Listen HERE:
Hackers broke into the networks of the Treasury and Commerce departments as part of a global cyberespionage campaign revealed just days after a leading global cybersecurity firm announced that it had been breached in an attack that industry experts said bore the hallmarks of Russian tradecraft.
The FBI and the Department of Homeland Security’s cybersecurity arm are investigating what experts and former officials said appeared to be a large-scale penetration of U.S. government agencies — apparently, the same months-long cyberespionage campaign that also attacked the prominent cybersecurity firm – FireEye.
The hacks were revealed less than a week after FireEye disclosed that foreign government hackers had broken into its network and stolen the company’s own hacking tools. Many experts suspect Russia is responsible. FireEye’s customers include federal, state, and local governments and top global corporations.
The apparent conduit for the Treasury and Commerce Department hacks — and the FireEye compromise — is a hugely popular piece of server software called SolarWinds. It’s used by hundreds of thousands of organizations globally, including most Fortune 500 companies and multiple U.S. federal agencies who will now be scrambling to patch their networks.
Here is a list of some of the customers who use the software made by SolarWinds.
- On its website, SolarWinds says it has 300,000 customers worldwide, including all five branches of the U.S. military, the Pentagon, the State Department, NASA, the NSA, the Department of Justice and the White House. It says the 10 leading U.S. telecommunications companies and top five U.S. accounting firms are also among customers. All of these companies were potentially compromised.
- A simplified explanation of what happened and what it means to you and me.
- The maker of the software that’s used in the highest levels of government, including the Whitehouse and NSA, was compromised by attackers who slipped malicious code into the software maker’s trusted code without the software maker knowing it. This code then got distributed to its customers.
- That malicious code, once it infected customer systems, opened a backdoor into those systems and contacted the hackers to let them know the door was open for them to secretly enter those systems and begin stealing sensitive data on those networks.
The hackers did this back in March and their activity was only recently discovered
This means they have been inside government systems for months, stealing data and spying on government workers without anyone knowing, until now.
What does this mean for the average person and their data?
This is a national security hack conducted by a nation-state (Russia or China perhaps) and focused on high-value targets and data. While it’s possible your personal data could have been compromised, it’s more than likely not what the hackers were after.
There’s a lot that’s still unknown about this cyber-espionage operation – exactly who was compromised and what data or secrets were stolen. Our government’s Cybersecurity and Infrastructure Security Agency said it was working with other agencies to help “identify and mitigate any potential compromises”.
All we can do is wait and see how deep this goes and exactly what information was stolen.