U.S. government agencies hacked; Russia a possible culprit
Hackers broke into the networks of federal agencies including the Treasury and Commerce departments in attacks revealed just days after U.S. officials warned that cyber actors linked to the Russian government were exploiting vulnerabilities to target sensitive data. The FBI and the Department of Homeland Security’s cybersecurity arm are investigating what experts and former officials said appeared to be a large-scale penetration of U.S. government agencies. “This can turn into one of the most impactful espionage campaigns on record,” said cybersecurity expert Dmitri Alperovitch. The hacks were revealed just days after a major cybersecurity firm disclosed that foreign government hackers had broken into its network and stolen the company’s own hacking tools. Many experts suspect Russia is responsible for the attack against FireEye, a major cybersecurity player whose customers include federal, state, and local governments and top global corporations. The apparent conduit for the Treasury and Commerce Department hacks — and the FireEye compromise — is a hugely popular piece of server software called SolarWinds. It is used by hundreds of thousands of organizations globally, including most Fortune 500 companies and multiple U.S. government agencies who will now be scrambling to patch up their networks, said Alperovitch, the former chief technical officer of the cybersecurity firm CrowdStrike. The attacks were disclosed less than a week after a National Security Agency advisory warned that Russian government hackers were exploiting vulnerabilities in a system used by the federal government, “allowing the actors access to protected data.” The U.S. government did not publicly identify Russia as the culprit behind the hacks, first reported by Reuters, and said little about who might be responsible. National Security Council spokesperson John Ullyot said in a statement that the government was “taking all necessary steps to identify and remedy any possible issues related to this situation.” The government’s Cybersecurity and Infrastructure Security Agency said separately that it has been working with other agencies “regarding recently discovered activity on government networks. CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises.” President Donald Trump last month fired the director of CISA, Chris Krebs, after Krebs vouched for the integrity of the presidential election and disputed Trump’s claims of widespread electoral fraud. In a tweet Sunday, Krebs said “hacks of this type take exceptional tradecraft and time” and raised the possibility that it had been underway for months. “This thing is still early, I suspect,” Krebs wrote. Federal government agencies have long been attractive targets for foreign hackers. Hackers linked to Russia were able to break into the State Department’s email system in 2014, infecting it so thoroughly that it had to be cut off from the internet while experts worked to eliminate the infestation. Reuters earlier reported that a group backed by a foreign government stole information from Treasury and a Commerce Department agency responsible for deciding internet and telecommunications policy. The Treasury Department deferred comment to the National Security Council. A Commerce Department spokesperson confirmed a “breach in one of our bureaus” and said “we have asked CISA and the FBI to investigate.” The FBI had no immediate comment. The Washington Post reported Sunday, citing three unnamed sources, that the two federal agencies and FireEye were all breached through the SolarWinds network management system. Austin, Texas-based SolarWinds confirmed Sunday in an email to The Associated Press that it has a “potential vulnerability” related to updates released earlier this year to its Orion products, which help organizations monitor their online networks for problems or outages. “We believe that this vulnerability is the result of a highly-sophisticated, targeted, and manual supply chain attack by a nation state,” said SolarWinds CEO Kevin Thompson in a statement. The comprise is critical because SolarWinds would give a hacker “God-mode” access to the network, making everything visible, said Alperovitch. Last Tuesday, FireEye said that foreign government hackers with “world-class capabilities” broke into its network and stole offensive tools it uses to probe the defenses of its thousands of customers. Those customers include federal, state, and local governments and top global corporations. The hackers “primarily sought information related to certain government customers,” FireEye CEO Kevin Mandia said in a statement, without naming them. He said there was no indication they got customer information from the company’s consulting or breach-response businesses or threat-intelligence data it collects. Former NSA hacker Jake Williams said it seemed clear that both the Treasury Department and FireEye were hacked using the same vulnerability. “The timing of the release here is, I think, not at all a coincidence,” said Williams, the president of the cybersecurity firm Rendition Infosec. He said FireEye surely told the FBI and other federal partners how it had been hacked and they determined that Treasury had been similarly compromised. “I suspect that there’s a number of other (federal) agencies we’re going to hear from this week that have also been hit,” Williams added. FireEye responded to the Sony and Equifax data breaches and helped Saudi Arabia thwart an oil industry cyberattack — and has played a key role in identifying Russia as the protagonist in numerous aggressions in the burgeoning netherworld of global digital conflict. Neither Mandia nor a FireEye spokesperson said when the company detected the hack or who might be responsible. But many in the cybersecurity community suspect Russia. Republished with the permission of the Associated Press.
Donald Trump hails border wall start, but it’s not quite true
President Donald Trump hailed the start of his long-sought southern border wall this past week, proudly tweeting photos of the “WALL!” Actually, no new work got underway. The photos showed the continuation of an old project to replace two miles of existing barrier. And on Saturday, he ripped Amazon with a shaky claim that its contract with the post office is a “scam.” Trump and his officials departed from reality on a variety of subjects in recent days: the census, Amazon’s practices and the makeup of the Supreme Court among them. Here’s a look at some statements and their veracity: TRUMP: “Great briefing this afternoon on the start of our Southern Border WALL!” — tweet Wednesday, showing photos of workers building a fence. TRUMP: “We’re going to be starting work, literally, on Monday, on not only some new wall — not enough, but we’re working that very quickly — but also fixing existing walls and existing acceptable fences.” — Trump, speaking the previous week after signing a bill financing the government. THE FACTS: Trump’s wrong. No new work began on Monday or any other time this past week. And the photos Trump tweeted were misleading. They showed work that’s been going on for more than a month on a small border wall replacement project in Calexico, California, that has nothing to do with the federal budget he signed into law last week. The Calexico project that began Feb. 21 to replace a little more than 2 miles (3.2 kilometers) of border wall was financed during the 2017 budget year. A barrier built in the 1990s mainly from recycled metal scraps is being torn down and replaced with bollard-style barriers that are 30 feet (9.1 meters) high. Ronald D. Vitiello, acting deputy commissioner of U.S. Customs and Border Protection, defended the president’s statements, saying Friday “there’s construction” underway. TRUMP: “If the P.O. ‘increased its parcel rates, Amazon’s shipping costs would rise by $2.6 Billion.’ This Post Office scam must stop. Amazon must pay real costs (and taxes) now!” — tweet Saturday. TRUMP: “I have stated my concerns with Amazon long before the Election. Unlike others, they pay little or no taxes to state & local governments, use our Postal System as their Delivery Boy (causing tremendous loss to the U.S.), and are putting many thousands of retailers out of business!” — tweet Thursday. THE FACTS: Trump is misrepresenting Amazon’s record on taxes, the U.S. Postal Service’s financial situation and the contract that has the post office deliver some Amazon orders. Federal regulators have found that contract to be profitable for the Postal Service. People who buy products sold by Amazon pay sales tax in all states that have a sales tax. Not all third-party vendors using Amazon collect it, however. As for the post office, package delivery has been a bright spot for a service that’s lost money for 11 straight years. The losses are mostly due to pension and health care costs — not the business deal for the Postal Service to deliver packages for Amazon. Boosted by e-commerce, the Postal Service has enjoyed double-digit increases in revenue from delivering packages, but that hasn’t been enough to offset declines in first-class letters and marketing mail, which together make up more than two-thirds of postal revenue. While the Postal Service’s losses can’t be attributed to its package business, Trump’s claim that it could get more bang for its buck may not be entirely far-fetched. A 2017 analysis by Citigroup concluded that the Postal Service was charging below-market rates as a whole for parcels. The post office does not use taxpayer money for its operations. Trump is upset about Amazon because its owner, Jeff Bezos, owns The Washington Post, one of the targets of his “fake news” tweets. TRUMP: “Because of the $700 & $716 Billion Dollars gotten to rebuild our Military, many jobs are created and our Military is again rich. Building a great Border Wall, with drugs (poison) and enemy combatants pouring into our Country, is all about National Defense. Build WALL through M!” — tweets Sunday and Monday. THE FACTS: Trump is floating the idea of using “M″ — the Pentagon’s military budget — to pay for his wall with Mexico. Such a move would almost certainly require approval from Congress and there’s plenty of reason to be skeptical about the notion of diverting military money for this purpose. Only Congress has the power under the Constitution to determine federal appropriations, leaving the Trump administration little authority to shift money without lawmakers’ approval. Pentagon spokesman Chris Sherwood referred all questions on the wall to the White House. Spokeswoman Sarah Huckabee Sanders declined to reveal specifics, but said Trump would work with the White House counsel to make sure any action taken was within his executive authority. DAVID SHULKIN, citing reasons Trump fired him as veterans affairs secretary: “I have been falsely accused of things by people who wanted me out of the way. But despite these politically based attacks on me and my family’s character, I am proud of my record and know that I acted with the utmost integrity.” — op-ed Thursday in The New York Times. THE FACTS: His statement that he and his family were subjected to politically based attacks is disingenuous, though politics contributed to his dismissal. White House support for Shulkin eroded after a blistering report in February by VA’s internal watchdog, a non-partisan office. The inspector general’s office concluded that he had violated ethics rules by accepting free Wimbledon tennis tickets. The inspector general also said Shulkin’s chief of staff had doctored emails to justify bringing the secretary’s wife to Europe with him at taxpayer expense. It is true, though, that Shulkin had encountered resistance from about a half-dozen political appointees at the VA and White House who rebelled against him. In an extraordinary telephone call, John Ullyot, a top communications aide, and VA spokesman Curt Cashour asked the Republican staff director of the House Veterans Affairs Committee to push for Shulkin’s
