National Security

Russia’s Big Hack Exploited NSA Blindspots

Written by SK Ashby

We still don't know the full, comprehensive scope of Russian big hack that originated at software developer SolarWinds earlier this year and we may not have a full understanding of it until later this year (or even longer) under an administration that actually cares about it. But one thing we do know is how the hackers were able to avoid detection for most of a year.

It's not as if the Trump regime has its finger on the pulse of actual threats to national security at a time when Trump has repeatedly invoke fake threats to "national security" to carry out his personal agenda, but the hackers also exploited blind spots built into our own laws.

According to the New York Times, the Russian hackers intentionally managed all of their intrusions from servers inside the United States to avoid the eyes of the intelligence community.

The breach is far broader than first believed. Initial estimates were that Russia sent its probes only into a few dozen of the 18,000 government and private networks they gained access to when they inserted code into network management software made by a Texas company named SolarWinds. But as businesses like Amazon and Microsoft that provide cloud services dig deeper for evidence, it now appears Russia exploited multiple layers of the supply chain to gain access to as many as 250 networks.

The hackers managed their intrusion from servers inside the United States, exploiting legal prohibitions on the National Security Agency from engaging in domestic surveillance and eluding cyberdefenses deployed by the Department of Homeland Security.

I couldn't help but think of former NSA contractor-turned-Russian defector Edward Snowden when I read this report.

It feels like ancient history at this point but, during the latter half of the Obama administration, a significant portion of the country was consumed by wildly misleading and irresponsible reports about the National Security Agency's (NSA) capabilities based on a handful of PowerPoint slides, memos, and Snowden's own dubious witness accounts.

The intelligence community was regularly spying on Americans at home as a matter of course, Snowden told the world, but none of what the NSA was materially accused of doing ever happened. Federal law already prohibited the use of the theoretical capabilities that Snowden presented to the world and what he took with him to Russia exposed our actual vulnerabilities, not our imagined threats.

Reports based on Snowden's accounts eventually reached Congress where the Foreign Intelligence Surveillance Act (FISA) was scrutinized, but minimal changes to the law were ever made because the law was already clear. And ultimately, the controversy merely highlighted what the NSA can't do, not what it can do.

I can't say I'm basing this on anything more than instinct and intuition from what we already know, but I don't think it's a coincidence that Russian hackers exploited blind spots highlighted by Snowden's defection to compromise the vast majority of the federal government. We don't even know the full extent of information that Snowden took with him to Hong Kong and eventually Moscow, but I expect a congressional investigation will reveal a connection.

I'm not going to say the public is necessarily wrong to be skeptical of our spying capabilities, but misinformation leaves us vulnerable to actual threats, not theoretical threats. We shouldn't have to make a distinction between protecting civil rights and national security, but misinformation makes that more difficult.

If the intent was to make us take our eye off the ball, we have to say it worked. The Trump era has been a huge success for Putin's Russia.

By staging their attacks from servers inside the United States, in some cases using computers in the same town or city as their victims, according to FireEye, the Russians took advantage of limits on the National Security Agency’s authority. Congress has not given the agency or homeland security any authority to enter or defend private sector networks. It was on these networks that S.V.R. operatives were less careful, leaving clues about their intrusions that FireEye was ultimately able to find.

Intelligence officials say it could be months, years even, before they have a full understanding of the hacking.