Multiple government agencies and Fortune 500 companies have been compromised by Russian hackers for the past 6 to 9 months, according to former Trump Homeland Security Advisor Tom Bossert. According to his NYT op-ed, the cybersecurity firm FireEye, whose customers include the United States government and several fortune 500 companies had been hacked. In addition, SolarWinds, a company that provides security software to thousands of government agencies and companies has also been hacked. The hackers gained access to the software before an update was provided and as many as 18,000 agencies downloaded a corrupted version of the software that includes a backdoor exploit.
Given how long this has been going on, the hackers have likely already gained ‘persistent access’ to the network, not still relying on what got them in the first place. The access they may enjoy could be used for far more than just spying.
The actual and perceived control of so many important networks could easily be used to undermine public and consumer trust in data, written communications and services. In the networks that the Russians control, they have the power to destroy or alter data, and impersonate legitimate people. Domestic and geopolitical tensions could escalate quite easily if they use their access for malign influence and misinformation — both hallmarks of Russian behavior.
Bossert goes on to explain that while directives have been issued to uninstall any compromised software, the damage has already been done. It could take a significant amount of time to just get every single agency on the same page. In 2017, when federal agencies were ordered to remove Kaspersky software for its perceived vulnerabilities, it took over a year. He believes that we have to operate under the assumption that Russians have access to these networks, replace whole clusters of computers, networks, and servers. He also believes that the National Defense Authorization Act must be invoked for the DoD to send in cyber hunters to combat the threat.
The hitch to all of this is, is that he insists that Trump must act in his final month in office. He must move past his grievances and work with the incoming administration to combat this threat. And to that, well, what world have you been living in that you think Trump will suddenly start being an actual leader with a month left in his term?
Bossert himself doesn’t seem to be quite of the same ilk as the rest of the administration. He called for a comprehensive bio-defense strategy against pandemics in 2017, which was swiftly dissolved following John Bolton’s installation as National Security Advisor in 2018. On the other hand, he did get spear-phished by someone claiming to be Jared. But I think he’s mostly on the level.
Welcome to Thursday! Please be excellent to each other in the comments. The Mayor McSquirrel Rule remains in effect. As the protests continue, please be safe, dress non-descriptively, avoid wearing contacts if you wear them normally, and keep your phones on you. As the Covid-19 pandemic continues, please continue to maintain social distancing measures, wear masks in public areas, and practices sanitation policies as circumstances dictate.