U.S. government agencies hit in massive SolarWinds attack by suspected Russian hackers

U.S. government agencies were attacked as part of a global campaign that exploited a flaw in the software updates from Austin, Texas-based SolarWinds Corp. The hackers are suspected to be part of a notorious hacking group tied to the Russian government.

bits

Alyza Sebenius, Kartikay Mehrotra, and Michael Riley for Bloomberg News:

The attack included breaches at the U.S. Treasury and Commerce departments and those of other government agencies in an attack that started months ago. The same hacking group is also believed to be behind the recent attack on the cyber-security firm FireEye Inc.

“We have identified a global campaign that introduces a compromise into the networks of public and private organizations through the software supply chain,” FireEye said in a blog post late Sunday, without naming a specific group for the breach.

FireEye described a highly sophisticated attack that exploited updates in widely used software from Austin, Texas-based SolarWinds Corp., which sells technology products to a Who’s Who list of of sensitive targets. These include the State Department, the Centers for Disease Control and Prevention, the Naval Information Warfare Systems Command, the FBI, all five branches of the U.S. military, and 425 corporations out of the Fortune 500, according to the company’s website and government data.

The series of attacks could rank as among the worst in recent memory, though much remains unknown, including the motive and scope of the hacks. The hackers have been monitoring internal email at the U.S. Treasury and Commerce departments, Reuters reported.

All federal civilian agencies were ordered by the U.S. Cybersecurity and Infrastructure Security Agency to review their networks and disconnect or power down SolarWinds’s Orion software products immediately. The emergency directive late Sunday in Washington also asked for an assessment from these agencies by noon eastern time on Monday.

According to FireEye, the hackers hit organizations across the globe — in North America, Europe, Asia and in the Middle East — and in multiple sectors including government, technology, consulting, telecommunications, as well as oil and gas. The company believes that this list will grow.

Christopher Bing for Reuters:

The hack is so serious it led to a National Security Council meeting at the White House on Saturday, said one of the people familiar with the matter.

U.S. officials have not said much publicly beyond the Commerce Department confirming there was a breach at one of its agencies and that they asked the Cybersecurity and Infrastructure Security Agency and the FBI to investigate.

MacDailyNews Take: Ooh, the FBI. They’ll get to the bottom of it alright.

The trick – often referred to as a “supply chain attack” – works by hiding malicious code in the body of legitimate software updates provided to targets by third parties.

In a statement released late Sunday, the Austin, Texas-based company [SolarWinds] said that updates to its monitoring software released between March and June of this year may have been subverted by what it described as a “highly-sophisticated, targeted and manual supply chain attack by a nation state.”

SolarWinds says on its website that its customers include most of America’s Fortune 500 companies, the top 10 U.S. telecommunications providers, all five branches of the U.S. military, the State Department, the National Security Agency, and the Office of President of the United States.

“This is a much bigger story than one single agency,” said one of the people familiar with the matter. “This is a huge cyber espionage campaign targeting the U.S. government and its interests.”

Hackers broke into the NTIA’s office software, Microsoft’s Office 365. Staff emails at the agency were monitored by the hackers for months, sources said… The hackers are “highly sophisticated” and have been able to trick the Microsoft platform’s authentication controls, according to a person familiar with the incident, who spoke on condition of anonymity because they were not allowed to speak to the press.

MacDailyNews Take: Microsoft. Shocker.

Microsoft Security + Government Intelligence = Mother of All Oxymorons.

The full scope of the breach is unclear. The investigation is still its early stages and involves a range of federal agencies, including the FBI, according to three of the people familiar with the matter…

There is some indication that the email compromise at NTIA [National Telecommunications and Information Administration] dates back to this summer, although it was only recently discovered, according to a senior U.S. official.

MacDailyNews Take: This sounds like just the tip of the iceberg.

For more information, read FireEye’s blog post: Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor.

The best minds are not in government. If any were, business would steal them away. — Ronald Reagan

53 Comments

    1. Wow. This may be a first for First Then, saying “election results” now that the electoral college has confirmed Biden’s victory. The talking points from here on out will be “Biden is President buh buh buh whine whine whine cry cry cry” and all sorts of nonsense about how Biden cheated. Just a thought here but if Biden really did cheat and win doesn’t that mean he outsmarted Trump? Biden didn’t cheat but the logic coming from First Then literally means Biden outsmarted Trump and in First Then’s world wouldn’t the more deserving candidate be the one who outsmarted the other? What happened to Trump’s big brain? If he’s so great and such a genius it should have been easy to stop Biden from cheating. We have two options. One, Biden won a legitimate and fair election. Two, Biden outsmarted Trump and won by cheating.

      1. Powerful…

        “Biden outsmarted Trump and won by cheating.”

        “Whatever it takes,”

        a moniker proudly held by the liberal sector. Shame is so dated and a clear hinderance in these modern times.

        1. Bwah ha haa ha haaa ha haaa! You and Trump are too stupid to understand why this lame effort won’t work. I won’t explain it. See if you can figure it out. I bet you can’t.

          1. Trump has now pitched his best case at nearly a hundred judges, most of them Republican and many Trump-appointed. He has won one minor victory and lost over 55 times. All but a few of the rulings were unanimous.

            He has pitched his best case to the states, and they had certified a Biden victory by the safe harbor date. He pitched his case to the electors and they gave 306 votes to Biden.

            He pitched his case to the public and they picked Biden not only in the Electoral College but by over 7,000,000 popular votes.

            About all he has left are incitements to violence, and America should not tolerate that. It is time for him to stop fishing, stop cutting bait, and get out of the way.

            1. Popular votes don’t matter. You know that. If they did, Trump would have campaigned in NY, CA, etc,. and Biden would have done his little-watched Zoom calls targeted at AR, LA, MS, KY, etc. Biden and his caretakers might even have gone to those states and tried to fill his 12 circles with people who were ostensibly interested in seeing the spectacle of a dementia patient attempting to read a teleprompter.

              The actual margin of “victory” is 109K votes (and that is counting Biden’s fraudulent votes).

              Vote difference Biden vs. Trump:

              Wisconsin (10 votes): 19K
              Pennsylvania (20 votes): 80K
              Arizona (11 votes): 10K

              So much for a “mandate” for the illegitimate Biden (who can’t even walk off stage without his elder-abusing fake “doctor” wife guiding him).

              In reality, there are thousands of sworn affidavits and actual proof of voting irregularities with more coming in every day.

              Having cases pitched by judges on procedural grounds doesn’t mean there wasn’t any fraud nor does it disprove it. The actual Trump campaign has filed fewer than 10 of those “over 55” cases you erroneously cite.

              Sworn affidavits are actual proof, admissible in a court of law, of voting irregularities.

            2. Yes, sworn affidavits are admissible evidence, but when they only contain hearsay and lay opinion, they are not credible evidence. Again, the Trump Dream Team has had five weeks to persuade friendly judges that there is even enough credible evidence of fraud to get over the threshold of probable cause. They have failed to meet that minimal burden even once out of almost six dozen cases.

              Joe Biden does not have the burden of proving that there was no fraud (nobody can prove a negative). The party seeking to overturn certified election results has the burden of proof, and has miserably and repeatedly failed to do so.

              It. Is. Over.

    2. Dominion. Antrim report. SolarWinds hack. They are going to try to blame the Democrat vote tampering on “The Russians.”

      Yeah, this guy lost to a dementia patient who didn’t campaign (Dec. 12, 2020):

  1. Allied Security Operations Group: Antrim Michigan Forensics Report

    The Antrim County Clerk and Secretary of State Jocelyn Benson have stated that the election night error (detailed above by the vote “flip” from Trump to Biden, was the result of human error caused by the failure to update the Mancelona Township tabulator prior to election night for a down ballot race. We disagree and conclude that the vote flip occurred because of machine error built into the voting software designed to create error.

    Secretary of State Jocelyn Benson’s statement on November 6, 2020 that “[t]the correct results always were and continue to be reflected on the tabulator totals tape . . . .” was false.

    The allowable election error rate established by the Federal Election Commission guidelines is of 1 in 250,000 ballots (.0008%). We observed an error rate of 68.05%. This demonstrated a significant and fatal error in security and election integrity.

    The results of the Antrim County 2020 election are not certifiable. This is a result of machine and/or software error, not human error.

    The tabulation log for the forensic examination of the server for Antrim County from December 6, 2020 consists of 15,676 individual events, of which 10,667 or 68.05% of the events were recorded errors. These errors resulted in overall tabulation errors or ballots being sent to adjudication. This high error rates proves the Dominion Voting System is flawed and does not meet state or federal election laws.

    These errors occurred after The Antrim County Clerk provided a re-provisioned CF card with uploaded software for the Central Lake Precinct on November 6, 2020. This means the statement by Secretary Benson was false. The Dominion Voting System produced systemic errors and high error rates both prior to the update and after the update; meaning the update (or lack of update) is not the cause of errors.

    In Central Lake Township there were 1,222 ballots reversed out of 1,491 total ballots cast, resulting in an 81.96% rejection rate. All reversed ballots are sent to adjudication for a decision by election personnel.


    On and on it goes – and this is only ONE COUNTY:

    Allied Security Operations Group: Antrim Michigan Forensics Report

  2. Why does everyone always say “Russian Hackers.” When Russia gets attacked do they say American Hackers? Both sides have their NSA intelligence agencies and are always attacking each other and that is exactly what this was. Not kids in mom’s basement, but professionals. All this points out is SolarWinds needed better encryption and security. Hopefully, other suppliers will also be looked at. I think the government says hackers to try to downplay such events

    1. Someone who hacks a computer system is a hacker. It does not imply that the person is an amateur. When the NSA or GRU hack, the government employees who do the hacking are hackers.

      1. Wrong again as usual.

        When a person steals a document for a foreign power you don’t call him a thief, you call him a spy.

        Same for sabotage and hacking.

        Of course I know “spy” to a Democrat means election fraud created to make fake news so I see why you are easily mistaken.

  3. https://www.frontpagemag.com/fpm/2020/11/fighting-words-david-horowitz/?fbclid=IwAR1iL11UAxQJIcXnQuRyhCltl0_iU2jYekLUV95L6TIP_nOtm6fHisW6EwE

    “…The Democrats’ plan to steal the 2020 election was hatched many years ago when Democrats launched their first attacks on Voter I.D.s, and then every effort to secure the integrity of the electoral system. Those attacks metastasized into an all-out assault on Election Day itself with early- and late-voting grace periods, and a flood of 92 million mail-in ballots, hundreds of thousands of which were delivered in the middle of the night to be counted behind the backs of Republican observers after Election Day had passed.

    The result of these efforts is that Election Day no longer really exists as a day when the votes are cast and counted. This is a fact that offers generous opportunities for the election saboteurs to do their work. Those saboteurs’ opportunities were greatly enhanced this year with the installation in battle ground states of voting machines specifically designed to calculate how many votes were required to steal an election and then to switch ballots already cast and deliver them to the chosen party. Mail-in ballots were indispensable to the realization of this plan…”

    Heritage foundation sampling of recent voter fraud cases.
    https://www.heritage.org/voterfraud

    One thing is for certain. Before another vote is cast in this country for a freaking dog catcher, the system must be cleaned up, and the effects of the Democrat literal and actual attack on democracy must be reversed. No one should be voting by mail. No one should vote without an ID. The idea that this is about racism is disgusting like everything the Democrats package in the racism category. No election is even remotely trustworthy is we allow the current abominations to remain in place. I can get behind election day being a national holiday for sure, but at this point we’re ridiculously wide open to fraud and terrified to deal with it when it is as obvious as the fact that water is wet.

    Do voter ID laws suppress the black vote?

    1. Do voter ID laws suppress the black vote? Yes, if the laws limit acceptable IDs to documents that poor people find it too difficult or too expensive to obtain. There is a reason that the USA amended the Constitution to prohibit the poll tax and other financial obstacles to voting. Here in Texas, college IDs (often held by students who vote Democrat) are not valid, but hunting licenses (often held by Republicans) are. Those who are going to cast illegal votes are not going to be stopped by the need to get a fake ID.

      In a country that relays on the consent of the governed, we should be encouraging people to vote, not making it more difficult. There are a lot of Americans who cannot afford to take unpaid leave from work to vote. Others cannot afford to expose themselves to crowds. Hence mail-in voting, which has been the default in some states for over a decade.

      1. • You are a racist. You think black voters are either a) too poor or b) too stupid to get an ID.

        • If someone if so poor and/or so stupid as to be unable to get a measly ID, simple logic dictates they shouldn’t be voting anyway since if they don’t have the basic faculties to scrape together a pittance for an ID or the brainpower to get one, they certainly aren’t equipped to make the complicated decisions necessary to determine a proper vote.

        • Regardless of the point above, every U.S. citizen already has an ID, that they’ve had since birth, at no cost: Their Social Security card.

        • The real reason Democrats don’t want to require that ID that every citizen already has in order to vote is so that they can continue to cheat in elections with dead people voting, individuals voting multiple times in multiple states, noncitizens voting, etc.

        1. It is not racist to point out that rules that suppress poor people from voting will have a disproportionate effect on minorities.

          In most states that require a voter ID, including Texas, a Social Security card is not acceptable because it does not have a photograph.

          The United States Constitution quite specifically prohibits limiting the vote to those “who can scrape together a pittance.”

          Federal law prohibits states from applying tests to see who is clever or educated enough to vote.

          You may think that only educated white men of property over 21 should vote, but that system changed a very long time ago.

          1. Sometimes, TX, you sicken me. YOU ARE MOST DEFINITELY A RACIST. ONE OF THE WORST, BECAUSE YOU’RE TOO DAMN STUPID, SELF RIGHTEOUS, ARROGANT, AND ELITIST TO RECOGNIZE YOUR OWN RACISM.

            Your type of racism is the WORST racism of all. It’s insidious. Oh the poor dumb black people be too stupid to walk down to the DMV and get they ID because they be too poor to walk down to da dmv and get they ID because they be too stupid…

            You seriously need to go fuck yourself, You are the epitome of why I call the Democratic Party the single most racist institution that has ever existed in this country past and present and probably future.

            Everyone knows the push to get rid of ID is so that anyone can vote, including and especially people who are in the country ILLEGALLY.

            You don’t fool anyone with the bullshit about educated white men either. I don’t know a single black person who doesn’t have ID. NOT A SINGLE ONE. That’s YOUR WHITE SUPREMACIST FANTASY, like the moron liberals in that video above.

            Tell me to you want the poor stupid black people calling you BAWANA also? You need to get real.

            1. Honest thinkers should be aghast with the mindless replies of the future leaders of America and their thinking that’s been birthed at the higher places of liberal learning (not to be confused with Liberal Arts). The thinking is nothing but…

              Bigotry of Low Expectations

              It’s insulting and born out by the majority of blacks.

              We could use a little admonition from MLK. (Translation to many in our culture…I’m saying all this because of my white privilege.)

            2. Of course you don’t know any black people without a photo ID, just like you don’t know any black people who have faced discrimination. I’m guessing that you don’t live someplace where “walking down to the DMV” involves a 20-mile trip in each direction, followed by a 20-mile walk the other way to the voter registrar, and a third 40-mile round trip if you are forced to vote in person…with all three walks involving time off from a job that does not provide paid leave.

              I’m guessing you aren’t a homeless person who, by definition, cannot present ID with a permanent residential address, or someone who lives in a colonia, Indian reservation, or trailer park where the residents do not have street addresses because the government has never gotten around to naming and numbering the streets. I’m guessing that nobody ever purged you from the voter rolls because you are registered with the opposition party and missed voting in a couple of off-year elections.

              You probably don’t live in a community where the local polling station has been closed or voting hours substantially reduced for “budgetary reasons” that curiously fail to affect the stations in wealthy neighborhoods that vote for the party in power; in other words, the polls are closed in neighborhoods where people don’t have transportation to the new locations, rather than in places where they do.

              Your state may not require absentee ballots to be notarized, even if you live miles from the nearest notary public, or witnessed by other people in violation of social distancing in a pandemic, or accompanied by a photocopy of your ID when you have no access to a photocopier.

              Yes, I believe that any qualified citizen should be able to vote without a lot of obstacles that specifically target demographic segments that favor the opposition party rather than the party in power. That does not mean that those of us who think the Voting Rights Act of 1965 is still a good idea favor letting non-citizens vote. There is no actual evidence of that happening in significant numbers (and no, “My Uncle Joe heard it on the street” is not actual evidence).

              All this “election integrity” crap is just that: crap directed at keeping certain segments of the population from voting in large numbers, just like all the crap since Nov. 3 has been directed in suppressing the votes lawfully cast by those same segments. Why else would anyone file a suit to throw out the votes of the two Wisconsin counties with the most minorities, and only those two counties, for alleged bad advice from the Republican-established state election office that was followed statewide?

              Thank God that your effort to overthrow our representative republic has failed. You will not sneak up on the supporters of the Constitution again.

            3. “Sometimes, TX, you sicken me. YOU ARE MOST DEFINITELY A RACIST. ONE OF THE WORST, BECAUSE YOU’RE TOO DAMN STUPID, SELF RIGHTEOUS, ARROGANT, AND ELITIST TO RECOGNIZE YOUR OWN RACISM.”

              Awesome read and thank you for your spot on honesty, theloniousmac.

              You outed a political partisan hack who LIES here daily,

              Well done, sir…

          2. Yes, it’s clear from your post, you embody the bigotry of low expectations.

            You really think poor people/minorities are inept. To the point of the video, you view black’s ability to function in society in this way.

            Maybe take a step down off the High Horse.

        2. “• The real reason Democrats don’t want to require that ID that every citizen already has in order to vote is so that they can continue to cheat in elections with dead people voting, individuals voting multiple times in multiple states, noncitizens voting, etc.”

          Exactly RIGHT!!! TxLiar does cannot and will not face the Brutal Truth…

      2. 24 things that require a photo ID
        1. Alcohol
        2. Cigarettes
        3. Opening a bank account
        4. Apply for food stamps
        5. Apply for welfare
        6. Apply for Medicaid/Social Security
        7. Apply for unemployment or a job
        8. Rent/buy a house, apply for a mortgage
        9. Drive/buy/rent a car
        10. Get on an airplane
        11. Get married
        12. Purchase a gun
        13. Adopt a pet
        14. Rent a hotel room
        15. Apply for a hunting license
        16. Apply for a fishing license
        17. Buy a cell phone
        18. Visit a casino
        19. Pick up a prescription
        20. Hold a rally or protest
        21. Blood donations
        22. Buy an “M” rated video game
        23. Purchase nail polish at CVS
        24. Purchase certain cold medicines

        Only a f’ing libturd would think an ID should not be required to vote

        1. Gosh, guess what right is guaranteed by the US Constitution:

          —Voting.

          Guess what activities are not protected by the Constitution:

          —All the 24 things you listed.

          1. Correction—#20 is constitutionally protected, and I don’t know where in the First Amendment you see a requirement to present a photo ID before assembling or petitioning the government for redress of grievances.

            1. I’m not so sure about that. If the Second Amendment really says that there is an individual right to keep and bear arms, as the Supreme Court first told us in 2010, I’m not sure whether the government can keep people without photo IDs from exercising that right. If, on the other hand, the Second Amendment merely protects state regulation of the militia from federal interference, as every court told us between 1791 and 2010, there is no constitutionally protected right to buy a firearm, with or without a photo ID. Either way, the demand for a photo ID to buy a firearm is not analogous with requiring a photo ID to vote.

        1. You must not read much. For all the reasons I list above, voter ID laws make it harder for poor people than rich people to vote. Although many white folks are poor, the proportion is much higher among people of color. Those are simply facts. It is no more racist than pointing out that coronavirus has been far more devastating among communities of color than among middle-class white folks.

          As with the voter ID laws, the disparity may not be due to express racial bias, but it is nonetheless real. However, when the decisions that suppress the poor (and therefore black) vote are made by men who are afraid that the black vote would be against them, it is hard to eliminate the possibility of racial bias.

    2. Well said! Yes, The Democrats are totally CORRUPT and destroyed our voting system. Libtard SHILLS like TxLiar does not have an honest bone in his body! This election was a setup and the media stood idly by and watched the corruption take place because they hate Trump from Day One. So, not only our voting is ruined, so is the biased Democrat media. Wake up people!!!…

      1. If the evidence of fraud is so overwhelming, why has the Trump Dream Team won 1 minor victory in court versus at least 55 losses? The answer of course is that none of the “witnesses” that Rudy and the Kraken keep citing have been willing to go into a courtroom and repeat their fantasies subject to cross-examination and the penalties of perjury.

        Instead, case after case has been filed listing allegations unsupported by evidence. Judge after judge—most of them Republican and many Trump-appointed—have poured out case after case because they were not sustainable in fact or in law. You cannot blame the media for reporting that simple truth.

        1. Cannot blame media for reporting the truth?🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣🤣

          What truth? The Liberal Democrat Media has been attacking Donald Trump for five years since he descended the golden escalator.

          Truth, since when is a highly partisan Democrat political voice such as yours interested in the truth? You are only interested in selective tactics to help your team win, it is so obvious an idiot would spot it.

          Of course you don’t see any voter fraud you HATE Trump and want Biden to win, we got that long ago.

          Of course you don’t want to acknowledge the sworn affidavits and testimony addressing voter fraud particularly in the Senate. Nothing happened in your dishonest mind. 🙈🙉🙊

          Of course you don’t acknowledge hundreds of thousands of votes flipping for Biden in the middle of the night in Democrat swing states when Republican observers denied access and more votes than registered voters in some states. The FAKE prosecutor missed that one and I the biased liberal media, as well.

          Of course you don’t acknowledge in PA the Secretary of State went against state Constitution and illegally changed voting laws in the 11th hour. It was upheld by the PA Supreme Court CONTROLLED by corrupt Democrats. Imagine that? And the U.S. Supreme looked the other way when clearly election laws were violated.

          Of course you don’t want law and order when is affects the Democrat Party, same as you don’t want Voter ID to stop dead people and illegal aliens voting for your party.

          You are an unabashed liar, a white racist, no conscience and you don’t have a non partisan law and order bone in your body.

          Hillary taught you well…

  4. Anytime I hear the erase “Russian hackers” I have to ask if people have heard of Vault 7. You know, the WikiLeaks documents showing that the CIA lost control of its cyber warfare tools. And that many of the tools have the ability to spoof the origin of a hack or attack.

    So those alleged Iranian cyber attacks on Israel, or Russian hacks referred to above? Who knows who really did them, or for what reason. It could as easily have been the CIA conducting black flag ops. Or deep staters tying to constrain Biden’s range of actions, or to push Trump into igniting some action before he’s hounded out of office.

    But sure, MDN is willing to perpetuate the illusion that the mainstream media propaganda is worth following in this area.

    https://en.wikipedia.org/wiki/Vault_7

  5. I suspect spoofing by the NSA; It has that proven capability which it practiced in the past by spying on Merkel and other world leaders. The unjustly maligned and heroic Edward Snowden told us all about it.
    And, yes, Reagan would certainly have supported an untrusted company like Microsoft to take his highly corrupt corporatized government’s best workers.

  6. Why the NSA? To prod Joe to not slow down the flow of free ledger entry money to the various spy agencies and the Pentagon, thereby enriching military and spy contractors that surround Wash. DC `in Virginia, West Virginia and Maryland like baby pigs at the pig mother’s nurturing breasts.

  7. Gawd, you people are sick. If the democrats fixed the election, it would have been trivial to swing a couple of Senate votes at the same time. You can’t have it both ways.

    1. My favorite conspiracy theory is that the Maricopa County Registrar in Arizona manufactured enough fake votes in Phoenix and the surrounding cities to throw AZ to Biden, but didn’t bother to avoid being beaten in his own reelection bid.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.