The SolarWinds Cyberattack

Tag The Flag Contributor
The SolarWinds Cyberattack
Read Time: approx. 3:51

This is the top story from our daily newsletter published on December 21, 2020. To have this and more delivered directly to your inbox scroll down and enter your email or click here to sign up.

Last week, US cyber officials said the United States was the victim of a massive, monthslong cyberattack that targeted both government departments and US corporations. The breach goes back to at least March, continued through the election, and may still be ongoing. According to CNET, hackers compromised software made by a company called SolarWinds which “lets an organization see what’s happening on its computer networks. Hackers inserted malicious code into an updated version of the software, called Orion. Around 18,000 SolarWinds customers installed the tainted updates onto their systems.” On Friday, Secretary of State Mike Pompeo told conservative radio host Mark Levin “…we can say pretty clearly that it was the Russians.” On Saturday, President Trump said the media was exaggerating the attack and that China may be involved. Here’s what both sides are saying about the SolarWinds cyber attack:

On the Right: Conservatives and right-leaning outlets covered Pompeo’s interview, Trump’s response, and remarks from various Republican representatives. For example, as noted by outlets including Fox News and the Dailywire, Florida Republican Sen. Marco Rubio, acting chair of the Senate intel committee, said the U.S. should do more than just enforce sanctions. This actually won Rubio a round of applause from the Editorial Board of his hometown paper, The Miami Herald, which leans left. Yesterday they said “Rubio’s tough talk on Russia’s hack [is] a welcome break from Trump’s toadying up to Putin.” They also added, however, that Rubio “must be courageous enough to partner with the new occupant of the Oval Office when the stakes are this high.” Rep. Jody Hice of Georgia echoed Rubio’s remarks in a Newsmax TV interview on Friday saying, ”It could be (an act of war),” adding there needs to be — not only a similar response — but a stronger response, to make sure this type of thing never happens again.” The New York Post news team amplified a Sunday statement from Sen. Mitt Romney who said, “This invasion underscores that Russia acted with impunity. They didn’t fear what we would be able to do from a cyber capacity. They didn’t think that our defense systems were particularly adequate. And they apparently didn’t think that we would respond in a very aggressive way.” The Utah Republican said Sunday on NBC News’ “Meet the Press” he was “disappointed” about President Trump’s pushing against Secretary of State Mike Pompeo’s conclusion that Russia was behind the intrusion and said a response of either the same scale or greater is needed “as soon as possible.”

On the Left: Left-leaning outlets focused on President Trump’s initial response to the attack, which they characterized as being soft on Russia and an apologist for Putin. For example, here’s a sample of some of the headlines. Yahoo! News led with: “After days of silence, Trump says Russian cyberattack may have been China.” The Huffington Post opted for something similar, writing: “Trump Shrugs Off Massive Kremlin Cyberattack As No Biggie, Baselessly Points To China.” On the West Coast, The Los Angeles Times went with: “Lawmakers, experts baffled as Trump shrugs off likely Russian hack,” and on the East Coast the New York Times choose: “Trump Contradicts Pompeo Over Russia’s Role in Hack.” MSNBC’s Maddowblog said, “Trump’s record on cybersecurity is drawing fresh scrutiny.” On Friday, Steve Benen highlighted what he and other progressives believe is Trump’s concerning track record in regards to cybersecurity preparedness. For example, “halfway through his first year, Trump had a private chat with Putin,” after which he announced plans to partner with Russia on an “impenetrable Cyber Security unit.” Benen says “Trump quickly retreated” but then less than a year later he “eliminated the job of the nation’s cybersecurity czar, as part of John Bolton’s reorganization of the National Security Council. Benen points to The New York Times which reported at the time, “Cyber-security experts and members of Congress said they were mystified by the move… It was the latest in a series of steps that appeared to run counter to the prevailing view in Washington of cybersecurity’s importance.” Benen then points to the National Defense Authorization Act (NDAA) which “would help protect against the kind of broad Russian hacking discovered in recent days.” He concludes by saying “Donald Trump is nevertheless eager to veto the bill, making his record on the issue just a little worse.”

Flag This: The concerning aspect of this attack is that it went on for so long unnoticed. Unfortunately, that is just the nature of the game. According to IBM, the average time it took to identify a breach in 2019 was 206 days. That’s worrying given the fact that data from the University of Maryland shows that hackers attack every 39 seconds or on average, 2,244 times a day. These attacks are also wildly expensive. On average, a data breach costs $3.92 million according to Security Intelligence. What’s interesting, however, is that every time we learn about these leaks, most of the country seems to shrug them off. Varonis says that 64% of Americans have never checked to see if they were affected by a data breach. While you’re home for the holidays it may be worth picking some new passwords for the new year. CNET has a nice article titled: 9 rules for strong passwords: How to create and remember your login credentials, which is worth a read. Remember, sometimes the most secure password that’s the easiest to remember is a long sentence. For example, it could be TagTheFlagIsMyFavoriteNewsletter!