The SolarWinds cyber-security hack that happened on December 13th, which allowed alleged foreign actors backdoor access through the company’s security software raises significant issues necessitating thorough exploration.
SolarWinds said on Dec. 14 in a filing to the Securities and Exchange Commission that it believes up to 18,000 customers had installed the compromised software update.
SolarWinds serves over 300,000 customers around the world. A partial customer listing that was taken offline showed that its customers include all five branches of the U.S. military, more than 425 of the U.S. Fortune 500, as well as the Office of the President of the United States. The breach was achieved by inserting malware, or malicious code, into software updates for Orion, a widely used network management tool.
The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) called the hacking campaign “significant and ongoing” and have formed a group called the Cyber Unified Coordination Group to respond to the hack.
The “SolarWinds Orion supply chain compromise is not the only initial infection vector this advanced persistent threat actor leveraged,” CISA said in a statement, noting that it has evidence of additional initial access vectors that are still being investigated. It also said that the hacking campaign started as early as March 2020.
The flurry of U.S. media claims about alleged Russian cyber-attacks on government departments came just as Joe Biden was officially declared President-elect. As usual, there is no evidence to back up the sensational claims, but the objective seems to be to ensure that the incoming Biden administration maintains, or adopts a more, hostile policy towards Russia.
Out of respect for the American electoral process being consummated, Russian President Vladimir Putin had waited until this week to make any comment. However, after the Electoral College executed its duties, Putin promptly telegrammed congratulations to Biden on his victory. The Russian leader expressed the hope that Russia and the United States would begin to normalize relations for the sake of global security.
Ominously, the auspicious occasion was immediately marred by a U.S. media frenzy alleging a massive cyber-assault on the heart of American government and industries. Russia was predictably blamed as the offender.
Ed Loomis, a former NSA technical director, believes the suspect list should extend beyond Russia to include China, Iran, and North Korea. Loomis also says the commercial cyber-security firms that have been studying the latest “attacks” have not been able to pinpoint the source.
The Kremlin dismissed the claims as yet another anti-Russia fabrication.
For the past four years, the U.S. media have regularly peddled sensational claims of Russian malfeasance, from alleged interference in elections, to alleged assassination programs against U.S. troops in Afghanistan, among many other such tall stories. Never has any verifiable evidence been presented to back up these lurid allegations.
As reported by Ray McGovern and Consortium News, the cyber domain is a particular favorite for such anti-Russia claims, most likely because these stories are handily told without any real evidence. All that is required is for anonymous cyber security agents to be quoted. The abstract and arcane cyber world also lends itself to mystery for most people. In short, it is amenable to false claims because of its elusive technical nature.
The U.S. media and anonymous officials are fingering Russia. But where is the proof of Russia’s culpability?
The FBI and Department of Homeland Security briefed members of Congress about the cyber-attacks. Senators emerged from the briefings fulminating against Russia. The second-highest ranking Democrat in the Senate, Dick Durbin, told media that “it was virtually a declaration of war by Russia on the United States”.
What could very well be going on here is a classic case of “gas-lighting” whereby people are being manipulated to believe in something utterly false; for an ulterior agenda.
Edward Snowden, the courageous whistleblower formerly at the U.S. National Security Agency, has revealed with copious proof how the CIA and other American intelligence agencies have the technical capability to carry out cyber-assaults using digital signatures with the deliberate aim of falsely implicating other actors.
That is, the ability to carry out digital false-flag attacks.
What’s more, the U.S. media are quoting “sources” who claim that the cyber-assaults are “ongoing” and pose “great risk” to government departments, critical infrastructure and the economy. Not only that, but it is being alleged that the threat is akin to a Damocles Sword hanging over America; in that the “deep penetration” has untold consequences that may unleash some unknown nefarious manifestation sometime in the future.
This is a perfect psychological ploy to maintain perception of permanent threat and distrust.
President-elect Biden responded to the reports by saying: “We need to disrupt and deter our adversaries from undertaking significant cyber-attacks in the first place… We will impose substantial costs on those responsible for such malicious attacks.”
In light of all this, Russia’s aspirations for a reset in relations with the U.S. are thus looking dim. And that is to be regretted by all people the world over.
Just when the United States and Russia need to get down to serious negotiations concerning arms control, such as extending the New START treaty on strategic nuclear weapons, or on reducing dangerous tensions between Russian and NATO forces, here we have a huge setback to any possible reset in relations.
It may have been hoped that Biden, who as a senator and former vice president has decades of experience in foreign affairs and diplomacy, would show a certain “real politick” on entering the White House and despite his past rhetoric would get down to the necessity of establishing practical, cooperative relations with Russia.
Lamentably, it looks like Biden’s hands are being tied even before he is inaugurated. The image of Russia as “evil enemy” has been burnished by this week’s media onslaught over hacking claims. And Biden has responded in appropriately gas-lit fashion.
The question to be asked is: who gains from this? Certainly not Russia.
The analysis the corporate press has relied on came from the private cyber-security firm FireEye. This question should be raised: Why has a private contractor at extra taxpayer expense carried out this cyber analysis rather than the already publicly-funded National Security Agency?
Similarly, why did the private firm CrowdStrike, rather than the FBI, analyze the Democratic National Committee servers in 2016?
Could it be to give government agencies plausible deniability if these analyses, as in the case of CrowdStrike, and very likely in this latest case of Russian “hacking,” turn out to be wrong?
This is a question someone on the intelligence committees should be asking.
The Military-Industrial-Congressional-Intelligence-MEDIA-Academia-Think-Tank complex (MICIMATT, for short) needs credible “enemies” to justify unprecedentedly huge expenditures for arms — the more so at a time when it is clearer than ever, that that the money would be far better spent at home.
This latest military flurry of rushing to implicate Russia is reminiscent of the accusation devised as a magnificent distraction after the Clinton campaign learned that WikiLeaks was about to publish emails that showed how Clinton and the DNC had stacked the deck against Bernie Sanders. It was an emergency solution, but it had uncommon success.
There was no denying the authenticity of those DNC emails published by WikiLeaks. So the Democrats mounted an artful campaign, very strongly supported by Establishment media, to divert attention from the content of the emails. How to do that? Blame Russian “hacking.” And for good measure, persuade then Senator John McCain to call it an “act of war.”
On Dec. 12, 2016, Veteran Intelligence Professionals for Sanity (VIPS) used sensitive intelligence revealed by Edward Snowden, the expertise of former NSA technical directors, and basic principles of physics to show that accusations that Russia hacked those embarrassing DNC emails were fraudulent.
A year later, on Dec. 5, 2017, the head of CrowdStrike, the cyber firm hired by the DNC to do the forensics, testified under oath that there was no technical evidence that the emails had been “exfiltrated”; that is, hacked from the DNC.
His testimony was kept hidden by House Intelligence Committee Chairman Adam Schiff until Schiff was forced to release it on May 7, 2020. That testimony is still being kept under wraps by Establishment media.
What VIPS wrote four years ago is worth re-reading — particularly for those who still believe in science and have trusted the experienced intelligence professionals of VIPS with the group’s unblemished, no-axes-to-grind record.
Most of the Memorandum’s embedded links are to TOP SECRET charts that Snowden made available — icing on the cake — and, as far as VIPS’s former NSA technical directors were concerned, precisely what was to be demonstrated QED.
Many Democrats unfortunately still believe–or profess to believe–the hacking and the Trump campaign-Russia conspiracy story, the former debunked by Henry’s testimony and the latter by Special Counsel Robert Mueller.
Both were legally obligated to tell the truth, while the intelligence agencies were not.
So who is responsible for the attack? As stated at the outset, we really don’t know yet. None of the outlets or individuals claiming Russia was responsible have offered a bit of proof to back up their claims.
While after a decade of United States provocation on Russia’s borders, attempted color revolutions, sanctions, and growing threats, it is logical that Russia would want to gather as much information as possible about American intentions.
However, the likelihood that the Russians would have risked such exposure of their intentions is out of character with its leadership. (Which has been keen to let the United States destroy itself at home and abroad, allowing Russia to swoop in and pick up the pieces.)
16th November, 2023