Last March, while the United States was struggling to control the spread of COVID-19, Russian cyber spies placed a tiny piece of computer code into part of the network management software belonging to a company called “SolarWinds Orion.” A popular software product used by thousands of I.T. departments worldwide, SolarWinds Orion gave these hackers access to over 18,000 government and private computer networks through a seemingly innocent software update.
Brad Smith, the president of Microsoft, learned about the hack after the presidential election this past November. According to CBS News, the intruders had already found access into Microsoft’s enormous computer network through a piece of third-party software and stolen pieces of its proprietary source code. “One of the really disconcerting aspects of this attack was the widespread and indiscriminate nature of it,” said Smith. “When we analyzed everything that we saw at Microsoft, we asked ourselves how many engineers have probably worked on these attacks. And the answer we came to was, well, certainly more than 1,000.” Microsoft has assigned 500 engineers to explore the attack, which Smith says is still ongoing.
The company that uncovered and announced the attack, however, was FireEye, a 3.5 billion dollar cybersecurity company. In November, a FireEye employee noticed a login registered with two phone numbers. Suspicious, they looked closer and discovered intruders impersonating employees to steal the company’s proprietary tools and information. According to CEO Kevin Mandia, a former Air Force intelligence officer, the hackers left no phishing expeditions, malware or any evidence at all. Extremely extensive investigation led FireEye to the SolarWinds breach, which they made public on December 12, 2020.
President Donald Trump, who was disputing the results of the 2020 elections, published a Tweet suggesting China was responsible for the hack. His secretary of state and attorney general were quick to contradict him, blaming the Russian spy agency SVR. According to CBS News, Russia denies it was involved, but Chris Inglis, the former deputy director of the National Security Agency and current member of the Cyberspace Solarium Commission, maintains that this was a Russian attack. “The government didn’t detect the attack because it doesn’t surveil on private sector networks,” says Inglis. “That’s a responsibility that’s given over to the private sector. FireEye found it on theirs, many others did not. The government did not find it on their network, so that’s a disappointment.”
How has the Biden administration responded to this critical situation? At a White House press briefing on February 17, Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger acknowledged the occurrence of the SolarWinds Orion compromise. Neuberger has been appointed as lead investigator for the federal response to the attack and is currently working to uncover and eliminate the intruders, and then will work on updating federal defenses to prevent any future attacks. According to CNN, this response will take at least “several months.”