Investigations are continuing in the USA and UK into the major cyber hack, now identified as coming from Russia, into services provided by the SolarWind IT company. The attack on SolarWind, which has many clients in the UK, began last March, but may be part of a cyber offensive planned for years according to US government intelligence services.
“The more we learn about the recent hack into dozens of America’s most critical computer networks,” America’s leading strategic commentator Fareed Zakaria writes in the Washington Post, “the more it becomes clear that it is massive, unprecedented and crippling.”
Alex Stamos of Stanford says, “it is one of the most hacking campaigns in history.” David E Sanger of the New York Times, a noted author on cyber combat, describes it as “among the greatest intelligence failures of modern times.”
Britain is a target of this major attack, believed to have been launched from the IRA – Internet Research Agency – also known as the ‘troll factory,’ in Russia. IRA was sponsored by a key Putin consigliere Yevgeny Prigozhin, who made his fortune with the Concord Catering Company. He also established the Wagner private military company – supplier of mercenaries – now deployed across the Middle East.
The US federal government has just revealed that the Department of Energy’s computers have been affected by malware introduced through the hacking of SolarWinds software. The first departments to reveal they had been hit were the US Treasury and Commerce Departments followed by Homeland Security. It is now feared that the attack has got into the Drug Enforcement Agency and US departments dealing with Covid and its vaccines.
In the UK the official response has been muted, to put it mildly. On Monday during a virtual conference Jeremy Fleming heady of the Intelligence Surveillance centre at GCHQ admitted the attack was “extremely serious.” He would not go further, because they were still investigating how far the attack had gone. GCHQ heads the National Cyber Services Centre. They also run the new Cyber Force, announced last month by Boris Johnson, which they share with the Strategic Forces Command of the Armed Forces.
A source at Strategic Forces briefed me this week that they didn’t know the extent of the attack, nor if and how defence and military cyber and communications networks were affected , if at all.
Today the NCSC media office issued a brief statement : “We are continuing to investigate this incident and have produced guidance to SolarWinds’ Orion suite customers.
“While it is important to note this issue has only been reported for the Orion product suite and will therefore not impact all SolarWinds customers, we strongly urge those who are affected follow our guidance.”
SolarWinds tried to lower the temperature by reporting that they thought only 18,000 of some 350,000 customers may have been affected by the breach in the Orion programme. However, Microsoft has revealed that of the 18,000 only about .2 per cent of customers appear to have heeded the warning and taken action to isolate the malware, by setting firewalls and closing to external users.
The hack only became public when FireEye , which provides malware protection systems to a range of commercial , NGO and government customers in the US and UK, revealed that it has been breached by ‘a nation state.’ Anti-hacking tools had been stolen – which allowed the malware to get into the supply chain of anti-virus and anti-hacking tools. FireEye suspected a widespread attack on Federal departments and agencies.
The new hack, which has been running for nine months now, is now believed to be the work of the S.V.R. – one of Russia’s most sophisticated spying and surveillance agencies and a successor in this to the KGB. The attack appears to have bene prepared at the beginning of the run-in to the US presidential election. Donald Trump has always played down the role of Russian cyber surveillance and hacking in the 2106 campaign, and has so far made no comment about the current breach, despite its gravity.
It comes in a general free-for-all of hacking of agencies and suppliers involved in the monitoring, cure and offer of vaccines for Covid-19. China is known to have been running a massive disinformation campaign and hacking details of research and vaccines. The Oxford AstraZeneca vaccine is known to have been targeted by Russia. Today the Financial Times reveals a massive trade in illegally purloined vaccines, mostly from China, on the Dark Web. Some are being offered at $750 for each shot.
The UK’s responses so far have been almost sotto voce. In his annual end of year address the head of the Armed Forces, General Sir Nick Carter, warned this week of the growing state of ‘cyber conflict’ , with Russia, China, North Korea and Iran as the leading national sponsors of aggressive hacking campaigns. North Korea is now believed to have sponsored the WannaCry hack of three years ago that hit 42 hospital trusts – destroying 18,000 NHS appointments. With the hack on TalkTalk, it is one of the most effective and serious cyber assaults on the UK. The SolarWinds Orion offensive is potentially much worse.
Part of the reticence is because the creation of the new anti cyber agencies, of which the 3,000 strong new Cyber Force is in the lead, is very much at an early stage. A range of agencies for Cyber operations and a Space Command, mainly to run satellite communications, targeting and surveillance, are still in a ‘work in progress’ stage. The Army has 77 Information Operations Brigade. But so far, according to published reports, one of their main contributions in the present crisis is to target the anti-vaccination ‘AntiVaxx’ campaigners and propaganda.
More is to be revealed about the Cyber and Space forces, their responsibilities and capabilities, with the publication of the Integrated Review on UK Defence, Intelligence, Foreign Policy, and Strategy, which is now promised ‘sometime soon.’ Boris Johnson and his former strategy guru Dominic Cummings, had dreamed of setting up an equivalent of Israel’s Cyber Intelligence ( formerly Military Intelligence) Unit 8200 – one of the world’s elite cyber and intelligence forces. 8200 has been in existence for nearly 70 years – and it’s is going to be hard for the UK to build up such expertise, combined with a powerful ethos, in short order.
Unit 8200 appears to have been the main command operator in the assassination of Iran’s top nuclear weapons scientist Mohsen Fakhrizadeh last month. But this month it is hard put to tackle a major cyber assault , identified as being from Iran, on some 80 Israeli companies. The attack is being led by a group called Pay2Key. Alerting Israelis to the hack, Segev Moyal of the cybersecurity firm Profero tweeted, “Winter is coming.”
Immediately Pay2Key cheeked its response by changing its Twitter handle to ‘Winter is Coming,’ signaling that battle is joined.
The UK is on notice to toughen up its cyber services from battlefield to boardroom. “The Integrated Review looks like a list of headlines and aspirations,” a defence consultant who had seen some drafts told me this week, “They now must put real substance into these services.”
The warnings about the latest attack on SolarWinds couldn’t be plainer. “The magnitude of this ongoing attack is hard to overstate,” Thomas Bossert, former Homeland Security Adviser to Donald Trump, wrote two days ago in The New York Times. “It will take years to know for certain which networks the Russians control, and which ones they just occupy.”