Monday, December 14, 2020

Hackers Strike Again

By Jim Geraghty

Monday, December 14, 2020

 

Back in 2015, I quoted an unnamed defense contractor’s assessment of the hack of the U.S. Office of Personnel Management: “The OPM hack was just the start and it won’t be the last.” That hack was widely described as the “cyber Pearl Harbor” and yet . . . most Americans didn’t notice. A bunch of Russian ads on Facebook stirred more Americans to anger than hackers — believed to be affiliated with the Chinese government — stealing personnel data and Social Security numbers for every federal employee.

 

This morning, we awaken to the sequel:

 

The Trump administration acknowledged on Sunday that hackers acting on behalf of a foreign government — almost certainly a Russian intelligence agency, according to federal and private experts — broke into a range of key government networks, including in the Treasury and Commerce Departments, and had free access to their email systems.

 

Officials said a hunt was on to determine if other parts of the government had been affected by what looked to be one of the most sophisticated, and perhaps among the largest, attacks on federal systems in the past five years. Several said national security-related agencies were also targeted, though it was not clear whether the systems contained highly classified material.

 

The Washington Post had more details:

 

Russian government hackers breached the Treasury and Commerce departments, along with other U.S. government agencies, as part of a global espionage campaign that stretches back months, according to people familiar with the matter.

 

The Russian hackers, known by the nicknames APT29 or Cozy Bear, are part of that nation’s foreign intelligence service, the SVR, and they breached email systems in some cases, said the people familiar with the intrusions, who spoke on the condition of anonymity because of the sensitivity of the matter. The same Russian group hacked the State Department and the White House email servers during the Obama administration . . .

 

SolarWinds products are used by more than 300,000 organizations across the world. They include all five branches of the U.S. military, the Pentagon, State Department, Justice Department, NASA, the Executive Office of the President and the National Security Agency, the world’s top electronic spy agency, according to the firm’s website.

 

Its clients also include the top 10 U.S. telecommunications companies.

 

Reuters reported the hack prompted a National Security Council meeting at the White House on Saturday.

 

Protecting government systems is part of the job of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency — which in fact responded Sunday night by telling all federal civilian agencies to “review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.”

 

You probably heard that President Trump fired CISA director Christopher Krebs on November 17, after Krebs publicly declared that the election systems were secure and that there was no evidence that Venezuelans or anyone else had gotten into the software and changed votes from Trump to Biden.

 

There’s been a lot of turnover at CISA since the election. Deputy director Matthew Travis resigned after Krebs’s firing. According to the Wall Street Journal, “Assistant Director Bryan Ware was recently forced out by WH, too — though not due to the election.” CISA’s acting director is Brandon Wales.

 

Beyond CISA, almost the entire top-level of the Department of Homeland Security is operating in an acting capacity right now, and has done so for many months. DHS has an acting secretary, an acting deputy secretary, an acting chief of staff, an acting general counsel, an acting undersecretary of management, an acting undersecretary for science and technology, an acting undersecretary for intelligence and analysis, an acting director of U.S. Citizenship and Immigration Services, an acting commissioner of U.S. Customs and Border Protection, and an acting director of U.S. Immigration and Customs Enforcement. As of September, at least 15 officials in the executive branch had served in “acting” capacity longer than the time allotted under the Federal Vacancies Reform Act — 210 days. The president doesn’t care about who is in these jobs, and it shows. Apparently, no one around him can get him to care, either.

 

Russian hackers would have targeted U.S. secure computer systems whether the president had formally nominated those acting officials or not, and whether the Senate had confirmed those DHS officials or not. And this hack appears to have started months ago, on the watch of some of those recently dismissed officials.

 

But in the Trump administration, we have a more extreme version of the problem of cybersecurity in most administrations: No one whose duties don’t specifically involve cybersecurity cares about the topic until something goes wrong. But the way you prevent something going wrong is to care about it before something goes wrong. The president’s preeminent focus is what is being said about him on cable-news networks and in the New York Times. Everyone under him knows that this is what matters to him. Everything else . . . is way down on the priority list and easily ignored.

 

On Saturday, the day the National Security Council met to discuss the hack, President Trump insisted he won reelection in a landslide, complained about Attorney General William Barr not telling the public the truth, and asked his Twitter followers which Republican governor was worse: Doug Ducey or Brian Kemp, contending the two governors “fought against me and the Republican Party harder than any Democrat.”

 

There’s an old Arab proverb: “The dog barks, but the caravan moves on.”

No comments: