Trump breaks his silence on huge cyber attack and says China may be responsible not Russia
Trump slams Pompeo for blaming Russia for huge cyber attack as he breaks his silence to say CHINA could be responsible and that voting machines may have been hit – but claims it is ‘well under control’
- Donald Trump finally addressed the massive hack on US government agencies and private sector firms for the first time Saturday
- The president tweeted Saturday just before noon to downplay the hack claiming it ‘is far greater in the Fake News Media than in actuality’
- He also suggested China could be behind the attack instead of Russia
- Secretary of State Mike Pompeo publicly blamed Russia for the attack Friday and there have been no reports of Beijing’s involvement
- Trump went on to repeat unfounded claims of election fraud saying ‘there could also have been a hit on our ridiculous voting machines during the election’
- Trump has remained silent on the issue until now
- The Pentagon, FBI, Treasury and State Departments have all been compromised
- The attack has been described as the cyber equivalent of Pearl Harbor and experts say the extent of the breach may never be known
Donald Trump has hit out at Secretary of State Mike Pompeo for blaming Russia for the huge cyber attack and has instead claimed that China could be responsible.
The president finally broke his silence over the hack just before noon Saturday when he tweeted accusing Beijing of being behind the attack and hit out at Pompeo after he became the first official to publicly blame Russia the day before.
While the nation’s cybersecurity agency has described the breach as a ‘grave threat’, Trump downplayed the hack which has compromised broad swathes of the federal government and private sector and has been described as the cyber equivalent of the attack on Pearl Harbor.
He brushed off its severity claiming it ‘is far greater in the Fake News Media than in actuality’ and insisted that ‘everything is well under control’.
Trump also once again pushed unfounded claims of widespread fraud in the presidential election, saying without evidence that voting machines could have been hacked.
Donald Trump has broken his silence over the huge suspected Russian cyber attack claiming that China could be behind the attack, despite Secretary of State Mike Pompeo publicly blaming Russia the day before
Trump tweeted claiming that China could be behind the attack, despite Secretary of State Mike Pompeo publicly blaming Russia the day before
‘The Cyber Hack is far greater in the Fake News Media than in actuality. I have been fully briefed and everything is well under control,’ he tweeted.
‘Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!).’
Trump’s fresh attack on China comes as tensions have escalated between the two nations this year as the president has accused President Xi Jinping of a ‘cover-up’ of the pandemic and insists on calling coronavirus ‘the China virus’.
Meanwhile, Trump has something of a close relationship with Russian President Vladimir Putin and has often refrained from criticizing his actions where other nations have.
Trump refused to accept findings of the Mueller report that Russia interfered in the 2016 presidential election, while his response to the recent poison attack on Putin’s opponent Alexey Navalny was that China is ‘far worse.’
There have been no reports of any involvement of Beijing in the cyber attack and Trump provided no information or evidence as to why he thought China may be involved.
He continued in a follow-up post claiming without evidence that voting machines may have been hacked and that he ‘won big’ in the election.
He also tagged Pompeo and Director of National Intelligence John Ratcliffe in his tweet in a clear sign that he disagrees with the assessments from two of his top officials that the breach is both ‘significant’ and orchestrated by the Kremlin.
‘There could also have been a hit on our ridiculous voting machines during the election, which is now obvious that I won big, making it an even more corrupted embarrassment for the USA. @DNI_Ratcliffe @SecPompeo.’
Twitter marked this tweet with a warning stating that ‘Election officials have certified Joe Biden as the winner of the U.S. Presidential election.’
His comments come just hours after Pompeo became the first US official to publicly attribute the massive hacking campaign to Russia.
‘There was a significant effort to use a piece of third-party software to essentially embed code inside of US government systems,’ Pompeo told The Mark Levin Show on Friday.
‘This was a very significant effort, and I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity.’
Even before Pompeo’s comments, Russia was thought to be behind the attack.
Donald Trump and China’s President Xi Jinping. Trump hit out at China claiming the nation could be behind the attack
Pompeo (pictured with his wife Susan) became the first US official to publicly attribute the massive hacking campaign to Russia Friday
Several private security companies said the breach bears the hallmarks of a Kremlin operation.
Some have pointed at the Russian hacking cell dubbed ‘Cozy Bear’ – though other experts argue that the tools and methods used in the new attack are different from any past breach, making attribution tricky.
On Saturday Republican Senator Marco Rubio also pointed the finger at Russia tweeting that: ‘The methods used to carry out the cyberhack are consistent with Russian cyber operations.’
Russian President Vladimir Putin’s spokesman denied Kremlin involvement, and the Russian embassy said in a statement that the country ‘does not conduct offensive operations in the cyber domain.’
Meanwhile, Ratcliffe on Wednesday issued a statement revealing that the breach on government agencies was ‘significant.’
‘This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government,’ he said.
Trump has remained quiet on the cyber attack until now. He posted a Christmas card with Melania Trump Friday but again provided no comment on the hack.
Sources told CNN Saturday that the White House had prepared a statement blaming Russia for the attack and planned to release it Friday afternoon but were ordered not to.
The insiders said the statement said Russia was responsible but that the government could not yet rule out involvement from others.
They said they were not told why the statement was not released.
His silence did not go unnoticed with Democrats in Congress blasting Trump for failing to address the issue and demanding a harsh response on the perpetrators.
‘Our nation is under assault. This cyberattack could be the largest in our history. We don’t yet know the extent of the damage, but we know that we weren’t prepared & have our work cut out for us,’ tweeted Rep. Jason Crow, a Colorado Democrat Friday.
‘We can’t wait for leadership, we need it now. @realdonaldtrump, where are you?’
Crow also likened the attack to Pearl Harbour in a follow-up tweet: ‘The situation is developing, but the more I learn this could be our modern day, cyber equivalent of Pearl Harbor.’
This heat map of infections created by Microsoft shows that those infiltrated by the hackers are spread out across the US
In contrast to Trump, President-elect Joe Biden issued a statement Thursday about the attack where he vowed to make cybersecurity ‘imperative’ when he takes office and said he would not ‘stand idly by’.
‘I want to be clear: My administration will make cybersecurity a top priority at every level of government – and we will make dealing with this breach a top priority from the moment we take office,’ Biden said in a statement.
‘We will elevate cybersecurity as an imperative across the government, further strengthen partnerships with the private sector, and expand our investment in the infrastructure and people we need to defend against malicious cyberattacks.’
While Trump attempted to brush off the severity of the hack, his comments come direct opposition to the concerns raised by top administration officials, politicians, tech giants and cybersecurity experts.
The Cyber security and Infrastructure Security Agency said the attack posed a ‘grave risk’ to ‘critical infrastructure’ in both the public and private sector, and at all levels of government.
‘CISA has determined that this threat poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations,’ the agency said Thursday.
A spokesman for Russian President Vladimir Putin denied Russia was behind the attack
‘CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations.’
The agency also warned the sophisticated attack was hard to detect and will be difficult to undo.
Senator Chris Coons, a Delaware Democrat, described the hack as an act of war telling MSNBC: ‘It’s pretty hard to distinguish this from an act of aggression that rises to the level of an attack that qualifies as war.’
The sprawling attack compromised multiple government agencies, as well as a growing list of companies and local governments across the country.
The two US agencies responsible for maintaining America’s nuclear weapons stockpile have already said they were compromised in the attack.
The attack also breached the Pentagon, FBI, Treasury and State Departments.
Other victims to fall foul of the attack include the Pima County, Arizona governmen and cable television company Cox Communications Inc, according to Reuters.
‘The situation is developing, but the more I learn this could be our modern day, cyber equivalent of Pearl Harbor,’ said Rep. Jason Crow, a Colorado Democrat
Senator Chris Coons, a Delaware Democrat, said: ‘It’s pretty hard to distinguish this from an act of aggression that rises to the level of an attack that qualifies as war’
Microsoft said Friday it had already identified at least 40 government agencies and companies targeted by the hackers.
A heat map of infections released by the tech giant, which has helped respond to the breach, shows that those infiltrated by the hackers are spread out across the US with agencies, companies and think tanks in New York, Washington DC and Texas among the hardest hit.
Microsoft has not revealed the names of those infiltrated by the hackers but said nearly half were tech companies.
The UK, Israel, Canada and the United Arab Emirates were also caught in the cross hairs.
The breach was executed back in March and went undetected for nearly nine months fuelling concerns over the full extent of intelligence and top-secret information that may have fallen into the wrong hands.
US officials on Friday revealed hackers had conducted a ‘dry run’ of their massive cyber attack more than a year ago.
The hack involved a common software product made by Texas-based SolarWinds Corp, which is used by hundreds of thousands of organizations, ranging from government agencies to Microsoft and Fortune 500 companies.
Trump posted this Christmas card photo on Friday with First Lady Melania as he continued to stay silent on the cyber attack
The hackers are believed to have targeted the company’s network management software Orion back in October 2019, five months before executing the full-scale breach in March.
A version of Orion was tampered with around that time, however it did not contain the secret network backdoor – which authorities are calling SUNBURST – at the time, according to the CISA.
A source told Yahoo News it appears that the hackers wanted to do a test run to make sure the attack would ‘work and whether it would be detected.’
‘They took their time. They decided to not go out with an actual backdoor right away. That signifies that they’re a little bit more disciplined and deliberate,’ the person added.
SolarWinds, which disclosed its unwitting role at the center of the global hack on Monday, said up to 18,000 of its users downloaded a compromised update containing malicious code planted by the attackers.
The company, which has come under scrutiny after investors offloaded shares in the days leading up to the attack, said the attack was the work of an ‘outside nation state.’
The true scale of who has been affected and what information has been stolen in the massive attack may never be known, officials and experts say.
Experts say there simply are not enough skilled threat-hunting teams to properly identify all the government and private-sector systems that may have been hacked, and warn infected networks may have to be ‘burned to the ground’ and rebuilt from scratch.
———————————————————————————————————————
‘We must retaliate’: Acting Intelligence Committee Chair Marco Rubio says the US should hit back with ‘more than just sanctions’ after Pompeo confirms Russia WAS behind the cyber attack branded an ‘act of war’ by senator
Marco Rubio has demanded that the United States retaliate with more than sanctions for a massive cyber attack on the Pentagon, FBI and nuclear programs, which he said was likely carried out by Russia.
On Friday Mike Pompeo, the Secretary of State, became the first U.S. official to publicly attribute a massive hacking campaign to Russia, after broad swathes of the federal government and private sector were revealed to be compromised.
Later on Friday night Rubio, the acting chairman of the Senate Intelligence Committee, urged a strong response.
‘The methods used to carry out the cyberhack are consistent with Russian cyber operations,’ he tweeted.
‘But it’s crucial we have complete certainty about who is behind this. We can’t afford to be wrong on attribution, because America must retaliate, and not just with sanctions.’
The huge security breach, which is believed to have begun in the spring and gone undetected for months, is thought to have been so sophisticated that only a state-sponsored actor could pull it off.
The Russians are automatically the prime suspect for attacks of this scale and audacity and Pompeo said Friday the Kremlin was behind the attack.
Marco Rubio on Friday night called for ‘retaliation’ beyond sanctions for the cyber attack
The Cybersecurity and Infrastructure Security Agency said the attack compromised federal agencies’ ‘critical infrastructure’ in a manner that was hard to detect and will be difficult to undo.
It means that calculating the true size of the attack will be difficult.
The sprawling attack, which went undetected for nearly nine months, compromised the Departments of Homeland Security, Justice, Treasury, State and Energy, as well as a growing list of companies and local governments across the country.
Officials with the nation’s cybersecurity agency warn that the breach could be difficult to undo, saying the hackers ‘demonstrated sophistication and complex tradecraft’ and that it was likely that they had built additional secret backdoors while active inside the compromised networks.
Before Saturday Trump had remained silent over the attack. He was being briefed ‘as needed,’ White House spokesman Brian Morgenstern told reporters on Friday.
National security adviser Robert O’Brien was leading interagency meetings daily, if not more often, he said.
Secretary of State Mike Pompeo has become the first U.S. official to publicly attribute a massive hacking campaign to Russia. He is seen above with Putin in 2019
‘They’re working very hard on mitigation and making sure that our country is secure. We will not get into too many details because we’re just not going to tell our adversaries what we do to combat these things,’ Morgenstern said.
The Democratic chairs of four House committees given classified briefings on the hack by the Trump administration issued a statement complaining that they ‘were left with more questions than answers.’
‘Administration officials were unwilling to share the full scope of the breach and identities of the victims,’ they said.
Morgenstern said earlier that disclosing such details only helps U.S. adversaries.
The long-term planning of the attack became clear on Friday, as officials said that the hackers appeared to have conducted a dry run over a year ago, testing their ability to insert malicious code into network management software from SolarWinds Corp, which was later delivered to some 18,000 of the company’s customers.
Private security companies say that the breach bears the hallmarks of a Kremlin operation.
Some have pointed at the Russian hacking cell dubbed ‘Cozy Bear’ — though other experts argue that the tools and methods used in the new attack are different from any past breach, making attribution tricky.
‘At the moment, there are no technical links with previous attacks, so it may be an entirely new actor,’ security firm Kaspersy said in a blog post.
FireEye, the cybersecurity company that discovered the intrusion into U.S. agencies and was among the victims, has already tallied dozens of casualties. It’s racing to identify more.
‘We have a serious problem. We don’t know what networks they are in, how deep they are, what access they have, what tools they left,’ said Bruce Schneier, a prominent security expert and Harvard fellow.
The only way to be sure a network is clean is ‘to burn it down to the ground and rebuild it,’ Schneier said.
He compared the situation to learning that a serial killer has been inside your house, with his own key. ‘You don’t know if he’s gone. How do you get work done? You kind of just hope for the best,’ he said.
Many federal workers – and others in the private sector – now must presume that unclassified networks are teeming with spies.
Agencies will be more inclined to conduct sensitive government business on Signal, WhatsApp and other encrypted smartphone apps.
‘We should buckle up. This will be a long ride,’ said Dmitri Alperovitch, co-founder and former chief technical officer of the leading cybersecurity firm CrowdStrike. ‘Cleanup is just phase one.
Meanwhile, Microsoft President Brad Smith called the attack a ‘moment of reckoning’ that ‘illuminates the ways the cybersecurity landscape continues to evolve and become even more dangerous.’
Microsoft, one of the thousands of companies to receive the malicious update, said it had notified more than 40 customers around the world whose networks were infiltrated by the hackers.
The list of victims includes not only government agencies, but security and other technology firms as well as think tanks and government contractors.
‘The attack unfortunately represents a broad and successful espionage-based assault on both the confidential information of the U.S. Government and the tech tools used by firms to protect them,’ Smith wrote in a blog post.
‘The coming months will present a critical test, not only for the United States but for other leading democracies and technology companies,’ he added.
How hackers managed to install a secret backdoor in software used by hundreds of thousands of government departments and companies
The hack began as early as March this year when hackers snuck malicious code into recent versions of SolarWinds’ premier software product, Orion.
The popular software tool helps organizations monitor the performance of their computer networks and servers.
Hackers managed to install a secret network backdoor – which authorities are calling SUNBURST – into Orion’s software updates.
Its centralized monitoring looks for problems in an organization’s computer networks, which means that breaking in gave the attackers a ‘God-view’ of those networks.
It is not yet clear how hackers managed to infiltrate SolarWinds and go undetected for nine months.
During this time-frame, as many as 18,000 SolarWinds customers – including federal agencies and major companies – downloaded the compromised updates that contained the back door.
The software update became an instrument for hackers to steal information undetected for nine months.
Once installed on a network, the malware used a protocol designed to mimic legitimate SolarWinds traffic to communicate with a domain that has since been seized and shut down, the Cybersecurity and Infrastructure Security Agency has since revealed.
The initial contact domain would often direct the malware to a new internet protocol (IP) address for command and control. The attackers used rotating IPs and virtual private servers with IP addresses in the target’s home country to make detection of the traffic more difficult.
CISA said that once inside a network, the hackers focused on gathering information and frequently targeted the emails of IT and security staff to monitor any countermeasures.
The hackers are feared to have had access to government emails as far back as June.
SolarWinds: The Texas company at the center of the biggest attack in American history
Before this week, few people were aware of SolarWinds, the Austin-based software company providing vital computer network monitoring services to major corporations and government agencies worldwide.
But the revelation that elite cyber spies have spent months secretly exploiting SolarWinds’ software to peer into computer networks has put many of its highest-profile customers in national governments and Fortune 500 companies on high alert.
It’s also raising questions about whether company insiders knew of its security vulnerabilities as its biggest investors sold off stock.
The hack began as early as March this year when hackers snuck malicious code into recent versions of SolarWinds’ premier software product, Orion. The Austin-based software company provides vital computer network monitoring services to major corporations and government agencies worldwide
A SolarWinds SEC filing from December 7 – just days prior to the hack emerging -revealed that the company’s board had appointed a replacement CEO.
SolarWinds’ longtime CEO, Kevin Thompson, had months earlier indicated that he would be leaving at the end of the year as the company explored spinning off one of its divisions.
The SolarWinds board appointed his replacement, current PulseSecure CEO Sudhakar Ramakrishna, on December 7, according to the financial filing.
It was also on December 7 that the company’s two biggest investors, Silver Lake and Thoma Bravo, which control a majority stake in the publicly traded company, sold more than $280 million in stock to a Canadian public pension fund.
The two private equity firms in a joint statement said they ‘were not aware of this potential cyberattack’ at the time they sold the stock.
Global alarm bells ring: How the hack was first discovered by a California cyber-security firm FireEye
The breach of SolarWinds’ software was first discovered by one of its customers: The prominent cybersecurity firm FireEye.
The California-based cyber security firm, which is also a government contractor, noticed a suspicious log-in on its network around December 8.
FireEye says the attackers stole some of its ‘red team’ software, which mimics cyber-attacks to test the security of its clients’ computers.
Two lawmakers, who were briefed on the hack this week, told Politico that FireEye representatives said that one of their employees had apparently been duped into revealing their two-factor authentication security details.
Company officials have denied the account given by congressional staffers and said none of its employees were tricked.
FireEye said they caught the breach when hackers tried to register a new device on its systems, which tipped the company off to the wider cyber-attack.
Following an investigation, FireEye say they determined that SolarWinds’ Orion software had been hacked.
‘We initially detected the incident because we saw a suspicious authentication to our VPN solution,’ a spokesperson has since said.
‘The attacker was able to enroll a device into our multi-factor authentication solution, and that generates an alert which we then followed up on.’
They insist that the SolarWinds breach was the source of the attack against FireEye.
Once it determined that there was a wider cyber-attack, a FireEye executive alerted SolarWinds on December 12 of the compromise.
After learning of the SolarWinds breach, the National Security Council held an emergency meeting at the White House on December 12.
The Cybersecurity and Infrastructure Security Agency and the FBI were brought in to investigate after some government agencies were confirmed to have been hacked.
At this time, people with knowledge of the meeting reported that hackers believed to be working for Russia had been monitoring internal email traffic at the US Treasury and Commerce departments.
Sources told Reuters that they feared the hacks uncovered so far may have been be the tip of the iceberg.
SolarWinds began alerting about 33,000 of its customers on December 13 that an ‘outside nation state’ – widely suspected to be Russia – had injected malicious code into some updated versions of its premier product, Orion.
The company said in a statement that updates to its monitoring software released between March and June of this year may have been subverted by what it described as a ‘highly-sophisticated, targeted and manual supply chain attack by a nation state’.
The Cybersecurity and Infrastructure Security Agency issued an emergency directive ordering federal agencies to ‘disconnect or power down’ the SolarWinds Orion software due to the breach.
From US nuclear agencies and the FBI to Fortune 500: Who is known to have been targeted by hackers so far
The list of victims continues to grow from the cyberattack that is being described as the biggest hack in American history.
The two US agencies responsible for maintaining America’s nuclear weapons stockpile – Energy Department and the National Nuclear Security Administration – have already said they were compromised in the attack.
The attack also breached the Pentagon, FBI, Treasury and State Departments.
The DOE and the NNSA have warned Congress that their breached networks may include the Los Alamos National Laboratory, which conducts the government’s most sensitive and advanced nuclear research, Politico reported.
The US has an estimated 5,800 nuclear warheads, some of which are on missiles and bombs ready for launch from submarines, airplanes and land-based missiles, while others are held in storage. Most however are in storage, retired, or being decommissioned.
The FBI (above) has moved routine communication onto classified networks that are believed not to have been breached, according to two people briefed on the measures.
Hacked: The Los Alamos National Laboratory in New Mexico conducts the government’s most sensitive and advanced nuclear research
Deterrent: Land-based Minuteman missiles are one of the three prongs of the nuclear triad. Experts now fear the agencies that maintain US nuclear stockpiles have been breached
Their status is one of the government’s most closely-guarded secrets, as are efforts to create new weapons, which are part of the Los Alamos National Laboratory’s work.
Another attack was found in a field office of the Energy Department in Richland, Washington state, which Politico reported could have been an effort to gather information on how to disrupt the national electricity grid.
The sprawling attack also compromised broad swathes of the private sector, including Microsoft and likely most of the Fortune 500.
The true scale of who has been affected and what information has been stolen may never be known, officials and experts say.