Brief #29 – Technology
By Charles A. Rubin
US Government Agencies Again Fall Victim to State Sponsored Cyber Attacks
On December 13, 2020 news broke that computer networks at several US government agencies including the Departments of Treasury and Commerce had been compromised by a state actor. In the ensuing days, other agencies including the State Department, Los Alamos National Laboratories and the Defense Department revealed that they had been similarly compromised. In each of these events, the attacks were carried out through a corrupted piece of software from an Austin,Texas based company named SolarWinds which provides a network monitoring solution called Orion. This product is widely used in business and government. It also was revealed that the intrusions date back to March 2020 and had gone completely undetected.
It is unclear at this writing the extent of the data loss and exactly what information has been stolen. It is also unlikely that we will ever know the full extent of the damage to our privacy and national security.
It is ironic that the Trump Administration will end much in the way it began; with revelations of a state actor slipping through the defenses of US computer networks. As in 2016, the prime suspect is the Russian State security agency, the SVR, and specifically the group known as APT29 or more commonly referred to as Cozy Bear.
It is also ironic that the Trump Administration, which despite the President’s public undermining, did a truly professional job guaranteeing the security of the November election completely failed to detect or repel this threat
Details are only beginning to emerge on how the attack was carried out but we do know that the Solarwinds software was uniquely positioned to exfiltrate data. The software is designed to monitor networks and computer system processes and report them to an external server. Stolen data could easily be directed to different servers and thus undetected since this was the platform that was supposed to detect irregularities.
This exploit is being referred to as a Supply Side Compromis. What this means is that the compromised software was delivered to an organizations as part of regular software updates much like the applications on your computer and your mobile phone.
Despite millions of dollars spent in shoring up our cyber defenses, the US government does not seem to have a coherent strategy for repelling attacks or holding perpetrators to account. This will have to be a high priority of the incoming administration.
- SANS Institute – Established in 1989 as a cooperative research and education organization, SANS is a go-to place for security industry professionals for education and analysis of security threats.
- The Cybersecurity and Infrastructure Agency (CISA) is part of the Department of Homeland Security charged with repelling attacks and informings the public.
- AISP – The Association of Information Security Professionalsthe is a leading organization for security professionals worldwide.
Information Systems Security Association (ISSA) s a not-for-profit, international organization