Experts who wrestled with SolarWinds hackers say cleanup could take months - or longer

By Raphael Satter WASHINGTON (Reuters) - Cybersecurity expert Steven Adair and his team were in the final stages of purging the hackers from a think tank's network earlier this year when a suspicious pattern in the log data caught their eye. The spies had not only managed to break back in – a common enough occurrence in the world of cyber incident response – but they had sailed straight through to the client's email system, waltzing past the recently refreshed password protections like they didn't exist.

Reuters December 25, 2020 00:12:05 IST
Experts who wrestled with SolarWinds hackers say cleanup could take months - or longer

Experts who wrestled with SolarWinds hackers say cleanup could take months  or longer

By Raphael Satter

WASHINGTON (Reuters) - Cybersecurity expert Steven Adair and his team were in the final stages of purging the hackers from a think tank's network earlier this year when a suspicious pattern in the log data caught their eye.

The spies had not only managed to break back in – a common enough occurrence in the world of cyber incident response – but they had sailed straight through to the client's email system, waltzing past the recently refreshed password protections like they didn't exist.

"Wow," Adair recalled thinking in a recent interview. "These guys are smarter than the average bear."

It was only last week that Adair's company - the Reston, Virginia-based Volexity - realized that the bears it had been wrestling with were the same set of advanced hackers who compromised Texas-based software company SolarWinds.

Using a subverted version of the company's software as a makeshift skeleton key, the hackers crept into a swathe of U.S. government networks, including the Departments of Treasury, Homeland Security, Commerce, Energy, State and other agencies besides.

When news of the hack broke, Adair immediately thought back to the think tank, where his team had traced one of the break-in efforts to a SolarWinds server but never found the evidence they needed to nail the precise entry point or alert the company. Digital indicators published by cybersecurity company FireEye on Dec. 13 confirmed that the think tank and SolarWinds had been hit by the same actor.

Senior U.S. officials and lawmakers have alleged that Russia is to blame for the hacking spree, a charge the Kremlin denies.

Adair – who spent about five years helping defend NASA from hacking threats before eventually founding Volexity – said he had mixed feelings about the episode. On the one hand, he was pleased that his team's assumption about a SolarWinds connection was right. On the other, they had been at the outer edge of a much bigger story.

A big chunk of the U.S. cybersecurity industry is now in the same place Volexity was earlier this year, trying to discover where the hackers have been and eliminate the various secret access points the hackers likely planted on their victims' networks. Adair's colleague Sean Koessel said the company was fielding about 10 calls a day from companies worried that they might have been targeted or concerned that the spies were in their networks.

His advice to everyone else hunting for the hackers: "Don't leave any stone unturned."

Koessel said the effort to uproot the hackers from the think tank - which he declined to identify - stretched from late 2019 to mid-2020 and occasioned two renewed break-ins. Performing the same task across the U.S. government is likely to be many times more difficult.

"I could easily see it taking half a year or more to figure out - if not into the years for some of these organizations," Koessel said.

Pano Yannakogeorgos, a New York University associate professor who served as the founding dean of the Air Force Cyber College, also predicted an extended timeline and said some networks would have to be ripped out and replaced wholesale.

In any case, he predicted a big price tag as caffeinated experts were brought in to pore over digital logs for traces of compromise.

"There's a lot of time, treasury, talent and Mountain Dew that's involved," he said.

(Reporting by Raphael Satter; Editing by Andrea Ricci)

This story has not been edited by Firstpost staff and is generated by auto-feed.

Updated Date:

TAGS:

Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.

also read

Stricter lockdown restrictions probably on the way, says UK PM Johnson
World

Stricter lockdown restrictions probably on the way, says UK PM Johnson

By William James LONDON (Reuters) -British Prime Minister Boris Johnson said on Sunday tougher lockdown restrictions were probably on the way as COVID-19 cases keep rising, but that schools were safe and children should continue to attend where permitted. COVID-19 cases in Britain are at record levels and the increase in numbers is fuelled by a new and more transmissible variant of the virus

Chanting anti-U.S. slogans, Iraq militia supporters mark year since Soleimani's killing
World

Chanting anti-U.S. slogans, Iraq militia supporters mark year since Soleimani's killing

By Maher Nazeh BAGHDAD (Reuters) - Tens of thousands of supporters of Iranian-backed Iraqi paramilitary groups chanted anti-American slogans in central Baghdad on Sunday to mark the anniversary of the U.S. killing of Iranian general Qassem Soleimani and an Iraqi militia commander.

U.S. Senate control, and Biden's agenda, at stake as Georgia runoff elections loom
World

U.S. Senate control, and Biden's agenda, at stake as Georgia runoff elections loom

By Nathan Layne and Joseph Ax CUTHBERT, Ga. (Reuters) -Control of the U.S. Senate – and with it, the likely fate of President-elect Joe Biden's legislative agenda – will be on the ballot on Tuesday when voters in Georgia decide twin runoff elections