Tech firms say there's little doubt Russia behind major hack

Tuesday, February 23, 2021 | Ben Fox And Eric Tucker, Associated Press


FireEye CEO Kevin Mandia, SolarWinds CEO Sudhakar Ramakrishna and Microsoft President Brad Smith testify during a Senate Intelligence Committee hearing on Capitol Hill on Tuesday, Feb. 23, 2021 in Washington. (Drew Angerer/Photo via AP)

WASHINGTON (AP) — Leading technology companies said Tuesday that a monthslong breach of corporate and government networks was so sophisticated, focused and labor-intensive that a nation had to be behind it, with all the evidence pointing to Russia.

In the first congressional hearing on the breach, representatives of technology companies involved in the response described a hack of almost breathtaking precision, ambition and scope. The perpetrators stealthily scooped up specific emails and documents on a target list from the U.S. and other countries.

“We haven’t seen this kind of sophistication matched with this kind of scale,” Microsoft President Brad Smith told the Senate Intelligence Committee.

Smith said investigators estimate at least 1,000 highly skilled engineers would have been required to develop the code that hijacked widely used network software from Texas-based SolarWinds to deploy malware around the world through a security update.

“We’ve seen substantial evidence that points to the Russian foreign intelligence agency, and we have found no evidence that leads us anywhere else," Smith said.

U.S. national security officials have also said Russia was likely responsible for the breach, and President Joe Biden's administration is weighing punitive measures against Russia for the hack as well as other activities. Moscow has denied responsibility for the breach.

Officials have said the motive for the hack, which was discovered by private security company FireEye in December, appeared to be to gather intelligence. On what, they haven't said.

At least nine government agencies and 100 private companies were breached, but what was taken has not been revealed.

White House press secretary Jen Psaki said Tuesday that it would be “weeks, not months,” before the U.S. responds to Russia.

“We have asked the intelligence community to do further work to sharpen the attribution that the previous administration made about precisely how the hack occurred, what the extent of the damage is and what the scope and scale of the intrusion is,” Psaki said. “And we’re still in the process of working that through now.”

FireEye CEO Kevin Mandia told the Senate that his company has had nearly 100 people working to study and contain the breach since they detected it, almost by accident, in December and alerted the U.S. government.

The hackers first quietly installed malicious code in October 2019 on targeted networks, but didn't activate it to see if they could remain undetected. They returned in March and immediately began to steal the login credentials of people who were authorized to be on the network so they could have a “secret key” to move around at will, Mandia said.

Once detected, “they vanished like ghosts," he said.

“There’s no doubt in my mind that this was planned," the security executive said. “The question really is where’s the next one, and when are we going to find it?”

Government agencies breached include the Treasury, Justice and Commerce departments, but the full list has not been publicly released. The president of Microsoft, which is working with FireEye on the response, said there are victims around the world, including in Canada, Mexico, Spain and the United Arab Emirates.

The panel, which also included Sudhakar Ramakrishna, the CEO of SolarWinds who took over the company after the hack occurred, and George Kurtz, the president and CEO of CrowdStrike, another leading security company, faced questions not just about how the breach occurred but also about whether hacking victims need to be legally compelled to be forthcoming when they have been breached. Even now, three months after the breach was disclosed, the identity of most victims remains unknown.

Congress has considered in the past whether to require companies to report that they have been the victim of a hack, but it has triggered legal concerns, including whether they could be held liable by clients for the loss of data.

U.S. authorities are also considering whether to give additional resources and authority to the Cybersecurity and Infrastructure Agency or other agencies to be able to take a more forceful role in working to prevent future breaches.

Another measure that has been considered is to create a new agency, like the National Transportation Safety Board, that could quickly come in and evaluate a breach and determine whether there are problems that need to be fixed.

Sen. Ron Wyden, one of the most prominent voices on cyber issues in the Senate, warned that the U.S. must first make sure that government agencies breached in this incident have taken the required security measures.

“The impression that the American people might get from this hearing is that the hackers are such formidable adversaries that there was nothing that the American government or our biggest tech companies could have done to protect themselves,” said Wyden, an Oregon Democrat. “My view is that message leads to privacy-violating laws and billions of more taxpayer funds for cybersecurity."

___

Associated Press writer Alan Suderman in Richmond, Va., contributed to this report.

Featured Article: Trading Penny Stocks



7 Cryptocurrencies That Are Leading The Market Higher

An Influx Of Capital Is Driving Cryptocurrency Higher

There is an influx of money to the cryptocurrency market that is driving the entire complex higher. Not only is institutional interest peaking but recognition and use are on the rise as well. With Bitcoin setting new all-time highs 100% above the 2017 highs the number of new Bitcoin millionaires is on the rise too.

But Bitcoin is not the only cryptocurrency on the market today by far. The number of cryptocurrencies on the market has been growing steadily with more than 4,000 listed on Coinmarketcap alone. But that doesn’t mean they are all worth your time. Many if not most will not stand the test of time.

One way to judge the market’s interest in a cryptocurrency is its market performance gains. A cryptocurrency that is gaining in value is certainly one that you may want to own. The better method of judging the market’s interest in a cryptocurrency is the market cap. The cryptocurrency market is worth upwards of $1 trillion and growing, and most of that value is centered in the top seven. Together, the bottom 3,993 odd cryptocurrencies only account for 12% of the market and have yet to prove any lasting value.

View the "7 Cryptocurrencies That Are Leading The Market Higher".


Companies Mentioned in This Article

CompanyMarketRank™Current PricePrice ChangeDividend YieldP/E RatioConsensus RatingConsensus Price Target
Microsoft (MSFT)2.5$260.74+0.5%0.86%42.12Buy$269.99
Compare These Stocks  Add These Stocks to My Watchlist 

MarketBeat - Stock Market News and Research Tools logo

MarketBeat empowers individual investors to make better trading decisions by providing real-time financial data and objective market analysis. Whether you’re looking for analyst ratings, corporate buybacks, dividends, earnings, economic reports, financials, insider trades, IPOs, SEC filings or stock splits, MarketBeat has the objective information you need to analyze any stock. Learn more.

MarketBeat is accredited by the Better Business Bureau

© American Consumer News, LLC dba MarketBeat® 2010-2021. All rights reserved.
326 E 8th St #105, Sioux Falls, SD 57103 | U.S. Based Support Team at [email protected] | (844) 978-6257
MarketBeat does not provide personalized financial advice and does not issue recommendations or offers to buy stock or sell any security. Learn more.

Our Accessibility Statement | Terms of Service | Do Not Sell My Information

© 2021 Market data provided is at least 10-minutes delayed and hosted by Barchart Solutions. Information is provided 'as-is' and solely for informational purposes, not for trading purposes or advice, and is delayed. To see all exchange delays and terms of use please see disclaimer. Fundamental company data provided by Zacks Investment Research. As a bonus to opt-ing into our email newsletters, you will also get a free subscription to the Liberty Through Wealth e-newsletter. You can opt out at any time.