The US government is confronted with the Violations data that occurred at top federal agencies following a hacking campaign behind which appears to be the Russia.
Investigators are trying to determine the extent to which the government has been affected by the security incident and the damage that has been done.
It is worth noting that cybersecurity experts are expressing strong concern about the hacking of the US government, with some even describing it as a wake-up call.
On 13 December, the Department of Commerce discovered it had been hit by a data breach after Reuters first reported that hackers compromised the service through the third-party software vendor SolarWinds.
New evidence of hacking is constantly being revealed attack, demonstrating that the size of the breach is much larger than originally estimated. Up to 18,000 SolarWinds customers - out of 300,000 - may be using software containing the vulnerability that allowed the invaders to infiltrate the Ministry of Commerce.
The massive hacking attack revealed this week on the US government has security experts worried. In particular, they are concerned about who was targeted, but also about who is behind it.
One reason why the attack is of such concern is who may have been the victim of the spying campaign. At least two US agencies have so far confirmed that they have been breached: The Department of Commerce and the Department of Agriculture. The cybersecurity division of the Department of Homeland Security was also breached.
However, the actual number of victims is estimated to be much higher, raising concerns that the U.S. military, the White House or public health agencies responding to the pandemic of COVID-19 may also have been targeted. The Department of Justice, the National Security Agency and the US Postal Service have also been cited by security experts as possible victims.
All federal civilian agencies have been asked to review their systems in an emergency directive from DHS officials.
Among the victims of the attack is the cybersecurity company FireEye, who said that companies across the wider economy are also vulnerable to espionage. The software vulnerability that enabled the spying has been found in the technology and telecommunications industry, as well as in consulting and energy companies, according to FireEye.
Security experts say this is just the beginning. In the coming days, we may learn that many more companies and services have been compromised than those reported so far, and it is still unknown what information may have been lost or stolen.
Another cause for concern is that the attackers appear to have been highly skilled and determined. The possibility that agents of a foreign government may be responsible for the violations is a worrying sign not only of the capabilities of the attackers, but also of their motives. These cybercriminals selected each of their victims for a specific purpose that remains as yet unknown.
A third cause for concern is the unusual and creative way in which the attackers carried out their operation: the initial attack was in the form of legitimate software updates issued by SolarWinds. By otherwise enabling trusted software updates, the attackers cleverly exploited the normal and recommended best practice of updating software. Thousands of companies and government agencies could thus have been exposed simply for doing the right thing.
Once they arrived at a target, attackers would wait patiently until they had collected enough data on authorised users to forge them, which would allow hackers to move, even for months, around a victim's network without being detected.
The degree of access the hackers gained, as well as the length of time they were able to collect information, may result in this "far worse cyberattack than the breach of the Office of Personnel Management" that the U.S. government disclosed in 2015, said Jamie Barnett, a retired admiral and senior vice president of the cybersecurity firm "RigNet". This breach, attributed to Chinese hackers, resulted in the theft of large amounts of personal data of millions of federal employees and security clearance applicants.
The increasing frequency and intensity of activity by hackers sponsored by state governments has led cybersecurity leaders to call for a global cyber treaty. For example, the president of the Microsoft, Brad Smith, said the following at an event held Tuesday by the Ronald Reagan Foundation and Institute: "We need a set of binding rules. The world's democracies should ensure that their citizens are not at risk of cyber-attacks."
Many experts also express concern about the increasing reliance of many businesses on third-party vendors, noting that society may be making it a little too easy to access or share data, particularly in the context of the pandemic that a large percentage of people are resorting to remote working.
