Hackers have reportedly breached the U.S. government agency responsible for maintaining the nation’s stockpile of nuclear weapons, according to news reports and government officials.
“They found suspicious activity in networks belonging to the Federal Energy Regulatory Commission (FERC), Sandia and Los Alamos national laboratories in New Mexico and Washington, the Office of Secure Transportation at NNSA, and the Richland Field Office of the DOE,” Politico reported. “The hackers have been able to do more damage at FERC than the other agencies, and officials there have evidence of highly malicious activity, the officials said, but did not elaborate.”
“At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission essential national security functions of the department, including the National Nuclear Security Administration,” Shaylyn Hynes, a DOE spokesperson, claimed in a statement. “When DOE identified vulnerable software, immediate action was taken to mitigate the risk, and all software identified as being vulnerable to this attack was disconnected from the DOE network.”
The Trump administration believes that Russian intelligence is behind the attack which has lasted for months and is still ongoing.
The New York Times reported:
Over the past few years, the United States government has spent tens of billions of dollars on cyberoffensive abilities, building a giant war room at Fort Meade, Md., for United States Cyber Command, while installing defensive sensors all around the country — a system named Einstein to give it an air of genius — to deter the nation’s enemies from picking its networks clean, again.
It now is clear that the broad Russian espionage attack on the United States government and private companies, underway since spring and detected by the private sector only a few weeks ago, ranks among the greatest intelligence failures of modern times.
Einstein missed it — because the Russian hackers brilliantly designed their attack to avoid setting it off. The National Security Agency and the Department of Homeland Security were looking elsewhere, understandably focused on protecting the 2020 election.
Officials believe that the hackers breached numerous U.S. businesses and U.S. government agencies by compromising the software company SolarWinds. Officials said that they may not know the true extent of the damage that was done for weeks.
“We don’t think anyone else in the market is really even close in terms of the breadth of coverage we have,” SolarWinds Chief Executive Kevin Thompson said on a company call two months ago. “We manage everyone’s network gear.”
The hackers inserted malicious code into software updates for SolarWinds’ top management software, Orion, which was then sent to approximately 18,000 customers.
“The impact on SolarWinds was more immediate. U.S. officials ordered anyone running Orion to immediately disconnect it,” Reuters reported. “In one previously unreported issue, multiple criminals have offered to sell access to SolarWinds’ computers through underground forums, according to two researchers who separately had access to those forums.”
Reuters’ report noted other problems with SolarWinds’ security, including security researcher Vinoth Kumar telling the publication that he alerted the company last year that anyone could access their update server simply by using the password “solarwinds123.”