Clear

The suspected Russian hack of the US government, explained

CNN's John Avlon breaks down the recent data breach of multiple federal agencies by what US officials suspect are Russian-linked hackers and how President Trump has responded to Russian breaches in the past.

Posted: Dec 15, 2020 8:20 PM
Updated: Dec 15, 2020 8:20 PM
Posted By: Analysis by Zachary B. Wolf, CNN

Let's take a quick break from the pandemic and the presidential election and focus on two really important things regarding Russia:

1. Agents ID'd before poisoning -- CNN and the internet research journalists at Bellingcat have identified the team of Russian chemical experts who trailed opposition figure and Vladimir Putin nemesis Alexey Navalny to 17 countries before he was poisoned in Russia.

The identified Russians were dogged in their pursuit of Navalny, who CNN interviewed as he convalesces in Germany. But they also made some rookie spycraft mistakes, like barely changing their names or birth dates on travel documents. This kind of independent internet sleuthing is essential to unmask wrongdoing. It reminds me of the efforts undertaken to tie Saudi government agents to the killing of Jamal Kashoggi. It's sometimes harder for countries to hide their misdeeds than others.

2. US government hacked, Russia suspected -- We've long known about Russian efforts to compromise the US government and infiltrate the 2020 US electoral process. While there's no evidence to suggest Russia was successful in its efforts to target US election systems, it's now suspected of hacking multiple US government agencies -- from the Department of Homeland Security to the Department of Commerce -- by accessing SolarWinds, a third-party security vendor. It's also possible the Treasury Department and the US Postal Service were hacked.

What Matters went to Zachary Cohen, who covers national security for CNN and has been covering the breach, to understand a bit better what exactly happened and how big a deal it is.

Our email conversation is below:

What US agencies were hit?

WHAT MATTERS: These are alarming headlines about a hack of multiple US government agencies. What do we know about who was compromised and how do we know they are connected?

COHEN: The investigation is still in its early stages but we already know of at least four US government agencies that were compromised, including the cyber arm of DHS, which is tasked with helping to protect the nation from breaches like this. CNN has confirmed that the Departments of Agriculture, Commerce and Treasury were also compromised.

Sources have told CNN that USPS may have been hit but that investigation is still ongoing. The Department of Defense is also in the process of looking at whether any of its networks were targeted or hit.

We already know this is a serious breach

Cohen: Even at this early stage, though, it is already clear that this was one of the most serious breaches of the US government in years and there is increasing confidence among officials that it was carried out by the same Russian-linked hackers who were behind the recent incident involving the elite cybersecurity firm FireEye.

That link is very concerning for US officials who are working to determine the exact scope and scale of the attack on government agencies. The sophistication and tactics used in the hacking of US government agencies are similar to what was seen in the FireEye attack -- that is the primary indicator the two incidents are connected.

SolarWinds said in a statement Sunday night that the breach of its system "was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack."

What we know about SolarWinds

WHAT MATTERS? What is SolarWinds and why does the government outsource this kind of security?

COHEN: SolarWinds is a technology company whose products are used by a number of federal civilian agencies for network management. The US government often contracts with private companies like this because their expertise and product development is far beyond what the government can develop on its own. Some members of Congress have consistently criticized the potential security risks of using this kind of software, particularly without a thorough security review first. But protecting these networks is also the responsibility of the government and we are already seeing lawmakers, like Sen. Ron Wyden, a Democrat from Oregon, say there needs to be an in-depth review of software security practices.

This will be a challenge for the incoming Biden administration as well. Foreign adversaries are consistently attempting to infiltrate US networks and are only becoming more sophisticated in their ability to successfully do so.

Why is Russia suspected?

WHAT MATTERS: Your reporting says the government suspects Russia but has not yet made a conclusion it is Russia. How will they make that determination?

COHEN: Formal attribution of an attack like this takes time and the government does not always announce its findings even when the perpetrator has been identified. But there are only a handful of nation-state actors who have the ability to carry out a hack with this level of sophistication and Russia has a well-documented history in this area.

US officials and cybersecurity experts have identified specific indicators in how the software's vulnerabilities were exploited that point to the Russian-linked group APT29. This group is well-known by those who monitor foreign cyber activity and there are similarities between this attack and previous incidents that APT29 was involved in.

Why is a hack like this dangerous?

WHAT MATTERS: What's the danger in this type of hack? What kind of information is at risk and why would Russia want into US systems?

COHEN: It is difficult to say at this point just how dangerous a hack like this could be, and details continue to emerge about the kind of information that may be at risk. That said, the fact that we already know DHS was compromised is certainly concerning, especially considering the fact that its cyber arm was specifically breached. There are also concerns that Department of Defense networks may have been hit, but that investigation is still ongoing.

The Russians were believed to be behind a previous cyberattack on Department of Defense networks, which led to a complete overhaul of the security protocols that were in place.

While there are still a lot of unanswered questions about what exactly the hackers were after, Wyden has already called the incident "a massive national security failure that could have ramifications for years to come."

The Cybersecurity and Infrastructure Security Agency, the DHS agency in question, helped lead the government's election security efforts and was essential in protecting that process from foreign interference.

But it appears that Russian-linked actors managed to breach CISA's network while it was focused on the election, and the agency will certainly face some criticism for that. The news also comes after top CISA officials, including Chris Krebs, were fired by President Donald Trump for saying publicly that the 2020 election was the most secure in history, and that leadership overhaul will likely only complicate efforts to address the recent breach.

How will the US respond? Will the government retaliate?

WHAT MATTERS: We haven't heard much from the federal government about a response, but you report about Presidential Directive 41, which sounds like something out of a spy movie. What do we know about how the US government could respond? Will there be retaliation?

COHEN: As you mentioned, the government has put into effect Presidential Policy Directive 41, which is an Obama-era plan for executing a federal government response to any cyber incident, whether involving government or private-sector entities.

For significant cyber incidents, the directive also establishes a plan for coordinating a response between the agencies, and it requires the Departments of Justice and Homeland Security to assist entities affected by cyber incidents.

More simply put, it is all hands on deck right now as agencies across the government are working to investigate the hack and determine next steps. As far as possible retaliation, that remains to be seen and largely hinges on what information may have been stolen and how it could be used against the US.

But even though it is already clear this breach was massive, officials have told CNN that it is consistent with what they've come to expect from foreign governments. The US is also constantly scanning foreign networks, so there is a consistent level of activity that is happening on a day-to-day basis in this space.

While there will likely be calls for some sort of response, particularly if the government formally determines Russia was involved, no one wants a full-on cyber war and are aware that a tit-for-tat response can escalate quickly. As such, any response directed at those behind the attack will be carefully considered before action is taken.

For now, response efforts are focused on mitigating the impact of the breach.

Calls for a global treaty on cyberwarfare

WHAT MATTERS: All this hacking and counterhacking is wild. Do security professionals view this as a sort of hot cyberwar going on? How should Americans see this?

COHEN: The rules of cyberspace have continuously evolved over the last few years and the US government has been forced to adapt accordingly, though some experts and lawmakers believe it has not done so quickly enough. The reality is that the US is constantly working to counter foreign cyber threats and recently adopted a "defend forward" posture that involves proactively working to understand the tactics used by these actors and how they might seek to exploit vulnerabilities in our networks.

Agencies like US Cyber Command have also been given broad authorities to respond to specific threats without having to get approval first from the White House, so that gives you a sense of just how persistent the issue is.

That said, countries like Russia have little to gain from instigating a full-scale cyber war against the US because of the offensive capabilities at its disposal. So as a result, there is a lot of posturing by the US as it warns adversaries not to cross the line. But going forward, the Biden administration will have to decide how it wants to manage this ever-changing environment, and some officials warn we are heading toward a "zero trust" mentality where it is assumed that everything is compromised.

And my colleague Brian Fung reports today about calls for a sort of a global treaty on cyberwarfare. He quotes Microsoft President Brad Smith: "We need a set of binding rules. And we need a commitment by the democracies of the world to hold authoritarian regimes accountable, so they keep their hands off of civilians in this time of peace when it comes to cyberspace."

The 'urban myth' behind GOP voter fraud claims

CNN senior political analyst Ronald Brownstein looks at the specific claims about voter fraud in Republican election lawsuits, such as they exist, and finds them very similar to Republican griping about cities and the way the country is changing.

The common thread: Unsupported claim that the election was being stolen through massive voter fraud in large cities with substantial populations of African Americans and other minorities.

The deeper GOP fear: ... that they are losing control of the country to a racially and religiously diverse Democratic coalition based primarily in the nation's largest cities.

Bottom line: Trump's connection of his near-term fraud claims with his familiar warnings that long-term demographic and cultural change threatens his supporters helps explain why such a staggeringly large percentage of Republican voters -- up to about three-fourths in some recent surveys -- have accepted his new "urban myth" that the election was stolen, even though state and federal courts across the country have uniformly dismissed the President's unsupported "evidence."

Brownstein also outlines a coming wave of efforts in states controlled by Republicans to make it more difficult to vote in cities and he predicts the entire principle of democracy will be less important than results.

Whatever it takes: A Republican Party defining itself as the last line of defense between genuine American traditions and Democrats who would transform the country into something dangerously different is a party for which adherence to the rules of "small d" democracy may be a luxury, not a necessity. If the stakes in each election are really that apocalyptic, the GOP may be increasingly drawn to using any means necessary to hold off an urban-based, diverse Democratic coalition that many Republicans have convinced themselves is stealing elections to advance its larger project of stealing what Trump calls "our country."

What else?

Senate Majority Leader Mitch McConnell finally acknowledged Joe Biden's victory. He did it after Russian leader Vladimir Putin but before Trump. This means the official GOP line on Capitol Hill is now that Biden won.

Biden picks Pete Buttigieg to lead the Transportation Department.

Today a stimulus deal seems possible. But I feel like a yo-yo even writing that down.

Inauguration in the time of Covid will be unlike previous inaugurations.

Here's a spot-on Chris Cillizza analysis of how things went from bad to worse for California Gov. Gavin Newsom.

Related Content

Scroll for more content...

Minnesota Coronavirus Cases

Data is updated nightly.

Cases: 381841

Reported Deaths: 4521
CountyCasesDeaths
Hennepin797561246
Ramsey34016592
Dakota27388236
Anoka26802263
Washington16968150
Stearns16011145
St. Louis11245158
Scott1016071
Wright993966
Olmsted815946
Sherburne706649
Carver592822
Clay579969
Kandiyohi504747
Rice491646
Blue Earth471022
Crow Wing426548
Otter Tail389337
Chisago379424
Benton358965
Nobles339541
Winona331539
Douglas319150
Mower310523
Polk306140
McLeod285530
Morrison275636
Goodhue264935
Beltrami262728
Lyon261223
Becker250529
Itasca245329
Isanti240925
Carlton236729
Steele23469
Todd211419
Pine199410
Nicollet190630
Mille Lacs188438
Brown182823
Freeborn179114
Le Sueur178613
Cass177213
Meeker175422
Waseca156811
Roseau15239
Martin142923
Wabasha13472
Hubbard130033
Redwood121022
Renville118434
Chippewa114418
Cottonwood11425
Dodge10583
Wadena10249
Houston9965
Watonwan9955
Rock96610
Sibley9364
Aitkin92931
Fillmore9280
Kanabec85518
Pipestone83618
Pennington83210
Yellow Medicine79513
Faribault7785
Swift74313
Murray7055
Jackson6913
Pope6503
Marshall63011
Stevens6245
Clearwater61110
Wilkin5355
Lac qui Parle5198
Koochiching4977
Lake49711
Unassigned48859
Lincoln4271
Big Stone4072
Norman3997
Mahnomen3616
Grant3467
Kittson32514
Red Lake2753
Traverse1762
Lake of the Woods1371
Cook970

Iowa Coronavirus Cases

Data is updated nightly.

Cases: 255853

Reported Deaths: 3225
CountyCasesDeaths
Polk37732371
Linn15498217
Scott12968118
Black Hawk11855189
Woodbury11480145
Johnson1035843
Dubuque10014125
Pottawattamie748378
Story743123
Dallas717960
Webster407348
Sioux407039
Cerro Gordo401949
Clinton377049
Marshall375953
Buena Vista337419
Muscatine331063
Warren330425
Des Moines327126
Plymouth311140
Wapello286987
Lee257020
Jasper255048
Jones247533
Marion233333
Henry230219
Carroll218225
Bremer213735
Crawford193316
Benton186831
Jackson167423
Boone164614
Washington163324
Tama163155
Dickinson157312
Delaware155127
Mahaska146231
Clay141310
Wright141311
Kossuth137423
Buchanan132815
Hardin132521
Hamilton131421
Page128610
Clayton126325
Harrison125449
Cedar125015
Winneshiek121215
Mills119911
Floyd119725
Fayette119014
Butler115415
Lyon114221
Calhoun11348
Poweshiek110421
Cherokee108415
Iowa106419
Winnebago103126
Hancock102721
Allamakee101718
Sac97410
Chickasaw9659
Louisa96323
Grundy94914
Union94511
Cass92836
Mitchell90919
Emmet88323
Appanoose87733
Humboldt86216
Shelby86120
Guthrie84922
Jefferson84813
Madison8348
Franklin81617
Palo Alto7492
Keokuk72318
Pocahontas6394
Ida63817
Howard63115
Montgomery62013
Osceola5905
Greene5856
Davis58012
Unassigned5770
Clarke5516
Adair51316
Monroe51315
Monona50712
Taylor5018
Worth4352
Fremont4265
Van Buren41911
Lucas4026
Decatur3732
Wayne33721
Audubon3296
Ringgold3175
Adams2122
Rochester
Overcast
20° wxIcon
Hi: 23° Lo: 15°
Feels Like: 10°
Mason City
Clear
13° wxIcon
Hi: 24° Lo: 14°
Feels Like: 13°
Albert Lea
Scattered Clouds
21° wxIcon
Hi: 26° Lo: 14°
Feels Like: 15°
Austin
Broken Clouds
21° wxIcon
Hi: 26° Lo: 15°
Feels Like: 21°
Charles City
Overcast
19° wxIcon
Hi: 26° Lo: 15°
Feels Like: 10°
A Few Snow Chances
KIMT Radar
KIMT Eye in the sky

Most Popular Stories

Latest Video

Image

Olmsted County supports conversion therapy ban

Image

Reports of an attempted abduction in Northwest Rochester

Image

Car Searched After Police Pursuit

Image

Chico's Autobody Worker Says He Was in Trunk of Car During High-Speed Chase

Image

Austin assault update

Image

Meals for first responders

Image

New Nature Center At Oxbow Park

Image

Mason City Arena Outlook

Image

Austin assault suspect identified

Image

Senator Senejm Works For Clean Energy

Community Events