Gen. Paul Nakasone, the National Security Agency director, told NPR ahead of the 2020 elections that the U.S. was "going to expand our insights of our adversaries. ... We're going to know our adversaries better than they know themselves." Chip Somodevilla/Getty Images hide caption
Gen. Paul Nakasone, the National Security Agency director, told NPR ahead of the 2020 elections that the U.S. was "going to expand our insights of our adversaries. ... We're going to know our adversaries better than they know themselves."
Back in November, Kevin Mandia, CEO of the cybersecurity firm FireEye, opened his mailbox to find an anonymous postcard. It had a simple cartoon on the front. "Hey look, Russians," it read. "Putin did it."
He might not have given it a second thought were it not for one thing: His company had recently launched an internal security investigation after officials discovered someone had tried to register an unauthorized device into its network. That inquiry eventually led to the discovery of something even more worrisome: the breach of a Texas-based network monitoring company called SolarWinds.
U.S. officials now believe that hackers with Russia's intelligence service, the SVR, found a way to piggyback onto one of SolarWinds' regular software updates and slip undetected into its clients' networks. That means potentially thousands of companies and dozens of government departments and agencies may have been compromised.
President Biden was concerned enough about the attack that he brought it up in his first official call as president on Tuesday with his Russian counterpart, Vladimir Putin. It is unclear how Putin responded, but Russia has denied involvement in the past.
"We'll be poised to act"
A little over a year ago, the head of U.S. Cyber Command and the NSA, Gen. Paul Nakasone, began to talk openly about America's cyber operations and something he called "defend forward." The strategy is aimed at going toe-to-toe with adversaries in their networks instead of waiting for them to come and hack Americans here at home.
"Defend forward is a DOD strategy that looks outside of the United States," Nakasone told NPR as Cyber Command prepared for the 2020 elections. To impact adversaries, he said, the U.S. was "going to expand our insights of our adversaries. ... We're going to know our adversaries better than they know themselves. ... We're going to harden our defenses and ... we'll be poised to act."
At the time, the decision to talk about American cyber forces seemed like a classic deterrence strategy. Traditionally the NSA's mission was kept secret; Nakasone broke from that partly to assure Americans months before the 2020 elections that Cyber Command was prepared to defend U.S. networks while at the same time making clear to adversaries that U.S. cyber operators were primed.
Then Nakasone went a step further. He revealed in an NPR story large portions of Operation Glowing Symphony, an offensive cyber campaign the U.S. launched against ISIS that went a long way toward hobbling the terrorist organization's media and recruitment operation. If Russia were wondering just how skillful U.S. cyber operators were, Nakasone appeared to be saying, here's a little preview.
"It's a little bit different in cyberspace," Nakasone said at the time, "because you have foes that can come and go very, very quickly. They can buy infrastructure, they can develop their capabilities, they can conduct attacks. And what you have to do, from what I've learned, is you have to be persistent with that, and making sure that whenever they do that type of thing, you're going to be there and you're going to impact them."
In that spirit of low-grade confrontation, a few weeks before Americans cast their ballots in the 2020 election, NSA operators gave their Russian counterparts a little tweak: They sent individualized emails to specific Russian hackers, just to let them know U.S. cyber forces had their eye on them. It was an electronic version, in a sense, of that postcard that went to FireEye's Mandia.
Did Nakasone's discussion of U.S. cyber capabilities inspire Russian hackers to do something epic just to prove they could? Kiersten Todt, managing director of the Cyber Readiness Institute, said that while that might have played a small role, Russian cyber forces hardly needed an excuse to try their hand at compromising American networks.
"I think the Russians are emboldened to work against us and come after us for lots of reasons," she said. "And not the least of which could be us saying, 'Hey we're going to, you know, have a secure and safe 2020 election,' that would inspire them to say, 'Oh, no you're not, and while you are focusing on the election, we're actually going to come into your networks.' "
And that's what SolarWinds did it gave them entree into a roster of networks so they could look around to see what they could find. Even without any prodding from Nakasone, cybersecurity experts say, it was inevitable a supply chain hack such as this would happen.
The next-generation hack
There was a simpler version of this kind of breach back in 2013 when criminal hackers, not nation-states, got into the electronic registers at Target Corp. and stole credit card information. The theft made national news, and, for many Americans, it was an early harbinger of how hacking could affect them directly.
It turns out, the hackers didn't compromise Target's network that was too hard. Instead, they cracked into the network of the company that serviced Target's heating, ventilation and air conditioning system and stole its credentials, which allowed them to roam around Target's system unnoticed.
The HVAC contractor was part of the store's vast supply chain. Experts say we should see the SolarWinds hack as a more sophisticated version of that. Breaking into the Treasury Department is too hard, so the intruders found a comparatively easier mark a company whose job it is to monitor the very networks that were compromised.
With the SolarWinds breach, hackers have made clear that something doomcasters have been warning about for years has finally arrived. If adversaries pick the right contractor to hack, everyone that company works with is potentially vulnerable, too, said Richard Bejtlich, a former military intelligence officer who is now the principal security strategist at Corelight, a cybersecurity firm.
"If you were one of those organizations that had enough money to say, 'We want to have inventory management, we wanted to have network management, let's go with SolarWinds,' well, suddenly, that's opened you up to a whole new set of problems," he said.
That's why this is called a supply chain hack.
Bejtlich expects that in the coming weeks more companies will come forward and disclose they were part of this hack, too. So far the tally includes not just SolarWinds but also Microsoft and a cybersecurity firm called Malwarebytes. The NSA and U.S. Cyber Command haven't said anything about the attack publicly and declined to comment for this article.
They are part of a roster of intelligence officials still trying to assess the damage. Cyber officials told NPR that the investigation is in its earliest stages, but what they have determined so far is that to launch the attack and not be noticed, the SolarWinds breach had to have been planned long in advance. They said that likely hundreds of Russian software engineers and hackers were involved and that they spent time in the various networks for at least nine months before FireEye and later Microsoft discovered the breach.
"We think they were surprised it worked so well," one source who is helping trace the damage told NPR. He declined to be identified further because he is not authorized to speak about what they are discovering. "We think that once they got into SolarWinds and were inside their clients' network they had trouble deciding where to go next. It was successful beyond their wildest imaginations, and they didn't have enough people to work it all."
Biden has asked his new national security team for an assessment of the SolarWinds attack. He wants to know how it happened, how far it went and how to fix it. These kinds of reviews are standard operating procedure when administrations change hands.
Among the questions officials will try to answer is whether the SolarWinds hack was a straightforward espionage operation or something more sinister. Were the hackers just looking for information, or have they inserted backdoors into systems across the country that could allow them to turn things off, or change information with just a couple of keystrokes?
Another thing investigators would like to know: whether the hackers themselves sent that postcard to FireEye's Mandia.
Read the rest here:
NSA Warned Russia to Stay Out Of 2020 Election And Got SolarWinds Hack Instead - NPR
- WikiLeaks' Julian Assange: NSA critics got lucky because agency had no PR strategy - April 26th, 2014 [April 26th, 2014]
- National Speakers Association New Jersey Chapter NSA - April 26th, 2014 [April 26th, 2014]
- National Security Agency - Wikipedia, the free encyclopedia - April 26th, 2014 [April 26th, 2014]
- NSA - Satu Hari Di Bulan Juni (TULUS) (COVER) - Video - April 26th, 2014 [April 26th, 2014]
- Hong Kong: Protesters blow whistles for NSA whistle blower - Video - April 26th, 2014 [April 26th, 2014]
- An Inside Look at the NSA With Whistleblower William Binney (Part 2 of 2) - Video - April 26th, 2014 [April 26th, 2014]
- UK: China will offer fig leaves to US exposed by NSA leaker - Assange - Video - April 26th, 2014 [April 26th, 2014]
- NSA ~ (Autodidactism) Whistleblowing - Video - April 27th, 2014 [April 27th, 2014]
- Dropping #NSA Knowledge Like a Clumsy Librarian - Video - April 27th, 2014 [April 27th, 2014]
- Full Show: Disband The NSA or; Corruption in the Capitol FO SHIZZLE {aTV002} - Video - April 27th, 2014 [April 27th, 2014]
- NSA DOCUMENTARY SIX YEARS BEFORE SNOWDEN - Video - April 27th, 2014 [April 27th, 2014]
- ShmooCon 2014: The NSA: Capabilities and Countermeasures - Video - April 27th, 2014 [April 27th, 2014]
- NSA Knew Of Heartbleed Bug, Refused To Protect Americans - Video - April 27th, 2014 [April 27th, 2014]
- Former NSA Head To Become Columnist For Conservative Paper To Discuss Intelligence - Video - April 27th, 2014 [April 27th, 2014]
- An Inside Look at the NSA With Whistleblower William Binney (Part 1 of 2) - Video - April 27th, 2014 [April 27th, 2014]
- Keynote Address by Shri Shivshankar Menon, NSA at International Seminar on Kautilya - Video - April 27th, 2014 [April 27th, 2014]
- NSA Wiretapping: A 4th Amendment Violation?: Blake Norvell at TEDxSMU - Video - April 27th, 2014 [April 27th, 2014]
- Hang with Rand: Email Privacy, NSA Spying, and Defending Our Civil Liberties - Video - April 27th, 2014 [April 27th, 2014]
- NSA Surveillance and What To Do About It - Bruce Schneier - Video - April 27th, 2014 [April 27th, 2014]
- READER SUBMITTED: NSA CT April 2014 Meeting - April 28th, 2014 [April 28th, 2014]
- MVI 1847 Obama's NSA Denies FOIA About MH 370! - Video - April 28th, 2014 [April 28th, 2014]
- George Galloway's Sputnik: Ewen MacAskill on Guardian / Edward Snowden NSA leaks (26Apr14) - Video - April 28th, 2014 [April 28th, 2014]
- CIA & NSA DIRECTED ENERGY WEAPON ATTACK ON WHISTLE BLOWER - Video - April 28th, 2014 [April 28th, 2014]
- Book TV - 2014 San Antonio Book Festival: Panel on the NSA, Big Brother, and Democracy - Video - April 28th, 2014 [April 28th, 2014]
- NSA Throwdown: John Oliver v. 60 Minutes - April 29th, 2014 [April 29th, 2014]
- NSA will sit on security vulnerabilities because of terrorism - April 29th, 2014 [April 29th, 2014]
- New water records show NSA Utah Data Center likely behind schedule - April 29th, 2014 [April 29th, 2014]
- MVI 1871 NSA Might Be OnTo Me! - Video - April 29th, 2014 [April 29th, 2014]
- ZyXEL NSA 325 v2 Hands On - Deutsch / German notebooksbilliger.de - Video - April 29th, 2014 [April 29th, 2014]
- German opposition says US should destroy Merkel's NSA file - Video - April 29th, 2014 [April 29th, 2014]
- Germany: NSA spying "unacceptable" says SPD - Video - April 29th, 2014 [April 29th, 2014]
- NSA Surveillance 2 - Video - April 29th, 2014 [April 29th, 2014]
- NSA Surveillance Panel 1 - Video - April 29th, 2014 [April 29th, 2014]
- Chalk Talk How Snowden Breached NSA Security - Video - April 29th, 2014 [April 29th, 2014]
- NSA reveals some cyber security flaws are left secret - April 30th, 2014 [April 30th, 2014]
- NSA data center uses less water than expected - April 30th, 2014 [April 30th, 2014]
- April 2014 Breaking News Do you use Google or Yahoo? NSA Intercepts Google And Yahoo Traffic - Video - April 30th, 2014 [April 30th, 2014]
- Supreme Court could weigh in on NSA case, justice says - May 1st, 2014 [May 1st, 2014]
- New NSA chief: Agency has lost trust - May 1st, 2014 [May 1st, 2014]
- NSA on Heartbleed: 'We're not legally allowed to lie to you' - May 1st, 2014 [May 1st, 2014]
- What's The NSA Doing Now? Training More Cyberwarriors - May 1st, 2014 [May 1st, 2014]
- Anonymous NSA - Video - May 1st, 2014 [May 1st, 2014]
- Cutting off H2O to the NSA - Video - May 1st, 2014 [May 1st, 2014]
- Brazil: Greenwald slams US media, shares tips to avoid NSA - Video - May 1st, 2014 [May 1st, 2014]
- NSA IS TRYINGG 2 KILL ME FAMS - Video - May 1st, 2014 [May 1st, 2014]
- What was more popular on Twitter, NSA, NRA or NBA..today? - Video - May 1st, 2014 [May 1st, 2014]
- CIS111: NSA Uncovered - Video - May 1st, 2014 [May 1st, 2014]
- Views from the Street on NSA Activities and Liberty (6/6) - Video - May 1st, 2014 [May 1st, 2014]
- Views from the Street on NSA Activities and Liberty (4/6) - Video - May 1st, 2014 [May 1st, 2014]
- Views from the Street on NSA Activities and Liberty (3/6) - Video - May 1st, 2014 [May 1st, 2014]
- Views from the Street on NSA Activities and Liberty (2/6) - Video - May 1st, 2014 [May 1st, 2014]
- Views from the Street on NSA Activities and Liberty (1/6) - Video - May 1st, 2014 [May 1st, 2014]
- Germany: NSA may have accidentally outed secret base - Video - May 1st, 2014 [May 1st, 2014]
- ZyXEL NSA 325 v2 Installations-Wizard - Deutsch / German notebooksbilliger.de - Video - May 1st, 2014 [May 1st, 2014]
- Tech firms to increase alerts about police requests for data -- report - May 2nd, 2014 [May 2nd, 2014]
- German Chancellor Angela Merkel visits US, after the NSA eavesdropping scandal - Video - May 2nd, 2014 [May 2nd, 2014]
- NSA spies on more US citizens than Russians Snowden - May 3rd, 2014 [May 3rd, 2014]
- THE NEXT NSA?Police under scrutiny for using spying technology - May 3rd, 2014 [May 3rd, 2014]
- Ukraine and NSA will test Merkel - Video - May 3rd, 2014 [May 3rd, 2014]
- The Latest Attacks On NSA Whistleblower Edward Snowden - Kevin Gosztola Discusses - Video - May 3rd, 2014 [May 3rd, 2014]
- Still Report #246 - NSA Classifies MH370 Material - Video - May 4th, 2014 [May 4th, 2014]
- Code Talker Induction into NSA Hall of Honor - Video - May 4th, 2014 [May 4th, 2014]
- NSA ( National Security Agency ) refusal to release documents on UFO's - Video - May 4th, 2014 [May 4th, 2014]
- Obama & NSA Refuse FOIA Request on Malaysia Flight deemed classified - Video - May 4th, 2014 [May 4th, 2014]
- Kafkawinstons World`s Channel Terminated NSA is replacing Channel`s with Sockpuppet Channel`s - Video - May 4th, 2014 [May 4th, 2014]
- NSA Volunteer Justin Hall at the NSA Comedy Tour February 2014 - Video - May 4th, 2014 [May 4th, 2014]
- Barack Obama on NSA Surveillance I'd Be Concerned Too If I Wasn't in Government - Video - May 4th, 2014 [May 4th, 2014]
- GBPPR Vision #26: Overview of the NSA's TAWDRYYARD Radar Retro-Reflector - Video - May 4th, 2014 [May 4th, 2014]
- NSA proof phone Case - Video - May 5th, 2014 [May 5th, 2014]
- 2014 NSA 2014 Million Dollar Publisher's Lab - Video - May 5th, 2014 [May 5th, 2014]
- Gen. Michael Hayden - the Former Director of NSA and the CIA - Video - May 5th, 2014 [May 5th, 2014]
- REVEALED: Here's The Solution To That Encoded NSA Puzzle Tweet - May 5th, 2014 [May 5th, 2014]
- Michael Hayden's Unwitting Case Against Secret Surveillance - May 5th, 2014 [May 5th, 2014]
- NSA's Encrypted Tweet: We're Hiring Code Breakers - May 5th, 2014 [May 5th, 2014]
- Russ Tice: Life as a NSA Whistleblower - Video - May 5th, 2014 [May 5th, 2014]
- What Is Going on at NSA These Days - Video - May 5th, 2014 [May 5th, 2014]
- What is the Role of the NSA? AFF Dallas Debates - Video - May 5th, 2014 [May 5th, 2014]
- Edward Snowden said CIA , and NSA had 52. 6 Billion for black budget - Video - May 5th, 2014 [May 5th, 2014]
- NSA looks to appeal to young cryptographers through coded ads - May 6th, 2014 [May 6th, 2014]
- Code Cracked: Mysterious NSA Tweet Is Decrypted in Seconds - May 6th, 2014 [May 6th, 2014]