What we know – and still do not – about the worst ever cyber attack by the US government | Technology

Almost a week after the U.S. government announced that several federal agencies had been targeted by a widespread cyber attack, the extent and consequences of the Russian suspects are still unknown.

It was reported that key federal agencies, from the Department of Homeland Security to the agency that oversees America’s nuclear weapons arsenal, included powerful tech and security companies, including Microsoft. Investigators are still trying to find out what information the hackers could steal, and what they could do with it.

Donald Trump has not yet commented on the attack, which federal officials said was a “major threat” to all levels of government. Joe Biden has vowed to respond more harshly to cyber attacks but has not offered specifics. Members of Congress are calling for more information about what happened, even though officials who are scribbling for answers say the attack is “significant and ongoing”.

Here’s a look at what we know, and what we don’t have yet, about the worst-ever cyber attack on U.S. federal agencies.

What happened

The hack started as early as March, when malicious code was introduced to updates to a popular software called Orion, made by the company SolarWinds, which provides network analysis. and other technical services to hundreds of thousands of organizations worldwide, including most of Fortune 500 companies and government agencies in North America, Europe, Asia and the United States. Middle East.

That malware in the updates allowed elite hackers to access group networks so that they could steal information. The timeline lasting months allowed hackers ample opportunity to extract information from multiple targets, including email monitoring and other internal communications.

Microsoft called it “an incredible attack on scope, luxury and impact”.

Who was affected by this?

At least six departments of the U.S. government, including the energy, trade, treasure and state sectors, have been reportedly broken. National Nuclear Security Administration networks were also disrupted, Politico reported Thursday.

Dozens of other security and technology companies, as well as NGOs, were affected, Microsoft said in a statement Thursday. While most of those affected by the attack were in the U.S., Microsoft said it had identified additional victims in Canada, Mexico, Belgium, Spain, United Kingdom , Israel and the United Arab Emirates.

“It is certain that the number and location of victims will continue to grow,” said Microsoft.

The U.S. Treasury Department is among the departments that are said to have been hacked in the hack.

The U.S. Treasury Department is among the departments that are said to have been hacked in the hack. Photo: Brendan Smialowski / EPA

Who is responsible for the attack?

Although the U.S. government has not yet officially announced who is responsible for the attack, U.S. officials have told the media that they believe Russia is the cultist, especially SVR, of clothing. Russian foreign intelligence.

Andrei Soldatov, an expert on Russian spy agencies and author of The Red Web, told the Guardian that he believes the hack was more likely to be a joint venture with Russia’s SVR and FSB, Putin’s domestic spy agency once .

Russia has intervened: “No one should blame the Russians for everything,” a Kremlin spokesman said Monday.

The infiltration mechanism involved in the conventional hack, known as the “supply chain” method, recalled the method of Russian military hackers used in 2016 to infect companies doing business in Ukraine with the hard-wired NotPetya virus – the worst cyber -attack to date.

What information has been stolen, and how is it used?

That remains unclear.

“This area was so large that even our cybersecurity experts are not yet fully aware of the extent of the harassment itself,” said Stephen Lynch, head of the House of Representatives’ steering and reform committee. after attending a preparatory meeting on Friday.

Thomas Rid, a Johns Hopkins cyber-fixing expert, told Communist Media that it appeared the hackers had stolen so much data “they still don’t know themselves” what useful information they stole.

What can be done to repair compromised networks?

That ‘s also vague, and can be very frustrating.

“Removing this threatening agent from vulnerable environments will be very complex and challenging for organizations,” a statement from the Cybersecurity and Infrastructure Security Agency (Cisa) said Thursday.

One of Trump’s former home security advisers, Thomas Bossert, has already said publicly that a real solution could take years, and be both costly and challenging.

“It will take years to know for sure which networks the Russians control and which ones they live on,” Bossert wrote in an op-ed New York Times Wednesday. “The logical conclusion is that we must act as if the Russian government was in control of all the networks it entered.”

“Transfers are mandatory and new networks need to be built – and separated from at-risk networks,” he wrote.

Donald Trump has not yet spoken out about the attack, which was carried out in Russia.

Donald Trump has not yet spoken out about the attack, which was carried out in Russia. Photo: Al Drago / Getty Images

How has Trump responded?

On Friday afternoon, the U.S. president had not yet said anything to address the attack.

Republican senator and presidential candidate Mitt Romney has criticized Trump’s silence as impossible, especially in response to an attack he said “how Russian bombers have been flying back without find all over our country ”.

“Keeping the White House firmly speaking out and complaining and punishing is amazing,” Romney said.

How has Biden responded?

So far, there has been a difficult conversation but no clear plan from the president.

“We need to stop and prevent our enemies from committing massive cyberattacks in the first place,” Biden said. “We will do this by, among other things, imposing significant costs on those responsible for such malicious attacks, including coordination with our friends and partners.”

“There’s a lot we don’t know yet, but what we do know is a cause for great concern,” Biden said.

Could this attack have been prevented or prevented?

“What we can do is take a sensible and non-confrontational approach,” said Fiona Hill, a Russian expert and former member of the Trump National Security Council, told PBS NewsHour this week, criticizing conflict and disorder within the Trump administration and between the U.S. and his friends on joint issues. associated with Russia.

If “our president is not on one page and everyone else is on another page, and we are working with our friends to push this back, that would have a negative deterrent effect,” Hill said.

Other cybersecurity experts said the federal government could do more to just keep up with cybersecurity issues, and said the Trump administration had failed in this regard, including by eliminating coordinator posts White House cybersecurity and head of state department cybersecurity policy.

“It’s been a difficult time for the last four years. I mean, nothing really bad happened in cybersecurity, ”Brandon Valeriano, a scholar from Marine Corps University and adviser to the U.S. cyber protection commission, told the Associated Press.

Fiona Hill, a government expert on Russia, criticized the Trump administration’s disorder.

Fiona Hill, a government expert on Russia, criticized the Trump administration’s disorder. Photo: Shawn Thew / EPA

What options does the US have to provide a political response to this type of attack?

Some experts argue that the U.S. government needs to do more to punish Russia for intruding. The federal government could impose formal sanctions on Russia, such as when the Obama administration ousted Russian diplomats in retaliation for Kremlin militants taking over in favor of Donald Trump in the 2016 election. the U.S. could fight back more secretly by, for example, making public details of Putin’s own financial dealings.

However, as the Guardian’s Luke Harding said, cyber attacks are “cheap, repulsive, and psychologically effective”, and Biden’s options for responding to the Russian attack are limited.

“The response included Barack Obama, who unsuccessfully tried to restore friendship with Putin. The leader of this tragic mission was the then secretary of state, Hillary Clinton, who suffered in 2016, ”Harding wrote.

What other effects might the hack have?

SolarWinds may face legal action from private buyers and government agencies affected by the breach. The company submitted a report with the Securities and Exchange Commission on Tuesday detailing the hack.

On the record, the company said the total revenue from affected products was about $ 343m, or about 45% of the company’s total revenue. SolarWinds stock price has fallen 25% since news of the breach first broke.

Moody’s Investor Service said on Wednesday it was looking to reduce its rate for the company, citing “the potential for reputational damage, loss of products to customers, a slowdown in business performance and high treatment and legal costs ”.

The Associated Press issued a statement.