On Friday, Senator Marco Rubio (R-FL), the acting chairman of the Senate Intelligence Committee, threatened Russia after reports surfaced this week of the massive, frightening cyber attack that reportedly targeted the nuclear weapons systems of the United States, the Pentagon and the FBI.
Rubio tweeted, “The full extent of the cyberhack is still unknown but we already know it is unprecedented in scale & scope, in all likelihood ongoing & at a level of sophistication only a few nation-states are capable of.” He continued, “The methods used to carry out the cyberhack are consistent with Russian cyber operations. But it’s crucial we have complete certainty about who is behind this. We can’t afford to be wrong on attribution, because America must retaliate, and not just with sanctions.”
The full extent of the cyberhack is still unknown but we already know it is unprecedented in scale & scope, in all likelihood ongoing & at a level of sophistication only a few nation-states are capable of.
— Marco Rubio (@marcorubio) December 18, 2020
The methods used to carry out the cyberhack are consistent with Russian cyber operations.
But it’s crucial we have complete certainty about who is behind this.
We can’t afford to be wrong on attribution, because America must retaliate, and not just with sanctions.
— Marco Rubio (@marcorubio) December 18, 2020
On Saturday, Rubio added, “Increasingly clear that Russian intelligence conducted the gravest cyber intrusion in our history The process of determining its extent & assessing the damage is underway Remediation will take time & significant resources Our response must be proportional but significant.”
Increasingly clear that Russian intelligence conducted the gravest cyber intrusion in our history
The process of determining its extent & assessing the damage is underway
Remediation will take time & significant resources
Our response must be proportional but significant
— Marco Rubio (@marcorubio) December 19, 2020
Rubio was not alone in attributing responsibility for the attack to Russia; on Friday Secretary of State Mike Pompeo was interviewed by radio host Mark Levin, and there was this exchange:
Levin: Reports are coming out this is a massive attack on our computer systems and our software systems, correct?
Pompeo: That’s right. I can’t say much more as we’re still unpacking precisely what it is, and I’m sure some of it will remain classified. But suffice it to say there was a significant effort to use a piece of third-party software to essentially embed code inside of U.S. Government systems and it now appears systems of private companies and companies and governments across the world as well. This was a very significant effort, and I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity.
Last March, updated versions of SolarWinds’product, Orion, were infiltrated. Solar Winds recently revealed that up to 18,000 users of the Orion software downloaded a compromised update containing malicious code. “Hackers managed to install a secret network backdoor – which authorities are calling SUNBURST – into Orion’s software updates. Its centralized monitoring looks for problems in an organization’s computer networks, which means that breaking in gave the attackers a ‘God-view’ of those networks,” the Daily Mail explained, adding, “Once installed on a network, the malware used a protocol designed to mimic legitimate SolarWinds traffic to communicate with a domain that has since been seized and shut down, the Cybersecurity and Infrastructure Security Agency has since revealed.”
Fire Eye stated of Sunburst: “After an initial dormant period of up to two weeks, it retrieves and executes commands, called ‘Jobs,’ that include the ability to transfer files, execute files, profile the system, reboot the machine, and disable system services. The malware masquerades its network traffic as the Orion Improvement Program (OIP) protocol and stores reconnaissance results within legitimate plugin configuration files allowing it to blend in with legitimate SolarWinds activity. The backdoor uses multiple obfuscated blocklists to identify forensic and anti-virus tools running as processes, services, and drivers.”
The Energy Department and National Nuclear Security Administration, which maintain the U.S. nuclear weapons stockpile, were targeted in the attack, according to Politico. In addition, the Pentagon, FBI, Treasury and State Departments were all reportedly breached in the attack.