WASHINGTON, D.C. – At least three government agencies have been the target of a major cyber-espionage campaign, apparently by the Russian government. The American people learned this week that hackers have been spying on the U.S. departments of Commerce, Treasury and even Homeland Security since March, and officials say there are likely many more victims yet to be revealed. Shockingly, while the exploit is now discovered, the compromise remains in play as some systems cannot easily disable the software and the entire system running it requires shut-down prompting a rare emergency directive ordering all federal agencies to immediately power down SolarWinds Orion management tools.
Section 3553(h) of title 44, U.S. Code, authorizes the Secretary of Homeland Security, in response to a known or reasonably suspected information security threat, vulnerability, or incident that represents a substantial threat to the information security of an agency, to “issue an emergency directive to the head of an agency to take any lawful action with respect to the operation of the information system, including such systems used or operated by another entity on behalf of an agency, that collects, processes, stores, transmits, disseminates, or otherwise maintains agency information, for the purpose of protecting the information system from, or mitigating, an information security threat.” 44 U.S.C. § 3553(h)(1)–(2)
According to reports, the attackers got in by corrupting software updates with a piece of malware called “SUNBURST” installed on computer systems using Orin software by technology company SolarWinds, which provides network tools to government agencies and tech companies making up its roughly 300,000 customers.
FREE DIGITAL SUBSCRIPTION: GET ONLY 'FEATURED' STORIES BY EMAIL
Big Tech is using a content filtering system for online censorship. Watch our short video about NewsGuard to learn how they control the narrative for the Lamestream Media and help keep you in the dark. NewsGuard works with Big-Tech to make it harder for you to find certain content they feel is 'missing context' or stories their editors deem "not in your best interest" - regardless of whether they are true and/or factually accurate. They also work with payment processors and ad-networks to cut off revenue streams to publications they rate poorly by their same bias standards. This should be criminal in America. You can bypass this third-world nonsense by signing up for featured stories by email and get the good stuff delivered right to your inbox.
The nation’s now fired cybersecurity expert Chris Krebs, who was also the former top election security officer, announced on November 12, that the 2020 election was “the most secure election in history,” a statement made while the nation’s most critical data systems were being compromised in-real time, and had been being compromised for the larger part of the year.
With what has been the most highly contested election in history, rumors began to swirl that Dominion Voting Systems, the highly controversial voting machine company which was used in hundreds of countries across the country to compile and report election results, might have been a customer of SolarWinds. Some of that speculation was due to the disappearing act of the SolarWinds logo on a Dominion login page that was captured by social media users through an Internet archive search.
Dominion has released a statement saying “Dominion Voting Systems does not now nor has it ever used the SolarWinds Orion Platform, which was subject of the DHS emergency directive dated December 13, 2020,” the statement read.
While a SolarWinds press release stated that “Serv-U,” a reference to a software suite identified by hypertext shown along with the accompanying SolarWinds logo on the Dominion site, stated it is not known to be an affected software product, however, both are offered by the company.
On Thursday, December 17, Lou Dobbs spoke with Cybersecurity and terrorism analyst, Morgan Wright, who stated that Dominion was a customer of SolarWinds, but did not elude to what SolarWinds software specifically the company was using or confirm any further of connection between its customer and vendor relationship.
The U.S. government says it has evidence of additional vulnerabilities beyond SolarWinds Orion supply chain compromise, but other attack methods are still being investigated. While Russia is believed responsible, the Trump administration has not formally blamed Russia, and Russia has denied involvement. Out of the 300,000 customers, SolarWinds estimates that less than 18,000 were likely directly impacted by the malicious software updates.
“CISA [Cybersecurity and Infrastructure Security Agency] has determined that this threat poses a grave risk to the federal government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations,” according to a 17-page alert. “This is a patient, well-resourced, and focused adversary that has sustained long duration activity on victim networks.”