By: Editorial Staff, Date: February 9th, 2021
Just as the latest U.S. election was reaching its zenith, the federal government was dealing with the ramifications of realizing a massive hack had opened up various repositories of the federal government databases to unauthorized parties. Now the FBI’s investigation is pointing to a Chinese influence over that hack and the players involved as they tunneled to their access through the federal contractor, SolarWinds, in December 2020.
Using the most mundane of activities, payroll processing, the hackers were able to access details of 600,000 government employers, and more disturbingly those working in sensitive agency areas like intelligence. The hack raises two painful questions: how can it be prevented again and, worse, how much was accessed that wasn’t identified given how long the access existed? The potential is painful, and more than a few analysts have likely been busy pouring over the likely damage control need. It also flags what many in security have been seeing – Chinese-influenced hacks are increasing.
Unfortunately, the Chinese-influenced hackers were not the only folks involved in digitally running through SolarWinds. Russians were also walking through the contractor candy store as well. The Russian team has been documented to have hacked through SolarWinds to at least eight separate federal agencies as well. The contractor practically ended up being the digital shopping mall for anyone who was adept enough to pick up the open barn door they provided and walk through it.
Of course, officially, everyone is denying the hack happened in their backyard or on their watch. The Chinese predictably deny any involvement. And the U.S. Department of Agriculture, whose payroll was hacked, denies it happened. The FBI are the smart ones; they’re not saying anything at all.
SolarWinds as a contractor with the open barn door knows it’s in hot water and is scrambling to figure out how it became the federal government’s Achilles Heel. Apparently, mundane was the strategy since the hackers used one of the most generic doors possible, a compromised Office 365 account associated with the company’s CEO. From there the hackers followed the standard infiltrator textbook, converting other email accounts and administratively giving themselves rights to walk through the SolarWinds system without notice or alert. Unlike the federal government’s obfuscation, Microsoft admitted the existence of the breach.
Now, with investigators crawling over everything, SolarWinds is realizing new pains; more risks and backdoors are being identified in their systems and resources. The payroll target was just a test; SolarWinds software was rewritten enough to provide remote access over anything it was installed into. New patches were rolled out faster than a Warner Brothers’ roadrunner, but the stain on the company is permanent. Promising to now be the most secure software program in the market, SolarWinds has to climb Mt. Everest to remain viable, but it’s possible. More than one government contractor who has failed has found another federal contract again. The argument is they now have “government experience,” which makes them better than other companies who know nothing about working for the government.
Note: The Knowledge Group continuously produces webcasts on this topic and other hot-button issues relating to Technology & Cybersecurity to keep you ahead of the curve.
