Four U.S. Government agencies tasked with determining the perpetrator of a massive and ongoing hack by a foreign power into federal computer servers revealed Tuesday evening that Russia was the likely culprit, confirming a broad consensus among officials and analysts.
The review, conducted by the FBI, the Office of the Director of National Intelligence, the National Security Agency and Homeland Security’s chief cyber defense agency known as CISA, concluded the months-long hacking campaign revealed in December was “likely Russian in origin.” It added that the Russian hackers were responsible for most, if not all, of the intrusions, which centered on exploiting vulnerabilities in SolarWinds, an American information technology company that makes software widely used throughout the federal government.
“At this time, we believe this was, and continues to be, an intelligence gathering effort. We are taking all necessary steps to understand the full scope of this campaign and respond accordingly,” the agencies said in a joint statement.
Approximately 18,000 organizations in the public and private sectors were affected by the hack, they said, though fewer than 10 government agencies have observed follow-on activity in their systems.
The conclusion that Russia was behind the attack, though broadly accepted already, clashes with suggestions from Trump last month that China might have orchestrated it and that it may have had some connection to his claims of widespread fraud in the November presidential election.
Ongoing concerns about the scope of the attack, and the potential for the hackers to use the servers to which they gained access for destructive purposes in the future, also contradict Trump’s assertions last month.
“I have been fully briefed and everything is well under control. Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of … discussing the possibility that it may be China (it may!). There could also have been a hit on our ridiculous voting machines during the election, which is now obvious that I won big, making it an even more corrupted embarrassment for the USA,” Trump wrote in a tweet.
Trump has faced criticism throughout his presidency for rarely criticizing Russia and President Vladimir Putin publicly.
Trump tagged in the post Director of National Intelligence John Ratcliffe, a former Republican congressman from Texas long considered a close ally of Trump’s and whose nomination to become the nation’s top spy spurred bipartisan outrage on Capitol Hill at his lack of qualifications. Ratcliffe’s agency was among those that endorsed Tuesday’s report.
Attorney General Bill Barr, days before resigning in late December, also said he believed Russia was behind the attack, as did Secretary of State Mike Pompeo.
“Russia has long been an aggressive and malign actor in cyberspace, and this operation demonstrates their continued determination and capability to attack our networks and undermine our national security, just as they attacked our democracy in 2016,” Rep. Adam Smith, chairman of the House Intelligence Committee, said in a statement shortly after the release of Tuesday’s report.
“It’s clear from the scale of this compromise that we have a lot of work to do to harden our defenses, shore up the government’s cybersecurity practices, improve the quality of intelligence collection on cyber threat actors, and increase cooperation,” the California Democrat said, “both within government and with the private sector to identify, fix and defend against these threats.”
Fellow Democratic Sen. Mark Warner of Virginia, chairman of the Senate Intelligence Committee, lamented that the government needed three weeks to release the report and blasted the Trump administration for not doing more to condemn Russia’s actions publicly.
“We need to make clear to Russia that any misuse of compromised networks to produce destructive or harmful effects is unacceptable and will prompt an appropriately strong response,” Warner said.
The report described the attack as a “serious compromise that will require a sustained and dedicated effort to remediate,” and it described new efforts to share information voluntarily across government agencies and private companies to identify cyber intrusions in the future.
The former chief of the NSA told U.S. News last month that the U.S. remains unprepared to deal with threats such as these, particularly if it relies only on organizations to choose to come forward if and when they believe they may have been hacked.
“It’s not just the threat we saw with SolarWinds,” retired Army Gen. Keith Alexander said. “It’s a future threat that could happen to our country if there’s 10 SolarWinds, and instead of granting access they were looking to do something destructive.”
“The reality is, we’re not ready, no matter where we are, to defend these networks the way we’re doing it,” he said.