We’ve Been Hacked

An interesting article sharing a sobering reality: US Government systems and that of many Fortune 500 companies were hacked by nation-state actors, most like Russia.

A very sophisticated penetration of US Government systems has been discovered on thousands of entire systems by a likely nation-state actor (suspect is the S.V.R in Russia).

The penetration was rather sophisticated and likely years in the making, requiring extensive resources and programming skills. Now that the hack has been finally detected, it will take years to resolve and enormous sums of money (think billions). But what is more important, to me anyway, is what was hacked and why.

During the months of March through June 2020, over 18,000 downloads of compromised software was performed by most of the federal governments unclassified networks and more then 425 Fortune 500 companies. Since then, it’s extremely likely that the hackers have compromised many more systems and covered their tracks, making it difficult to detect.

The sheer number of systems thought to be compromised is absolutely massive – we’re not talking about 18,000 computers – we’re talking about tens of thousands of interconnected networks. The total number is unknown, but it could ultimately mean millions of infected systems, any of which can be secretly monitored and have their data manipulated by unknown agents.

The magnitude of this ongoing attack is hard to overstate.

The Russians have had access to a considerable number of important and sensitive networks for six to nine months. The Russian S.V.R. will surely have used its access to further exploit and gain administrative control over the networks it considered priority targets. For those targets, the hackers will have long ago moved past their entry point, covered their tracks and gained what experts call “persistent access,” meaning the ability to infiltrate and control networks in a way that is hard to detect or remove.

While the Russians did not have the time to gain complete control over every network they hacked, they most certainly did gain it over hundreds of them. It will take years to know for certain which networks the Russians control and which ones they just occupy.

The logical conclusion is that we must act as if the Russian government has control of all the networks it has penetrated. But it is unclear what the Russians intend to do next. The access the Russians now enjoy could be used for far more than simply spying.

The actual and perceived control of so many important networks could easily be used to undermine public and consumer trust in data, written communications and services. In the networks that the Russians control, they have the power to destroy or alter data, and impersonate legitimate people. Domestic and geopolitical tensions could escalate quite easily if they use their access for malign influence and misinformation — both hallmarks of Russian behavior.

The corrupted software has already been used to attack the United States, including universities, governments and high tech companies, U.S. Commerce Department as well as the Treasury Department: Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’

Suspiciously, or at the very least, oddly ‘coincidental’, the SolarWinds CEO, CFO and directors sold stock in November 2020 that amounted to $15,000,000. I don’t know what this means, but to be honest, $15 million is pocket change compared to the scope of what this hack means. Seriously, it’s peanuts. The hack can manipulate governments and entire institutions, which is worth billions and billions, even trillions of dollars if left to its own devices.

One of the problems that may not seem obvious is how the hacked systems can now be manipulated to falsify data, and be nearly impossible to detect. What this means is anybody’s guess, but imagine if faked reports are created on infected systems, altering the financials, statistics and the very words to present completely erroneous “facts”, upon which billion dollar decisions are being made affecting millions of people. The ability to completely fabricate an entirely fake narrative would be possible – and undetectable if done correctly.

Humanity in the modern world runs on computers and computer networks, there are now billions of these systems throughout the world. They handle enormous streams of data that needs to be deemed “trustworthy” because of what this information actually means. Decision making on human health, finances, markets, resources, allocations, logistics, transportation, project development, management of infrastructure, education, technology and everything else imaginable runs on these networks, many which are now compromised.

This is MUCH worse then just simply “spying” and vacuuming up the data that they might want, they have the ability to create undetectable backdoor access and create or manipulate data that can affects millions of companies and entire governments and the decisions making processes that they are making. In effect, this is like handing the keys of society over to the secret control to some dubious criminals. Anything could happen from this point on, none of it good.

When one system is infected with malicious software, it generally means that all the connected systems, and networks can also be infected. The sheer scale of the hack is still unknown, but it is massive. Well-designed malicious software will target all vulnerable computers and networks, hiding itself and even recreating itself if someone tries to remove it. Malicious software can lurk  for years to evade detection.

All US Federal agencies are now on alert, with several agency reporting hacked systems, including the Department of Commerce and the Agriculture Department, and the Department of Homeland Security. Every US agency is potentially vulnerable, since these systems are all interconnected and use many of the same networks. Even the US Military is at risk, but how much of a risk is still unknown.

Extraordinarily skilled attackers

Another reason to worry is that the attackers appear to have been extraordinarily skilled and determined.

“The campaign demonstrates top-tier operational tradecraft and resourcing consistent with state-sponsored threat actors,” FireEye said, adding that the breaches appear to date as far back as the spring. “Each of the attacks require meticulous planning and manual interaction.”

Attributing any cyberattack is hard under the best of circumstances and even more challenging when a sophisticated actor works to cover their tracks, as these did. But US officials have tentatively said that the culprit may have links to Russia.

That agents of a foreign government may have been responsible for the breaches is a worrisome sign of not only the attackers’ capabilities, but also their motives. These weren’t opportunistic cyber criminals indiscriminately probing whatever targets they could find in hopes of extorting their victims for a quick payday. These were highly motivated attackers who selected each of their victims for a specific purpose that remains unknown.

“If you compromise somebody’s network for 6 months, there’s a lot of opportunity,” said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, a security think tank. “It’s an amazing coup for the Russians — really impressive.”

Lest anyone think this is just “for the money”, it’s highly unlikely. More likely is a take-down of our government systems and the crippling of commerce, investment and the ability to act.

This is sobering.

I’ve never believed that Americans (or anyone) should always rely upon the stability of the status-quo, because shit happens. The assumption that we’ll always be ok, and that enough safeguards and protections are in place to ensure that we’ll be fine should anything happen is simply false. The pandemic proved just how false those kinds of assumption have been. But there have been many, many other instances that also demonstrated our vulnerability as a people, and as a nation, such as the massive fires that wiped out entire towns, and how disinformation has been used to manipulate an entire nation.

Our vulnerability isn’t just because of bad actors, or incompetence, it generally arises from shortsightedness and carelessness, gradually over time, as individual decisions accumulate into a mountain of poor choices. Eventually, that mountain comes crashing down, overwhelming those who had come to depend upon its assumed protections.

This is definitely one of those cases. Nobody knows what will fail or falter first, but something undoubtedly will. Nobody goes to this much trouble for this long and expend these kinds of enormous resources to just walk away. And even if they did (this time), they’d be back soon enough, fixing their mistakes.

We’re now going to have to be suspicious of everything that is being reported from sources that we used to more or less trust. But that’s not even half of the problem. When trust and communications are compromised like this, how can you have any idea at all what is really going on? How can you make any decisions? Already, this hack has had enormous success on what this will mean for the world going forward. Eroding trust, communications and decision-making will have enormous impacts all by itself, but that’s just the first salvo in this cyber war, no doubt about it, there will be a lot more to come.