Massive Hacks Linked to Russia, China Exploited U.S. Internet Security Gap

lawmakers and security experts have expressed concern that foreign governments are launching cyber attacks through US servers to avoid detection by the main US cyber espionage agency, the National Security Agency.

When hackers recently targeted working servers…

Microsoft Company

MSFT 0.44%.

According to an analysis by threat intelligence company DomainTools LLC, the widespread Exchange software used computers at at least four service providers in the United States to carry out its attacks.

The attack, which Microsoft announced last week, affected at least tens of thousands of consumers and has been linked to Chinese hackers by the software giant and other security researchers. China’s embassy in Washington did not immediately respond Tuesday to the accusation that China was behind the Microsoft hack, citing previous statements by Beijing in which the government said it rejects and combats cyberattacks and cyberbullying in all their manifestations.

This is the second major suspected hack by nation-states discovered in recent months that used US servers as a launch pad. The suspected Russian hackers used US-based cloud services to support key phases of their attacks, using hacking to

SolarWinds Corp.

Austin, Texas, provider of network software through which they infiltrated networks of the U.S. government and corporations. In both cases, the hacks were discovered by private investigators, not the U.S. government.

With tens of thousands of employees, the NSA is one of the largest U.S. government organizations charged with protecting the United States in cyberspace. It has broad supervisory powers, although it is generally prohibited from using them to gather information about domestic facilities, including computer servers located in the United States and operated by U.S. companies.

The combination of the two attacks made it clear to politicians and the executive branch that we had to do something, said Glenn Gerstell, former general counsel of the NSA.

Brad Smith, Chairman of Microsoft.


Drew Angerer/Associated Press

The SolarWinds hackers used cloud computing systems from Microsoft and Inc.

to launch their attacks. During a Senate hearing last week, the chairman of Microsoft said.

Brad Smith

said this method is clearly attractive to the Russians because it allows them to bypass U.S. intelligence agencies. Amazon declined to appear at the hearing, drawing the ire of lawmakers, and has not publicly commented on the use of its data centers in the SolarWinds attack.

This is a complex actor who has clearly spent time researching legal authorities. He knew he could operate from servers in the United States, bypassing some of the US government’s top threat hunters, said Tom Burt, vice president of customer security at Microsoft, about the Exchange hack.

According to DomainTools researcher Joe Slowik, judging from the Internet addresses used, the hackers were from lesser-known service providers like DigitalOcean Inc. and from servers in Hong Kong, the Netherlands, China and other jurisdictions. According to the analysis of DomainTools about half of the servers which were associated with the hack on Exchange were located in the United States.

A spokesperson for Digital Ocean said that no illegal activities are allowed on our platform. The company, she said, takes action when abuse is discovered, and works with government agencies when they are involved.

Security experts say Microsoft has been caught up in both attacks, in part because its products are ubiquitous. The company is also a major supplier of software to the U.S. government and large corporations, making vulnerabilities in Microsoft’s software an attractive target for hackers looking to spy on American networks, the report said.

An alleged Russian cyber attack on the federal government has targeted at least six government departments. Gerald F. Seib of the WSJ explains what the crackdown means for President Joe Biden’s national security efforts. Illustration photo: Laura Kamerman (video of 12/23/20)

The attacks on Microsoft Exchange were carried out by at least four groups of hackers, all with ties to China, said Alexis Dorais-Joncas, a researcher at ESET, the security company that monitored the attack.

According to the gentlemen. Slowick and Dorey-Jonkas said the attackers may have had other motives for using U.S. servers than circumventing NSA detection. Perhaps they were trying to improve the performance of their software or bypass security features that would block connections from China, for example.

Earlier this week, an anonymous hacker posted proof-of-concept code that could be used by other hacker groups to launch new attacks on unpatched Microsoft Exchange servers. Internet scans conducted this week by research firm Shodan LLC show that more than 70,000 Exchange servers are vulnerable to attack. According to James Alliband, a cyber security strategist at an enterprise software vendor, most of the organizations affected by a large-scale China attack are law firms, higher education institutions or organizations involved in infectious disease research.

VMware Inc.


What steps should lawmakers take to respond to cyber attacks? Join the discussion below.

Even before the stock market hack, U.S. lawmakers on both sides of the aisle were looking for ways to strengthen cybersecurity in the United States, including by reviving often stalled efforts to create a national law to report data breaches.

During a Congressional hearing on the SolarWinds hack last month, several senators asked technology industry leaders whether gaps in internal infrastructure controls allowed attackers to escape possible detection by U.S. intelligence agencies.

Any attempt to draft new laws giving the NSA or other intelligence agencies domestic surveillance powers is likely to be met with fierce resistance from privacy advocates who have long feared that such new powers could lead to abuse. The NSA has not wanted to be seen as expanding its spying capabilities since Edward Snowden leaked information in 2013 that revealed secret details about its domestic and international surveillance programs, which began after the September 11, 2001, attacks, former officials say.

The government already has the power to monitor all data entering and leaving federal networks, he said.

Senator Ron Wyden

(D., Ore.) Some in government now want to call for new, unsubtle surveillance of Americans’ communications to distract Congress from unpleasant questions.

Wyden added that the $6 billion U.S. cyber shield was unable to stop or detect the hack. The senator was referring to Einstein, a cyber threat detection system used by the government to prevent computer attacks by scanning for known malware. Einstein is unable to identify malware that has not previously surfaced in attacks.

But this species has its detractors. We cannot tie our hands so tightly to the Fourth Amendment that we are content to watch the Chinese sneak into our infrastructure, said Gerstell, a former senior NSA official, referring to the U.S. Constitution’s protection against unreasonable searches.

Gerstell said it is unlikely that Congress will ever grant such authority directly to the NSA, and that an alternative proposal involving another agency may be more acceptable.

The NSA declined to comment and referred questions to the White House National Security Council, which did not respond to requests for comment.

The Senate Intelligence Committee would receive separate briefings this week from the Biden administration and Microsoft on the Microsoft Exchange hack, according to an adviser to the committee.

I think we will have to struggle for a long time to understand the magnitude of what happened here, said Kathy Moussouris, executive director of Luta Security Inc.

Email Dustin Volz at [email protected] and Robert McMillan at [email protected]

Copyright ©2020 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8

russian hack,solarwinds hack,cyber attack,russian cyber attack,russia news,Privacy settings,How Search works,Cyberattack,Cyber attack

You May Also Like