FILE - In this June 14, 2018, file photo, the FBI seal is seen before a news conference at FBI headquarters in Washington. The U.S. government on Tuesday, Jan. 5, 2021, said a devastating hack of federal agencies is “likely Russian in origin” and said the operation appeared to be an “intelligence gathering” effort. The assessment was disclosed in a rare public statement from the FBI and other investigative agencies. (AP Photo/Jose Luis Magana, File)

US: Hack of federal agencies ‘likely Russian in origin’

US: Hack of federal agencies ‘likely Russian in origin’

WASHINGTON — Top national security agencies confirmed Tuesday that Russia was likely responsible for a massive hack of U.S. government departments and corporations, rejecting President Donald Trump’s claim that China might be to blame.

The rare joint statement represented the U.S. government’s first formal attempt to assign responsibility for the breaches at multiple agencies and to assign a possible motive for the operation. It said the hacks appeared to be intended for “intelligence gathering,” suggesting the evidence so far pointed to a Russian spying effort rather than an attempt to damage or disrupt U.S. government operations.

The agencies made clear the Russian operation was “ongoing” and indicated the hunt for threats was not over.

“This is a serious compromise that will require a sustained and dedicated effort to remediate,” said the statement, distributed by the FBI, the National Security Agency, the Office of the Director of National Intelligence and the Cybersecurity and Infrastructure Security Agency.

It was not clear why the statement was issued Tuesday, especially since government officials and cybersecurity experts have for weeks believed that Russia was responsible. Even so, the announcement puts the imprimatur of national security agencies, albeit belatedly, on information that members of Congress had clamoured for the White House to make public.

The Associated Press reported last month that officials at the White House had been prepared to issue a statement that accused Russia of being the main actor in the hack but were told at the last minute to stand down. The day of that report, Dec. 19, Trump tweeted that the “Cyber Hack is far greater in the Fake News Media than in actuality” and suggested without any evidence that China could be to blame.

Sen. Mark Warner, the Democratic vice chairman of the Senate Intelligence Committee, lamented the belated statement, saying “it’s unfortunate that it has taken over three weeks after the revelation of an intrusion this significant for this Administration to finally issue a tentative attribution.” He said he hoped “that we will begin to see something more definitive” as well as a warning to Russia, which has denied involvement in the hack.

With the public finger-pointing taking place in the final two weeks of the Trump administration, it will almost certainly fall to incoming President Joe Biden to decide how to respond to a hacking campaign that amounts to Washington’s worst cyberespionage failure to date. Biden has said his administration will impose “substantial costs” on countries responsible for U.S. government hacks, but it is unclear whether the response in this case will involve sanctions, prosecution, offensive cyber operations or some combination of those options.

The hacking campaign was extraordinary in scale, with the intruders having stalked through government agencies, defence contractors and telecommunications companies for months by the time it was discovered. Experts say that gave the foreign agents ample time to collect data that could be highly damaging to U.S. national security, though the scope of the breaches and exactly what information was sought is unknown.

An estimated 18,000 organizations were affected by malicious code that piggybacked on popular network-management software from an Austin, Texas, company called SolarWinds. Of those customers, though, “a much smaller number has been compromised by follow-on activity on their systems,” the statement said, noting that fewer than 10 federal government agencies have so far been identified as falling into that category.

The Treasury and Commerce departments are among the agencies known to have been affected. Sen. Ron Wyden, an Oregon Democrat, said after a briefing last month provided to Senate Finance Committee staff that dozens of Treasury Department email accounts were compromised and that hackers had broken into systems used by the department’s highest-ranking officials.

A senior executive of the cybersecurity firm that discovered the malware, FireEye, said last month that “dozens of incredibly high-value targets” have been infiltrated by elite, state-backed hackers. The executive, Charles Carmakal, would not name the targets. Nor has Microsoft, which said it identified more than 40 compromised government and private targets, most in the U.S.

Microsoft said in a blog post last week that hackers tied to the intrusions of government agencies and companies sneaked further into its systems than previously thought and were able to view some of the code underlying Microsoft software, but weren’t able to make any changes to it.

The extent of affected targets remains undisclosed.

“I think it’s highly unlikely at this stage of the investigation they can actually be certain that there are only 10 agencies impacted,” said Dmitri Alperovitch, former chief technical officer of the cybersecurity firm CrowdStrike.

Ben Buchanan, a Georgetown University cyberespionage expert, said the fact that multiple investigating agencies are now attributing the hacking campaign to Russia “removes any remaining serious doubts about the perpetrators.”

As for the number of federal agencies compromised, he said it’s difficult to know “from the outside how they’ve evaluated this.” While such assessments are difficult, Buchanan said, he believes the government must have evidence for the claim given the joint nature of the statement.

U.S. officials, including then-Attorney General William Barr and Secretary of State Mike Pompeo, and cybersecurity experts have in recent weeks said that Russia was to blame. But Trump, who throughout his term has resisted blaming Moscow for cyber operations, broke from the consensus within his own administration by tweeting that the media was afraid of “discussing the possibility that it may be China (it may!).”

Tuesday’s statement makes clear that is not the case, saying the U.S. investigation reveals that a cyber actor, “likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks.”

“At this time, we believe this was, and continues to be, an intelligence gathering effort. We are taking all necessary steps to understand the full scope of this campaign and respond accordingly,” the statement said.

___

Bajak reported from Boston.

Eric Tucker And Frank Bajak, The Associated Press

Russia

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

Eighteen inmates and four staff at Red Deer Remand Centre have tested positive for COVID-19. Advocate file photo
Red Deer Remand Centre up to 22 COVID cases

Eighteen inmates and four remand centre staff areactive COVID cases

Christine Cornelius, department manager at Parkland Nurseries and Garden Centre, prepares seed racks at the Red Deer County shop. (By SUSAN ZIELINSKI/Advocate staff)
Central Alberta gardeners already buying seeds to prepare for spring

Potatoes and carrots popular choices for backyard gardens

Alberta’s chief medical officer of health Dr. Deena Hinshaw announced 16 additional deaths Thursday. (Photo by Chris Schwarz/Government of Alberta)
No easing of Alberta’s COVID-19 measures Thursday, 678 new COVID-19 cases

The province also hit 1,500 COVID-19 deaths since the beginning of the pandemic

Red Deer’s newest Waskasoo Park trail offers some bird’s-eye views of the city. It runs along the Highland Green escarpment, between Howarth Street Close and 60th Street. More information is available on reddeer.ca. (Photo by LANA MICHELIN/Advocate staff).
PHOTO: New Red Deer trail offers hikers a bird’s-eye view

It links Howarth Street Close with 60th Street

Gov. Gen. Julie Payette delivers the throne speech in the Senate chamber in Ottawa on Sept. 23, 2020. THE CANADIAN PRESS/Adrian Wyld
Gov. Gen. Julie Payette resigns

OTTAWA — Gov. Gen. Julie Payette is resigning. The news comes as… Continue reading

Former Alberta Premier Rachel Notley shakes hands with Joel Ward, former Red Deer College President and CEO, as Notley announces that the college is on the path to grant degrees. Red Deer-South MLA Jason Stephan says university status is not a necessary condition for offering degrees. (File photo by Advocate staff)
Future of Red Deer University increasingly uncertain

MLA’s college update says RDC more like SAIT and NAIT than a university

White House press secretary Jen Psaki speaks with Dr. Anthony Fauci, director of the National Institute of Allergy and Infectious Diseases, during a press briefing in the James Brady Press Briefing Room at the White House, Thursday, Jan. 21, 2021, in Washington. (AP Photo/Alex Brandon)
Fauci unleashed: Doc takes ‘liberating’ turn at centre stage

Fauci unleashed: Doc takes ‘liberating’ turn at centre stage

A man wears a protective face mask to help prevent the spread of COVID-19 as he walks past the emergency department of the Vancouver General Hospital in Vancouver Wednesday, November 18, 2020.  THE CANADIAN PRESS/Jonathan Hayward
Manitoba eases measures as COVID cases decline, but feds warn of severe illness rise

Manitoba eases measures as COVID cases decline, but feds warn of severe illness rise

A Government of Canada sign sits in front of a Library and Archives Canada building next to Parliament Hill in Ottawa on Tuesday Nov. 25, 2014. THE CANADIAN PRESS/Adrian Wyld
Federal review of Access to Information law to take another year amid impatience

Federal review of Access to Information law to take another year amid impatience

Maj.-Gen. Dany Fortin responds to a question on COVID vaccines during a news conference, Thursday, January 14, 2021 in Ottawa. THE CANADIAN PRESS/Adrian Wyld
Delays to Canada’s deliveries of Pfizer-BioNTech vaccine doses keep getting worse

Delays to Canada’s deliveries of Pfizer-BioNTech vaccine doses keep getting worse

A man works in the broadcast centre at the TMX Group Ltd. in Toronto, on May 9, 2014. THE CANADIAN PRESS/Darren Calabrese
S&P/TSX composite down on broad-based decline led by energy; loonie rises again

S&P/TSX composite down on broad-based decline led by energy; loonie rises again

A conveyor belt transports coal at the Westmoreland Coal Co.'s Sheerness mine near Hanna, Alta., on Tuesday, Dec. 13, 2016. Coal mining impacts are already occurring in Alberta's Rocky Mountains even as debate intensifies over the industry's presence in one of the province's most beloved landscapes. THE CANADIAN PRESS/Jeff McIntosh
As Alberta debates coal mining, industry already affecting once-protected Rockies

As Alberta debates coal mining, industry already affecting once-protected Rockies

Children walk back to their classroom while physical distancing at St. Barnabas Catholic School during the COVID-19 pandemic in Scarborough, Ont., on Tuesday, October 27, 2020. Experts at a leading children's hospital say schools need to ramp up COVID-19 testing and masking in order to have all kids safely return to the classroom as soon as possible. THE CANADIAN PRESS/Nathan Denette
Medical experts urge more masking, distancing for schools planning to reopen

Medical experts urge more masking, distancing for schools planning to reopen

Rode
University of Saskatchewan Huskies recognize DeMale’s talent

Joel DeMale has the resume to be one of the top linebackers… Continue reading

Most Read