(CNN) – Let’s take a short break from the pandemic and the presidential election and focus on two really important things regarding Russia: the alleged Russian hacking of the US government and the Russians chasing Navalny.
1. They identify the team that followed Navalny before the poisoning:
CNN and internet investigative journalists at Bellingcat have identified the team of Russian chemical experts that followed Vladimir Putin’s nemesis and opposition figure Alexey Navalny to 17 countries before being poisoned in Russia.
The identified Russians chased Navalny, who interviewed CNN while he was recovering in Germany. But they also made some early spying mistakes, such as changing their name or date of birth on travel documents. This kind of independent research on the internet is essential to expose wrongdoing. It reminds me of the efforts made to link Saudi government agents to the murder of Jamal Kashoggi. Sometimes it is more difficult for some countries to hide their wrongdoing than for others.
2. US government hacked, Russia suspected:
We have long been aware of Russian attempts to jeopardize and infiltrate the US government into the 2020 election process. While there is no evidence that Russia was successful in its attempts to attack US electoral systems, it is now He suspects he has hacked several government agencies around the country, from the Department of Homeland Security to the Department of Commerce, by gaining access to SolarWinds, a security provider. The United States Treasury Department and the US Postal Service may also have been hacked.
We spoke to Zachary Cohen, who covers national security for CNN and has covered the hack, to understand a little better what exactly happened and how important it is.
Our email conversation is below:
Which US agencies were affected?
Wolf: These are alarming headlines about an attack on various US government agencies. What do we know about who has been compromised and how do we know they are connected?
Cohen: The investigation is still in its infancy, but we already know at least four US government agencies that have been compromised, including DHS’s cyber division, whose job it is to help protect the country from violations like this one. CNN has confirmed that the Ministries of Agriculture, Trade and Finance were also compromised.
Sources have told CNN the post may have been attacked, but the investigation is still ongoing. The Department of Defense is also analyzing whether one of its networks has been attacked.
We already know this is a serious crime
Cohen: However, even at this early stage, it is already clear that this was one of the most serious breaches by the US government in years, and confidence is growing among officials that it was carried out by the same linked hackers. to Russia who were behind the recent incident involving elite cybersecurity firm FireEye.
That link is of great importance to US officials working to determine the exact scope and extent of the attack on government agencies. The sophistication and tactics used in hacking into US government agencies are similar to what was seen in the FireEye attack – that’s the main indicator that the two incidents are related.
SolarWinds said in a statement Sunday evening that the breach of its system “was likely carried out by an outside nation-state and was intended to be a limited, highly targeted and manually executed attack, rather than a wide-ranging attack across the country.
WATCH: Microsoft identifies more than 40 organizations that are victims of massive cyber attacks
What we know about SolarWinds
Wolf: What is SolarWinds and why does the government outsource this kind of security?
Cohen: SolarWinds is a technology company whose products are used by several federal civil agencies for network management. The U.S. government often hires private companies like this one because their expertise and product development goes far beyond what the government can develop on its own. Some members of Congress have consistently criticized the potential security risks of using this type of software, especially without first conducting a full security assessment. But protecting these networks is also the responsibility of the government, and we are already seeing lawmakers such as Senator Ron Wyden, an Oregon Democrat, say that an in-depth review of software security practices is needed.
This is also going to be a challenge for the incoming Biden administration. Foreign opponents are constantly trying to infiltrate US networks and are only becoming more sophisticated in their ability to do so successfully.
WATCH: Putin says if Russia wanted to kill the opponent Navalny, they would have “finished” the job
Why is Russia suspected?
Wolf: The report states that the government is suspicious of Russia, but has yet to conclude that it is Russia. How will they make that decision?
Cohen: Formal attribution of such an attack takes time and the government does not always disclose its findings, even if the perpetrator has been identified. But there are only a handful of nation-state actors who have the ability to hack with this level of sophistication, and Russia has a well-documented history in this area.
US officials and cybersecurity experts have identified specific indicators of how software vulnerabilities have been exploited, pointing to the APT29 group linked to Russia. This group is well known to those who monitor foreign cyber activities and there are similarities between this attack and the previous incidents involving APT29.
Why is such a hack dangerous?
Wolf: What’s the danger with this type of hacking? What kind of information is at risk, and why would Russia want to get into US systems?
Cohen: It’s hard to say at this point how dangerous a hack like this could be, and more and more details are emerging about the kind of information that might be at risk. That said, the fact that we already know DHS was compromised is certainly concerning, especially given that his cyberarm was specifically breached. There are also concerns that the Defense Department networks may have been attacked, but that investigation is still ongoing.
The Russians were believed to be behind a previous cyber-attack on the Defense Department networks that led to a complete overhaul of existing security protocols.
While there are still many unanswered questions about what exactly the hackers were looking for, Wyden has already called the incident “a massive breach of national security that could have repercussions for years to come.”
The Cybersecurity and Infrastructure Security Agency, the DHS agency in question, aided the government in the election security efforts and was essential to protect that process from foreign interference.
But it appears that actors linked to Russia have managed to break through the CISA network while targeting the election, and the agency will certainly be criticized for that. The news also comes after President Donald Trump fired top CISA officials, including Chris Krebs, for saying publicly that the 2020 election was the safest in history and that the leadership review is likely to only complicate the situation. efforts to close the recent gap.
How will the United States react? Will the government retaliate?
Wolf: We haven’t heard much from the federal government about a response, but you have reported on Presidential Directive 41, which looks like something out of a spy movie. What do we know about how the United States government might respond? Will retaliation take place?
Cohen: As you mentioned, the government has put into effect Presidential Policy Guideline 41, an Obama-era plan to conduct a federal government response to every cyber incident, whether it be the government or entities from the United States. private sector.
For major cyber incidents, the Directive also establishes a plan to coordinate the response between agencies and requires the Ministries of Justice and Homeland Security to assist entities affected by cyber incidents.
MIRA: Pompeo designated the Russians as responsible for hacking government agencies
Simply put, everything is going on right now as government agencies are working to investigate the hack and determine the next steps. As for potential retaliation, that remains to be seen and largely depends on what information may have been stolen and how it can be used against the United States.
But while it’s already clear this violation was massive, officials have told CNN it’s consistent with what they expect from foreign governments. They also constantly scan foreign networks, so there is a constant level of activity that takes place in this space on a daily basis.
While some sort of response is likely to be called for, especially if the government formally determines that Russia was involved, no one wants a full-blown cyber war and is aware that a direct response can quickly escalate. Therefore, any response directed at those behind the attack will be carefully considered before taking any action.
For now, the response efforts are aimed at reducing the impact of the violation.