SOUTHERN COLORADO — A broad cyber espionage campaign first reported this week may have compromised federal agencies, large companies, and other foreign governments.
Potential victims of the data breach include the U.S. Department of State, U.S. Department of Energy, U.S. Department of Homeland Security, National Nuclear Security Agency, and Microsoft. Microsoft's president estimated 40 organizations were targeted.
Dr. Shawn Murray is the CEO and president of Murray Security Services, and has been working in cybersecurity for around 20 years. Dr. Murray explained that the hackers broke into a computer software company called SolarWinds, which is based in Austin, Texas.
SolarWinds is used by over 300,000 customers globally, and is embedded by many governments. The suite of applications helps companies manage networks and troubleshoot problems. But certain customers using a version of their Orion platform were attacked through a poisoned software update. The company believes less than 18,000 customers had that specific installment of the Orion products containing the vulnerability.
SolarWinds believes those updates were released between March and June of 2020. Dr. Murray said there are reports suggesting the system was compromised as early as December 2019. "They're not attacks. Well, they're a form of attacks, but they're not disrupting the ability for people to perform activities. They're part of an espionage campaign from a state actor," said Dr. Murray.
Dr. Murray said the intent of the attacks is to gather intelligence information. "They could spy and collect information on everything from the election to the coronavirus, development, technologies, all over the world," explained Dr. Murray.
Dr. Murray went on to say that SolarWinds is typically used in medium to large organizations. "This type of response should not affect our local business community," said Dr. Murray.
However, he did say our personal information may have been compromised. "Our social security number is tied to every aspect of our life, our taxes, our health care systems. It is very probable that unauthorized access or disclosure of information may have happened," said Dr. Murray.
Colorado Congressman Jason Crow said it's clear the country was not prepared for this kind of cyberattack. "I've had my breath taken away as I've learned more about both the breadth and the depth of the assault on not just our intelligence and our national security infrastructure, but also our private industry and our companies and our economy as well... As we're learning more about this attack, there are things that have been done that we didn't even know were possible, new strategies, new techniques," said Rep. Crow.
Rep. Crow said they currently do not have the level of data to know exactly what specific bases, installations, or companies have been breached. He was not sure what, if any, Colorado agencies have been compromised. "As far as we're able to tell, it's actually still ongoing. We actually don't know all of the different businesses and industries that have been touched," said Rep. Crow.
Many have asserted Russia is behind the cyberattack, but Rep. Crow said it is not yet certain who the adversary is. "The sophistication and the methods that were used, have the earmarks of a well equipped, well trained, nation-state."
The situation is developing, but the more I learn this could be our modern day, cyber equivalent of Pearl Harbor. https://t.co/zGsDDh8W1Q— Rep. Jason Crow (@RepJasonCrow) December 18, 2020
Rep. Crow said presidential election years are typically more vulnerable to this kind of hacking, but that the COVID-19 pandemic only made it worse. "That is a vulnerable period in the best of circumstances. That vulnerability has been extremely heightened though by the delay in the transition," said Rep. Crow.
He said the first step is to close off access to whoever did this. "So that we're not losing state secrets, classified information, information regarding our troops deployed around the world, proprietary information of our companies, and many other things that are available potentially to that adversary. We close that door. And then we're going to have to do a very serious post-mortem about what happened, why it happened, and what we need to do to fix it going forward," said Rep. Crow.
When asked if there was any tentative date on further information, Rep. Crow said the Department of Defense has not provided him with a timeline.
According to Dr. Murray, if the investigation determines a specific crime has taken place, then there could be sanctions or other political fallout.
Even though the Orion platform was mainly employed by large organizations, small businesses can still take steps to protect themselves online. The Pikes Peak Small Business Development Center is there to help. CLICK HERE to learn more about their cybersecurity resources.