted and the length of time the criminals had before they were detected, it must be considerable.
U.S. government agencies, including the Treasury and Commerce departments, were among dozens of high-value public- and private-sector targets known to have been infiltrated as far back as March through a commercial software update distributed to thousands of companies and government agencies worldwide.
In this case “several Washington Monument piles of documents that they took from different government agencies is probably a realistic estimate,” [Johns Hopkins cyberconflict expert Thomas] Rid said. “How would they use that? They themselves most likely don’t know yet.”
The Trump administration has not said which agencies were hacked. And so far no private-sector victims have come forward. Traditionally, defense contractors and telecommunications companies have been popular targets with state-backed cyber spies, Rid said.
While the government has been downplaying the hack in public, behind the scenes there’s been a flurry of worry and activity.
President Donald Trump’s national security adviser, Robert O’Brien, cut short an overseas trip to hold meetings on the hack and was to convene a top-level interagency meeting later this week, the White House said in a statement.
O’Brien had been scheduled to return Saturday and had to scrap plans to visit officials in Italy, Germany, Switzerland and Britain, said an official familiar with his itinerary who was not authorized to discuss it and spoke on condition of anonymity.
Earlier, the White House said a coordinating team had been created to respond, including the FBI, the Department of Homeland Security and the Office of the Director of National Intelligence.
It should be noted that the government is not in the habit of announcing its security failures to the world — especially one this size. But they can certainly give us more information to judge the scope of the breaches. It may be politically embarrassing and cost a few bureaucrats their careers, but a little more transparency is in order.
Chillingly, the hack was discovered almost by accident — and months after it had begun.
Hackers infiltrated government agencies by piggybacking malicious code on commercial network management software from SolarWinds, a Texas company, beginning in March.
The campaign was discovered by the cybersecurity company FireEye when it detected it had been hacked — it disclosed the breach Dec. 8 — and alerted the FBI and other federal agencies. FireEye executive Charles Carmakal said it was aware of “dozens of incredibly high-value targets” infiltrated by the hackers and was helping “a number of organizations respond to their intrusions.” He would not name any, and said he expected many more to learn in coming days that they, too, were compromised.
It may appear that we’re not doing anything to retaliate, but I’m sure we are. Disrupting Russian networks has been done before and the fact that Putin isn’t announcing it is an advantage of living in a totalitarian state. The same goes for China and North Korea, both of which have penetrated U.S. government and commercial networks before. Any retaliation by the U.S. would be a state secret.
But we know that North Korea’s internet and phone services have suffered severe disruptions in the past after hacking U.S. systems. The war is real but it goes on in cyberspace, below the radar of the public. All we can do is try and make our networks as secure as possible and be watchful for breaches.