A few months ago, America became the target of a major cyber attack. According to the assessments of the representatives of the security services, the traces of the perpetrators of the attack point to Russia. While the country’s leading technology companies are still assessing the damage and possible consequences, American politicians and citizens are demanding tough action from the Biden administration.
But while some Americans are calling the attack “digital Pearl Harbor,” the world has learned of another cybercrime: the personal information of more than 500 million users has been stolen from Facebook. As it turns out, the breakthrough is related to the fact that happened in 2019, which, according to the company, was soon corrected, although “Facebook” was not unknown to users at the time.
The primary reason for such a targeted attack was probably to stay in the shadows. The fewer targets, the less likely they are to be exposed and the longer you can continue this operation,
Representatives of “Facebook” claim that there is nothing in the leaked data that was revealed after this 2019 incident. But the company came under fire precisely because, along with the problem of protecting consumers’ information, it did not provide proper information about their breach in a timely manner. U.S. lawmakers, who have repeatedly raised the issue of corporate accountability for data disclosure / theft / disclosure in the digital world in recent years, are now particularly critical of Facebook.
In the wake of these events, the United States has not stopped discussing the recent large-scale, well-organized attack associated with a foreign power.
“We know that the attack poses the greatest risk to our national security. “It was carefully planned and carefully orchestrated,” said President-elect Joe Biden shortly after the attack.
And now the intelligence services already know that during the attack, hackers gained access to 18,000 companies with confidential information, including Microsoft. They have also infiltrated dozens of secret systems of the US government at various levels, affecting in particular many government agencies. Including the U.S. Department of Energy, which oversees the National Nuclear Safety Agency. Investigative and security services conclude that traces of this attack go to Moscow.
“They have limited and targeted two types of organizations – government and cyber security companies,” said Dmitry Alperovich, a defense adviser and cybersecurity and foreign policy specialist. “Dozens of different government agencies were targeted, including the Treasury and Justice Departments, and several other agencies from which the Russians are expected to steal information. The second type of target was cyber security companies such as FireEye, Microsoft and others. “They could infiltrate these networks and steal valuable information that would help them to attack other users of these companies, especially again against government agencies,” – said the expert.
At the center of the cyber-attack was Texas-based system software management company SolarWinds. The “slow-acting digital mine” sent as an update to the system was spotted by private cybersecurity company FireEye and notified to the US government. However, it was not required by law to do so, and private companies cooperated voluntarily with the US government.
Through the efforts of the perpetrators of the attack, it became possible to Leaving the “back exits” in the network of at least one hundred American companies, government agencies or non-governmental organizations. This means that the attacker has long access to these networks or information. The companies say it all likely lasted all year until a breakthrough was discovered.
We can not oppose new types of conflicts with the measures used in the 20th or 19th century. The old tactics against Russia are no longer effective.
The company SolarWinds and Microsoft, whose security networks have become one of the targets of the attack, consider the actions very subtle. Many describe the attack as an “unacceptable failure.” Some argue that it is obvious that the role of the state in cyber security of the private sector should be increased and that the private and public sectors should cooperate on cyber-threats. Top US officials have described it as a “virtual invasion”. Some even say that the scale of the attack “can be described as war”, for them it is “digital Pearl Harbor”, and some analysts see it as a form of espionage.
So far there is no evidence that any data was changed or deleted as a result of the attack, or that this resulted in physical damage or destruction as a result. The heads of the affected companies testified before the senators last month. They told intelligence officials that they were still trying to assess the damage and that the cyber-attack was bigger and more dangerous than the initial estimates showed.
Dmitry Alperovich says that this attack was different from the attacks of previous years, in the last stage it was more subtle and narrowly targeted. The reason for this, in his opinion, was not benevolence, but pragmatic opinions:
“Probably the first reason for such a targeted attack was to stay in the shadows. The fewer the target, the less likely it is to be exposed and the longer you can continue this operation. I am sure that was the main motivation, “said the expert.
The head of the Central Security Service, Gen. Paul Nakason, has told U.S. lawmakers that the controversy in the digital realm is moving to new levels, the tactics of U.S. adversaries are refining, though they are finally clear and the key is readiness and appropriate response:
“The cybersecurity environment has changed significantly over the last 10 years. Opponents are showing that their perceptions of reasonable risk have changed. They are using malicious actions in cyberspace on a larger scale and sophistication. They want to attack US cyberspace to escalate armed conflict. “Cyber-leadership must continue to adapt, innovate, work with partners and succeed against such rivals,” the general said, although Russian and Chinese officials have denied any involvement in the attack.
“European states agree that this is a violation of international law and sovereignty,” said James Andrew Lewis, senior vice president at the Center for Strategic and International Studies and director of the Strategic Technology Program. According to him, “new types of conflicts” can not be countered by the measures used in the twentieth or nineteenth century. “The old tactics are no longer effective against Russia,” said James Lewis.
“There is a normative framework based on international law and the concept of sovereignty, but Russia and China do not pay attention to it. How do we change this? “Perhaps, as my European counterpart said, we should stop talking about restraint and start talking about accountability,” said Lewis, adding that despite their desire to protect Internet freedom, democracies should not be left to their own devices.
The focus of the debate right now is on what the response and consequences will be for the alleged perpetrators of the attack. At the same time, however, experts are assessing this crime in the context of recent experience. Dmitry Alperovich says one of the reasons for the Solariunds’ attack was the 2014-15 invasion of the White House, the Pentagon and the State Department.
“We tried to respond, to drive the Russians out of these networks, and to understand how they were able to manage such a successful attack. Finally, when you analyze the results of this operation. It was actually a failure. Because they were exposed very quickly. “It was a very noisy operation, a traditional hacking attack, when they send emails to lots, hundreds of people inside the organization and want at least one person to mistakenly open the message and let them into the network,” said the expert.
However, sending such and so many emails also checked the alarm calls. As soon as this happened, the US government knew it had been targeted and did not hesitate to respond: in a few weeks, the Russians would no longer have access to these networks.
“If their goal was to penetrate these networks and stay there for months and use them like the traditional intelligence field, they would not have succeeded. Usually in reality they are so called. “Illegals (unofficial intelligence officers) are being sent with fake identities to live among us and get close to influential people, to get information from them, this is their preferred method of intelligence, and if they try to repeat it in cyberspace in 2014-15, it will end in mass failure.” Alperovich and thinks that the recent attack was just an attempt to improve the previous attack.
“It seems at this time that the idea of using a digital security network, where you can damage a critical supply chain component like Solar Winds and others, came up with an operation that is difficult to detect and you hope to stay in that network for a very, very long time. I think the attack of 2014-15 led us to the attack of “Solaruinds” and a new approach. To the extent that it is a “new normal being.” “Perhaps in the future they will learn lessons from this as well, and it is unlikely that this will be their last attempt,” said the cyber security specialist.
Calls for accountability are heard in parallel with the investigation. Lawmakers are urging the White House to do everything possible to take action against those responsible for the attack. The Biden administration says a response to the attack will be forthcoming. Presumably in the form of executive orders. At the same time, members of the administration say, in the coming weeks, they will also present the technologies through which obsolete systems in federal government agencies should be upgraded.
Returning from the NATO ministerial, the secretary of state said that the Western allies are watching Moscow’s harmful actions and want to hold the Kremlin accountable. “We will take the necessary steps to protect our interests,” he told the media, adding that “there will be consequences and consequences” for the Russians for their allegedly harmful actions against the United States. According to him, officials are now discussing what sanctions or steps Washington may take against Moscow, and consultations are underway with NATO members. “We are stronger when we do it in a coordinated way,” the country’s first diplomat explained.