The Trump administration on Sunday acknowledged that hackers acting on behalf of the foreign government – a Russian intelligence agency almost certainly according to federal and private experts – broke into a number of key government networks, including the Treasury and Commerce, and had free access to their email systems. .
Officials said there was a hunt to determine whether other parts of the government had fallen victim to one of the most advanced and perhaps the biggest attacks on federal systems in five years. Several say a number of national security agencies are also involved, although it was not clear whether the systems contained highly classified material.
The Trump administration said little to the public about the hacking, which suggested that while the government was concerned about Russian interference in the 2020 elections, key agencies working for the administration – and not related to the election – were in fact the subject of a sophisticated attack, which they had not been aware of in recent weeks.
“The U.S. government is aware of these reports and will take all necessary steps to identify and remedy any issues related to the situation,” said John Ullyot, a spokesman for the National Security Council. The Department of Commerce acknowledged that one of its agencies had been targeted without being named, and the Department of Homeland Security’s cybersecurity agency, headed by President Trump last month for stating that widespread election fraud had not spread, said in a statement: is.
The motive for the attack on the Treasury and Commerce Departments remains elusive, two people said in the case. One government official said it was too early to say how damaging the recent attacks were and how much material was lost. Reuters has previously reported the violation.
The unveiling took place less than a week after the National Security Agency, which is responsible for hacking into foreign computer networks and protecting the most sensitive national security systems of the federal government, issued a warning that “Russian state-backed actors” are exploiting the system, which is widely used. in the federal government.
At the time, the NSA refused to provide further details on what triggered the urgent warning. Shortly afterwards, FireEye, a leading cyber security company, announced that hackers working for a state had stolen some of its valuable assets to find vulnerabilities in customers ’systems, including the federal government. This investigation also pointed to SVR, one of Russia’s leading intelligence agencies.
If the Russian connection is confirmed, it will be the most sophisticated theft of U.S. government data by Moscow, thanks to two years of fun in 2014 and 2015 in which Russian intelligence agencies were granted access to the White House, the state’s unclassified email systems. Department and mixed chiefs of staff. It took years to repair the damage, but President Barack Obama then decided not to call the Russians perpetrators – a move many see as a mistake in his administration.
Encouraged by the same group of hackers, Hillary Clinton’s campaign continued to crack down on the systems of the National Democratic Commission and top officials, touching on the investigations and fears that pervade the 2020 competition.
“This campaign appears to have many casualties, both in the government and the private sector,” said Dmitri Alperovitch, president of the Silverado Policy Accelerator Geopolitical Brain Trust, who was co-founder of CrowdStrike, a cyber security company. four years ago, he helped find the Russians in the system of the National Democratic Commission. “Not unlike what we saw from this actor in 2014-2015, when a huge campaign was conducted and a number of victims were successfully compromised.”
Private investigators say attacks on FireEye have led to a wider hunt to find out where else Russian and hackers could have infiltrated federal and private networks. FireEye has given some key computer code to the NSA and Microsoft, officials said, hunting down attacks on similar federal systems. This led to an alarm last week.
Most hacking involves stealing usernames and passwords, but it was much more sophisticated. It involved the creation of fake tokens, essentially electronic metrics, that provide Microsoft or Google with assurance about the identity of the computer system that spoke to the email system. Using an extremely hard-to-detect bug, hackers were able to trick the system and gain access.
He contributed to the reports Alan Rappeport, Maggie Haberman, Julian Barnes and Zolan Kanno-Youngs.