Big Russian hack used a technique experts had warned about for years. Why wasn’t the U.S. government ready? Hackers got long-term, wide-ranging access to government and private networks by manipulating the software that vouches for those allowed inside. (Washington Post Illustration/iStock) By Craig Timberg Feb. 9, 2021 at 10:21 p.m. GMT+1 The disastrous Russian hack of federal government networks last year relied on a powerful new trick: Digital spies penetrated so deeply that they were able to impersonate any user they wanted. It was the computer network equivalent of sneaking into the State Department and printing perfectly forged U.S. passports. Cybersecurity researchers had warned for years that such an attack was possible. Those from one firm, FireEye, even released hacking tools in 2019 showing exactly how to do it — in hopes that the revelation would spur the widespread deployment of better defenses.
14
Embed
Big Russian hack used a technique experts...Big Russian hack used a technique experts had warned about for years. Why wasn’t the U.S. government ready? Hackers got long-term, wide-ranging
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Big Russian hack used a technique experts had warned about for years. Why wasn’t the U.S. government ready? Hackers got long-term, wide-ranging access to government and private networks by manipulating the software that vouches for those allowed inside.
(Washington Post Illustration/iStock) By Craig Timberg Feb. 9, 2021 at 10:21 p.m. GMT+1 The disastrous Russian hack of federal government networks last
year relied on a powerful new trick: Digital spies penetrated so
deeply that they were able to impersonate any user they wanted. It
was the computer network equivalent of sneaking into the State
Department and printing perfectly forged U.S. passports.
Cybersecurity researchers had warned for years that such an attack
was possible. Those from one firm, FireEye, even released hacking
tools in 2019 showing exactly how to do it — in hopes that the
revelation would spur the widespread deployment of better
then, key computers could be left disconnected from the Internet,
adding more barriers to hackers operating remotely.
Some other experts, however, say that even without actually stealing
the encryption keys for issuing SAML tokens, hackers can still find
ways to manipulate network identities in ways that allow them to
expand and prolong intrusions.
Williams, of Rendition Infosec, said, “I agree that Microsoft could
have done a better job of detecting any number of active-directory
weaknesses or the exploitation of those weaknesses.”
But he added that more aggressive action by Microsoft, FireEye or
others would have been unlikely to thwart the Russians, given their
skills and resources.
“I’m confident that wouldn’t have changed the outcome here,”
Williams said.
The most viable solution for the future, some experts say, may be in
better alarms to rapidly alert defenders to suspicious behavior,
along with more extensive network logging of network activities —
preferably activated by default — to assist the detective work after
hacks inevitably occur.
CORRECTION: A previous version of this story said incorrectly
that Sen. Ron Wyden sent letters to FireEye and Microsoft last
month asking for answers related to the Russian attack. But in fact
only FireEye received a letter. The communication with Microsoft
was oral. 111 Comments
Craig Timberg Craig Timberg is a national technology reporter for The Washington Post. Since joining The Post in 1998, he has been a reporter, editor and foreign correspondent, and he contributed to The Post’s Pulitzer Prize-winning coverage of the National Security Agency.Follow
More from The Post
• Capitol riot defendants facing jail have regrets. Judges aren’t buying it.