Recently, we’re seeing diplomatic tension between the United States and Russia, right? Yeah, those who haven’t noticed, know: both nations aren’t pecking at each other at the moment. The reason is simple but difficult to swallow. After all, we’re not talking about two boys who fight over a toy and come to terms with each other again, when their parents arrive and put some order in the room. We are talking about two world powers .
To better understand this disagreement, it is necessary to go back to 2020. That’s right. Last year, hackers, directed by the Russian intelligence service, the SVR, in addition to having access to the system of SolarWinds, an American company that basically develops software, were able to insert malicious code into one of their products. This attack, today, is being considered as one of the worst in history.
“We believe that between March and June 2020, eighteen thousand customers may have downloaded this product that has been corrupted,” said Sudhakar Ramakrishna, President and CEO of SolarWinds, in an interview with NPR. “If you take that estimate and start looking at it, the actual number of customers affected will be smaller or larger. We don’t know the exact number, we just have an idea. We are still conducting the investigation.”
The investigation was completed this year. Ramakrishna calculates that the Russians have committed – and successfully – about 100 companies and a dozen government agencies. Companies include Microsoft, Intel and Cisco; and the list of federal agencies so far includes the departments of Treasury, Justice and Energy, and the Pentagon.
Regardless of the damage, on Thursday, April 15, the Biden government announced a list of tough sanctions against Russia – that is, a response to the breach of the SolarWinds system.
Even listing some sanctions, the concern remains, mainly on the part of the Cybersecurity and Infrastructure Security Agency, or CISA – Department of Government Security whose job is to protect federal computer networks from cyber attacks, but that failed.
The action of the hackers involved in the attack was strategic, well thought out. In order for the plan to work, the ‘victims’ needed to first download an update of contaminated software and then update it. Then the compromised networks needed to be connected to the Internet, which would help hackers communicate with servers.
The software that was affected and functioned as a fundamental part of the operations was Orion. The program in question is commonly used by US information technology departments and that’s why hacking it was a more than ingenious strategy.
“This was, without a doubt, our worst nightmare,” said Tim Brown, SolarWinds vice president of security recently. “It’s kind of a horror movie. In addition to affecting thousands of customers, it caused damage that is still unimaginable.”
Cybersecurity experts compare the current damage to an attack that took place in 2017, when the Russian military gained access to a ransomware known as NotPetya. Like Orion, NotPetya software was also corrupted, but the action to date has paralyzed activities of multinational companies and permanently blocked tens of thousands of computers worldwide.
The investigation carried out by the authorities that work in the intelligence departments of the United States indicates that SolarWinds is living the same scenario, after all, the hackers had enough time to cause several damages. Hackers are estimated to have enjoyed American computer networks for nine months. It is not yet known whether the activity was restricted to just reading emails or whether the action boils down to destructive behavior.
The hackers who hacked into the SolarWinds system gave a masterful lesson in new hacking techniques: they modified the Orion software code, created a system that used domains to select targets, mimicked the software’s communication protocols, and finally cleaned up the crime scene so investigators could not definitively prove who was behind the attack.
“The strategy was phenomenal,” said Adam Meyers, a forensic expert appointed by SolarWinds to analyze the corrupted software. “The work was elegant and innovative, which makes it even crazier.”
The conclusion of the current investigation, coordinated by the White House, blames Russian intelligence. Russia, for its part, denied any involvement.