Russian President Vladimir Putin appears to be taking a cyberattack joy ride through federal government agencies, and once again President Donald Trump shows no intention of applying the brakes. Putin knows that president-elect Joe Biden will take the Kremlin’s hacking, malware, denial of service attacks and election interference seriously. So the Russian president has just weeks remaining to muscle his way through the firewalls and security infrastructure of key U.S. agencies to pilfer, posture and provoke. And if a new attack revealed this weekend is any indication, we could be looking at a cyber showdown between Biden and Putin as soon as the president-elect takes office.
If a new attack revealed this weekend is any indication, we could be looking at a cyber showdown between Biden and Putin as soon as the president-elect takes office.
Evidence of Putin’s latest digital rampage was revealed on Dec. 13. According to The Washington Post sources, Russian external security service known as the SVR is believed to be behind a series of wide-ranging attacks, monthslong attacks across multiple government agencies, from Department of the Treasury to the Department of Commerce. Disturbingly, the Russians also broke into a top cybersecurity firm, FireEye, and stole hacking tools the firm uses to test clients’ computer defenses. That means the SVR is even more armed and more dangerous than previously thought.
According to Washington Post sources, the scale of the Russian espionage operation is so vast that the National Security Council may have been spied on, as well. A leading cyber expert, Dmitri Alperovitch, advised The Associated Press that the hack could “turn into one of the most impactful espionage campaigns on record.”
As reported, this cyber-espionage campaign dates back for months and appears to be the work of the hacking group known as Cozy Bear or APT29. This same Russian group hacked the White House and the State Department during the Obama administration and is linked to attempts to steal coronavirus vaccine research. This SVR unit also hacked the Democratic National Committee in 2015 in an attack separate from a similar Democratic National Committee intrusion by Russia’s military intelligence agency, the GRU.
That GRU attack on the DNC was an attempt to aid Trump’s election campaign, and it resulted in then-special counsel Robert Mueller’s indictment of a dozen named GRU officers. Those indictments, which included extremely detailed discoveries of the precise methods and timing of the GRU hacks, was likely an extreme embarrassment for Putin. More recently, Putin’s angst must have been elevated when U.S. Cyber Command and the Cybersecurity and Infrastructure Security Agency (CISA) shut down Russia’s attempts to support Trump’s re-election by interfering with our voting systems.
Here’s why all of us should care about where this new type of warfare may be headed. The Russians were likely able to pull off this massive attack because they got inside the server of a network management system called SolarWinds. SolarWinds is used by more than 300,000 organizations across the world. These clients include all five branches of the U.S. military, the Pentagon, State Department, Justice Department, NASA, the executive office of the president and the National Security Agency, the world’s top electronic spy agency, according to the firm’s website.
SolarWinds is also used by the top 10 U.S. telecommunications companies. That means the ripple effects will doubtless spread much farther than the government.
Second, a key leader in America’s quiet fight against this emerging threat is no longer at the helm. Trump wasn’t happy when Chris Krebs, the head of CISA, pronounced the 2020 election secure. As a result, Trump fired Krebs. So, a critical leadership spot is vacant while we are at war. With news breaking of Russia’s latest efforts, Krebs sent a series of tweets Sunday night meant as a vote of confidence in the members of his team still on the job.
Despite Krebs’ reassurances, CISA’s leadership vacancy is problematic. But there’s an even more important leader who is present, but seemingly unwilling to act. The real question is not whether our agencies can handle this, but whether we have any confidence that Trump will do or say anything, by way of sanctions, retaliatory actions, or warnings, that might pause Putin’s trashing of our cyberdefenses. Based on his track record with Russia, there’s no reason to believe Trump will do anything of the kind.
Third, there are still about 40 days left in the Trump administration. That means that Putin’s free license to loot will expire soon. In these waning days, we should expect even more attacks and compromises of key computer systems. Congress should do all that it can to demand answers and insist on a response from the White House.
Perhaps this new hacking assault is last-minute shopping from Putin and his secret services. But it could also represent something bigger and more concerning. Our adversary may be throwing down the cyber gauntlet to Biden, signaling he intends to ensure Biden will be fighting viruses — on multiple fronts — the minute as soon as he steps into the Oval Office.