US agencies, companies secure networks after huge hack

U.S. government ncies and private companies rushed to secure ir computer networks following disclosure of a sophisticated and long-running cyber-espion intrusion suspected of being carried out by Russian hackers. full extent of dam is t yet clear. But potential threat was significant eugh that Department of Homeland Security's cybersecurity unit on Monday directed all federal ncies to remove compromised network manment software and thousands of companies were expected to do same.

What was striking about operation was its potential scope as well as manner in which perpetrators mand to pierce cyber defenses and gain access to email and internal files at Treasury and Commerce departments and potentially elsewhere. intrusion was stark evidence of vulnerability of even supposedly secure government networks, even after well-kwn previous attacks.

“It's a reminder that offense is easier than defense and we still have a lot of work to do,” said Suzanne Spaulding, a former U.S. cybersecurity official who is w a senior viser at Center for Strategic and International Studies.

identity of perpetrator remained unclear. A U.S. official, speaking on condition of anymity because of an ongoing investigation, told Associated Press on Monday that Russian hackers are suspected. Washington Post, citing unnamed sources, said attack was carried out by Russian government hackers who go by nicknames APT29 or Cozy Bear and are part of that nation's foreign intelligence service.

intrusion came to light after a prominent cybersecurity firm, FireEye, learned it h been breached and alerted that foreign governments and major corporations were also compromised. company did t say who it suspected, though many experts believed Russia was responsible given level of skill involved. U.S. authorities ackwledged that federal ncies were affected by breach on Sunday, providing few details.

Cybersecurity and Infrastructure Security ncy, kwn as CISA, said in an unusual directive that widely used network software SolarWinds h been compromised and should be removed from any system using it. national cybersecurity ncies of Britain and Ireland issued similar alerts.

SolarWinds is used by hundreds of thousands of organizations around world, including most Fortune 500 companies and multiple U.S. federal ncies. perpetrators were able to embed malware in a security update issued by company, based in Austin, Texas. Once inside, y could impersonate system ministrators and have total access to infected networks, experts said.

“Quite honestly, my heart sank when I saw some of details, just amount of information y could potentially have if y are reing everyone's emails and y are accessing sensitive files within places like Treasury or Commerce,” said Ben Johnson, a former National Security ncy cyber-engineer who is w chief techlogy officer of software security firm Obsidian.

National Security Council spokesman John Ullyot said Monday that Trump ministration was working with CISA, U.S. intelligence ncies, FBI and government departments affected by intrusion to coordinate a response. “It's obviously incredibly significant and widespre,” said Chris Painter, who coordinated cyber-policy at State Department during Obama ministration.

“How much was compromised? How much was exfiltrated? re are lots of open questions w.” Kremlin spokesman Dmitry Peskov said Monday that Russia h “thing to do with” hack.

“Once again, I can reject se accusations,” Peskov told reporters.

“If for many months Americans couldn't do anything about it, n, probably, one shouldn't unfoundedly blame Russians for everything.” Federal ncies have long been attractive targets for foreign hackers looking to gain insight into American government personnel and policymaking. Hackers linked to Russia, for instance, were able to break into State Department's email system in 2014, infecting it so thoroughly that it h to be cut off from internet while experts worked to eliminate infestation.

A year later, a hack at U.S. government's personnel office blamed on China compromised personal information of some 22 million current, former and prospective federal employees, including highly sensitive data such as background investigations. Cybersecurity experts said nature and level of trecraft involved in this latest effort suggest a foreign nation. Many have pointed out that goal of months-long effort appeared to be espion and t information that could be quickly used for profit or to simply inflict dam.

Russia was most likely culprit, though China and perhaps ors are potential candidates. In terms of scale alone, operation seems similar to Office of Personnel Manment hack that authorities suspect was carried out by Chinese government, said Ben Buchanan, a Georgetown University cyber-espion expert. “ operational trecraft — how hack was carried out seems to have been extremely good. se operators are experienced and capable, ept at finding a systemic weakness and n exploiting it quietly for months,” said Buchanan, author of “ Hacker and State.” Members of Congress were pressing government for more information. 

(Im Credits: AP)