The Three As of the Russian Government Hack: Acquisition, Aggregation, and Activation of Data

In this episode of the Futurum Tech Webcast, I was joined by my colleague, Fred McClimans, to take a look at the Russian government hack of the multiple government agencies, likely some Fortune 500 companies including telecoms and global accounting firms — and counting. We explored the timeline as we know it today, how the hack happened and the role Texas-based SolarWinds software played in the hack, how it was discovered, and the role the Three As: acquisition, aggregation, and activation of data play in a cyberattack. For starters, it’s safe to say the U.S. in general has been stunned by this attack, and with good reason. This is easily the biggest crises the NSA has encountered and the threat and risk of exposure for critical information, security, and infrastructure is high. Early assessments point to a state actor, Russia’s S.V.R., a successor to the KGB, as the mastermind behind the cyberattack. The hackers, known by the nicknames APT29 or Cozy Bear are part of the SVR and are the same group that hacked the White House email servers and the U.S. State Department during the Obama administration. Our discussion included: The timeline of the attack, first discovered by FireEye, a global cybersecurity firm, about a week ago. After reviewing some 50,000 lines of source code, the FireEye team discovered the culprit — a backdoor vulnerability in a product made by SolarWinds, a software provider serving all five branches of the U.S. military, the Pentagon, the State Department, NASA, the National Security Agency, the Department of Justice and the White House. Also 10 leading U.S. telecoms companies and top five U.S. accounting firms are SolarWinds customers, along with many other of the Fortune 500. The Treasury Department and Commerce Departments were the first breaches discovered, and we now know those affected includes the State Department, the Department of Homeland Security, whose Cybersecurity and Infrastructure Security Agency (CISA) is in charge of — well, cybersecurity, and there are no doubt more targets that will be discovered as the investigation continues. FireEye said that its investigation had identified “a global campaign targeting” governments and the private sector that, beginning in the spring had slipped malware into a SolarWinds update. This malware gave hackers remote access to a network, making everything visible. SolarWinds estimates some 18,000 users, both private and government entities, unwittingly downloaded the Russian-tainted malware as part of a routine software update. The attack was “the day you prepare against” said Sarah Bloom Raskin, the deputy Treasury secretary under the Obama administration, and it’s safe to say there are cybersecurity experts the world over who’ve been operating on little sleep since the hack was discovered. We talked in depth about the three As of a hack (this one or any cyberattack) as being very simple: it’s all about data. Data Acquisition, Data Aggregation, and Data Activation. Getting it, organizing it, and then figuring out how best to use it to achieve your goals, nefarious or otherwise. The CISA issued an emergency directive this past Sunday to power down the SolarWinds software. While that is a logical, and important move, what it means is that a whole lot of very large organizations are likely “flying blind” without the use of software they’ve long relied on for access and visibility into their systems. This hack is a direct hit to the digital supply chain and is an example of what happens above the operating system. It no doubt will be a security event that will likely have far-reaching impact, and we’re certain there are many interesting discoveries still ahead. We’ve done research on security and the role it plays in the enterprise and in governments for both Dell and Cisco in recent months. If you’re interested in security and what business leaders are thinking about their organizations’ security, we encourage you to download and read this research. You’ll find it here: Four Keys to Navigating the Hardware Security Journey (done in partnership with Dell) Unified Communications and Collaboration: The Primacy of Security, Privacy, and Trust (done in partnership with Cisco) Unified Communications and Collaboration: The Essential Differentiators for 2020 and Beyond (done in partnership with Cisco)