WASHINGTON, D.C. – At least three government agencies have been the target of a major cyber-espionage campaign, apparently by the Russian government. The American people learned this week that hackers have been spying on the U.S. departments of Commerce, Treasury and even Homeland Security since March, and officials say there are likely many more victims yet to be revealed. Shockingly, while the exploit is now discovered, the compromise remains in play as some systems cannot easily disable the software and the entire system running it requires shut-down prompting a rare emergency directive ordering all federal agencies to immediately power down SolarWinds Orion management tools.
Section 3553(h) of title 44, U.S. Code, authorizes the Secretary of Homeland Security, in response to a known or reasonably suspected information security threat, vulnerability, or incident that represents a substantial threat to the information security of an agency, to “issue an emergency directive to the head of an agency to take any lawful action with respect to the operation of the information system, including such systems used or operated by another entity on behalf of an agency, that collects, processes, stores, transmits, disseminates, or otherwise maintains agency information, for the purpose of protecting the information system from, or mitigating, an information security threat.” 44 U.S.C. § 3553(h)(1)–(2)
According to reports, the attackers got in by corrupting software updates with a piece of malware called “SUNBURST” installed on computer systems using Orin software by technology company SolarWinds, which provides network tools to government agencies and tech companies making up its roughly 300,000 customers.
Big Tech is using NewsGuard to censor us severely reducing our revenue. You can support our mission of truthful reporting by making a contribution. Honest journalism is incredibly important to our democracy; we refuse to let Silicon Valley crush us into just another regurgitated, propaganda driven, echo-chamber of lamestream media and we need your support. You can also help by signing up for our featured story emails.
The nation’s now fired cybersecurity expert Chris Krebs, who was also the former top election security officer, announced on November 12, that the 2020 election was “the most secure election in history,” a statement made while the nation’s most critical data systems were being compromised in-real time, and had been being compromised for the larger part of the year.
With what has been the most highly contested election in history, rumors began to swirl that Dominion Voting Systems, the highly controversial voting machine company which was used in hundreds of countries across the country to compile and report election results, might have been a customer of SolarWinds. Some of that speculation was due to the disappearing act of the SolarWinds logo on a Dominion login page that was captured by social media users through an Internet archive search.
Dominion has released a statement saying “Dominion Voting Systems does not now nor has it ever used the SolarWinds Orion Platform, which was subject of the DHS emergency directive dated December 13, 2020,” the statement read.
While a SolarWinds press release stated that “Serv-U,” a reference to a software suite identified by hypertext shown along with the accompanying SolarWinds logo on the Dominion site, stated it is not known to be an affected software product, however, both are offered by the company.
On Thursday, December 17, Lou Dobbs spoke with Cybersecurity and terrorism analyst, Morgan Wright, who stated that Dominion was a customer of SolarWinds, but did not elude to what SolarWinds software specifically the company was using or confirm any further of connection between its customer and vendor relationship.
The U.S. government says it has evidence of additional vulnerabilities beyond SolarWinds Orion supply chain compromise, but other attack methods are still being investigated. While Russia is believed responsible, the Trump administration has not formally blamed Russia, and Russia has denied involvement. Out of the 300,000 customers, SolarWinds estimates that less than 18,000 were likely directly impacted by the malicious software updates.
“CISA [Cybersecurity and Infrastructure Security Agency] has determined that this threat poses a grave risk to the federal government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations,” according to a 17-page alert. “This is a patient, well-resourced, and focused adversary that has sustained long duration activity on victim networks.”