The news of highly-sophisticated cyber attacks by suspected Russian hackers came on Dec. 8, when the cybersecurity firm FireEye announced a significant breach with some assets being stolen.
“We escalated very quickly from the moment I got the first briefing that, ‘Hey, we have a security incident of some magnitude,’ “FireEye CEO Kevin Mandia told NPR’s All Things Considered this week. “My gut was telling me it was something we needed to put people on right away.”
Some of the highest levels of the U.S. Government were compromised in the attacks including the State Department and the Department of Homeland Security. Cybersecurity experts are still working to unmask those responsible, along with assessing the true sum of damages done by the attacks.
“There’s still so much that we don’t know and that’s the real thing keeping me awake at night,” Fortalice Solutions CEO Theresa Payton said on WBT’s Bo Thompson Morning Show Tuesday.
“These are all related. And what we’ve learned is the FireEye tools were stolen because there was what I call, and the industry calls, ‘God Access’ or ‘God Door’, created by a vulnerability in SolarWinds software. As this investigation continues, what has been identified is FireEye is not the only victim of this ‘God Door’ or ‘God Access’ in Solarwinds. Furthermore, we also learned you don’t have to be a client of SolarWinds to have been impacted.”
What happened in this case is the hackers attached their malware to a software update by SolarWinds, a platform used by many U.S. Govt. agencies and thousands of private companies to monitor their computer networks. Payton says the ‘God Access’ is unique because it allows to roam in real time without the user even knowing
“Basically, you can do whatever you want and no one even knows you’re there,” said Payton. You’re everywhere and you’re in stealth. And you can add, delete; you can morph and you can be whatever you need to be in that moment.”
Payton elaborated on the details of SolarWinds software and how hackers were able to latch on easily. “This malware was created by a nation-state operative. Digital fingerprints points to Russia, but Russia denies and they always do. The malware gives them sort of super-user access, like the top administrator if you want to look at it that way.” She went on to say, “They have a digital passport that lets them go anywhere they want.”
“The SVR, Russia’s foreign intelligence agency, is co-hindered as the most likely culprit,” according to Secretary of State Mike Pompeo and some members of Congress who have been briefed by the U.S. intelligence community.
“What I’ve seen is 2020 has been about the hardest year, period, to be an information security officer,” Mandia said. “It’s time this nation comes up with some doctrine on what we expect nations’ rules of engagement to be, and what will our policy, or proportional response, be to folks who violate that doctrine. Because right now there’s absolutely an escalation in cyberspace.”
What’s extremely troubling is the FBI and the director of national intelligence and the cybersecurity arm of Homeland Security released a statement saying this breach is still active. The incident will likely be a catalyst to rethink cybersecurity tactics for the federal government.
Listen to the entire interview with cybersecurity expert Theresa Payton.