The U.S. government was lucky this time. According to reports, this hack had the hallmarks of a long-term espionage mission, designed for infiltrating and monitoring secret communications, not causing mayhem. While the hackers had potentially huge, world-spanning access, the attack was focused on gaining access to certain entities, such as FireEye and the Treasury Department, at the heart of the intelligence-industrial complex. The hack highlights the government’s and industry’s vulnerability to supply-chain attacks, where hackers target some of the many systems and vendors powering government networks. As Microsoft noted in a security advisory, the attackers, by gaining a small foothold in SolarWinds’ Orion software, could then gain administrative privileges allowing them to impersonate any user. (Microsoft has updated its Windows anti-virus program to account for the SolarWinds vulnerability.)
This attack is only the latest volley in an ongoing war that has already caused real damage. The New York Times recently reported on a wave of Russian ransomware attacks targeting hospital computer systems that left cancer patients unable to schedule treatments. Especially during a pandemic, the United States can’t afford to have its essential infrastructure compromised. For the last few years, members of the foreign policy establishment have floated the idea of a global cybersecurity treaty, perhaps built on previous arms and cybercrime agreements. Getting some of the world’s most prolific cyber-espionage actors—Russia, Israel, China, Iran, North Korea, even France—to commit to such an agreement would be difficult. Enforcement would be even harder. But it’s a necessary effort.
The U.S., which has refused to sign a range of international agreements, from the International Criminal Court authorization to bans on cluster munitions, may be the toughest of all to bring aboard. For all the hysteria about Russian cyber intrusions, the truth is that the U.S., through its own widespread, clandestine hacking operations, has as much or more visibility into the systems of its adversaries. In recent years, Russia has proposed more cooperation on cyber matters with the U.S., and the U.S. has refused. In September, echoing the Obama-era “reset” in overall relations, President Vladimir Putin called for a “reboot” in the U.S.-Russia cyber relationship. He specifically cited Cold War arms control agreements as a model.
The Link LonkDecember 15, 2020 at 02:00AM
https://newrepublic.com/article/160550/solarwinds-treasury-government-hacked-russia
It's Too Easy to Hack the U.S. Government - The New Republic
https://news.google.com/search?q=easy&hl=en-US&gl=US&ceid=US:en
No comments:
Post a Comment