Hacking ‘Likely’ Came From Russia, US Says

The various agencies have created ad hoc working groups to deal with the hacking, but the task force’s creation is an acknowledgment that getting a handle on the full scope of the hacking will take time and is beyond the abilities of any single government agency.

While computers at many agencies were infected with the back door giving access, the Russian intelligence agencies were clearly judicious in which of those doors they opened and what information they stole, complicating the investigation of what material was taken.

The task force, officials say, will help the Department of Homeland Security, the F.B.I. and the National Security Agency better and more quickly share information.

But it does not assure that those agencies, which were clueless as the Russians began the operation in late 2019, and accelerated it last March, will solve the central question: Were the Russians seeking to do more than merely steal secrets?

The part of the hacking that the government understands best involved a Russian effort to get into the code of a program called Orion, produced by a Texas firm named SolarWinds. Orion is used to manage complex networks, and is used by the Treasury, Commerce and Energy Departments, and other government agencies. The statement on Tuesday said there was evidence that “fewer than 10” United States government agencies were “compromised by follow-on activity on their systems,” meaning the Russians chose to burrow deeper into their networks.

In total, 18,000 entities — mostly private corporations — used the compromised Orion system. While estimates vary, the latest thinking is that about 250 of those were selected by the Russians for deeper hacks.

To accomplish that goal, the Russian hackers set up command-and-control networks inside the United States, where the hacking activity could be directed. By running those command and control systems domestically, they evaded some of the sensors set up by the National Security Agency, one of the nation’s largest collectors of foreign signals intelligence. The agency is prohibited from operating inside the United States.


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *