US government agencies hacked; Russia a possible culprit

US government agencies hacked; Russia a possible culprit
1 / 2
In this file photo taken on March 27, 2020, an exterior view of the building of US Department of the Treasury is seen in Washington, DC. (AFP / Olivier Douliery)
US government agencies hacked; Russia a possible culprit
2 / 2
The US Treasury Department building viewed from the Washington Monument in Washington. (AP Photo/Patrick Semansky, file)
Short Url
Updated 14 December 2020

US government agencies hacked; Russia a possible culprit

US government agencies hacked; Russia a possible culprit
  • Cybersecurity firm FireEye earlier disclosed that foreign government hackers had broken into its network and stolen the company’s own hacking tools
  • Hackers linked to Russia were able to break into the US State Department’s email system in 2014

WASHINGTON: Hackers broke into the networks of the Treasury and Commerce departments as part of a global cyberespionage campaign revealed just days after a leading global cybersecurity firm announced that it had been breached in an attack that industry experts said bore the hallmarks of Russian tradecraft.
The FBI and the Department of Homeland Security’s cybersecurity arm are investigating what experts and former officials said appeared to be a large-scale penetration of US government agencies — apparently the same monthslong cyberespionage campaign that also afflicted the prominent cybersecurity firm FireEye.
“This can turn into one of the most impactful espionage campaigns on record,” said cybersecurity expert Dmitri Alperovitch.
The hacks were revealed less than a week after FireEye disclosed that foreign government hackers had broken into its network and stolen the company’s own hacking tools. Many experts suspect Russia is responsible. FireEye’s customers include federal, state and local governments and top global corporations.
The apparent conduit for the Treasury and Commerce Department hacks — and the FireEye compromise — is a hugely popular piece of server software called SolarWinds. It is used by hundreds of thousands of organizations globally, including most Fortune 500 companies and multiple US federal agencies who will now be scrambling to patch up their networks, said Alperovitch, the former chief technical officer of the cybersecurity firm CrowdStrike.
FireEye, without naming the breached agencies or other targets, said in a blog post that its investigation into the hack of its own network had identified “a global campaign” targeting governments and the private sector that, beginning in the spring, slipped malware into a SolarWinds software update.
The malware gave the hackers remote access to victims’ networks.
FireEye said it had notified “multiple organizations” globally where it saw indications of compromise. It said that the hacks did not seed self-propagating malware — like the 2016 NotPetya malware blamed on Russia that caused more than $10 billion in damage globally — and that any actual infiltration of an infected organization required “meticulous planning and manual interaction.”
The US government did not publicly identify Russia as the culprit behind the hacks, first reported by Reuters, and said little about who might be responsible. Cybersecurity experts said last week that they considered Russian state hackers to be the main suspect.
National Security Council spokesperson John Ullyot said in a statement that the government was “taking all necessary steps to identify and remedy any possible issues related to this situation.”
On its website, SolarWinds says it has 300,000 customers worldwide, including all five branches of the US military, the Pentagon, the State Department, NASA, the NSA, the Department of Justice and the White House. It says the 10 leading US telecommunications companies and top five US accounting firms are also among customers.
The government’s Cybersecurity and Infrastructure Security Agency said it was working with other agencies to help “identify and mitigate any potential compromises.”
President Donald Trump last month fired the director of CISA, Chris Krebs, after Krebs vouched for the integrity of the presidential election and disputed Trump’s claims of widespread electoral fraud.
In a tweet Sunday, Krebs said “hacks of this type take exceptional tradecraft and time,” adding that he believed that its impact was only beginning to be understood.
Federal government agencies have long been attractive targets for foreign hackers.
Hackers linked to Russia were able to break into the State Department’s email system in 2014, infecting it so thoroughly that it had to be cut off from the Internet while experts worked to eliminate the infestation.
Reuters earlier reported that a group backed by a foreign government stole information from Treasury and a Commerce Department agency responsible for deciding Internet and telecommunications policy.
The Treasury Department deferred comment to the National Security Council. A Commerce Department spokesperson confirmed a “breach in one of our bureaus” and said “we have asked CISA and the FBI to investigate.” The FBI had no immediate comment.
Austin, Texas-based SolarWinds confirmed Sunday in an email to The Associated Press that it a “potential vulnerability” related to updates released between March and June for software that helps organizations monitor their online networks for problems.
“We believe that this vulnerability is the result of a highly-sophisticated, targeted and manual supply chain attack by a nation state,” said SolarWinds CEO Kevin Thompson in a statement.
The compromise is critical because SolarWinds would give a hacker “God-mode” access to the network, making everything visible, said Alperovitch.
FireEye announced on Tuesday that it had been hacked, saying foreign state hackers with “world-class capabilities” broke into its network and stole offensive tools it uses to probe the defenses of its thousands of customers. The hackers “primarily sought information related to certain government customers,” FireEye CEO Kevin Mandia said in a statement, without naming them.
Former NSA hacker Jake Williams, the president of the cybersecurity firm Rendition Infosec, said FireEye surely told the FBI and other federal partners how it had been hacked and they determined that Treasury had been similarly compromised.
“I suspect that there’s a number of other (federal) agencies we’re going to hear from this week that have also been hit,” Williams added.
FireEye responded to the Sony and Equifax data breaches and helped Saudi Arabia thwart an oil industry cyberattack — and has played a key role in identifying Russia as the protagonist in numerous aggressions in the burgeoning netherworld of global digital conflict.
Neither Mandia nor a FireEye spokesperson said when the company detected the hack or who might be responsible. Mandia said there was no indication they got customer information from the company’s consulting or breach-response businesses or threat-intelligence data it collects.


Explosion of WWII bomb in Munich injures 3, disrupts trains

Explosion of WWII bomb in Munich injures 3, disrupts trains
Updated 5 min 58 sec ago

Explosion of WWII bomb in Munich injures 3, disrupts trains

Explosion of WWII bomb in Munich injures 3, disrupts trains
  • Rail travel to and from the main train station has been suspended, according to rail operator Deutsche Bahn

BERLIN: An old aircraft bomb exploded at a bridge near Munich’s busy main train station on Wednesday, injuring three people, police said on Twitter.
The explosion happened during construction work, police said.
Due to the explosion, rail travel to and from the main train station has been suspended, according to rail operator Deutsche Bahn.


Pfizer vaccines available for EU children in two weeks

Pfizer vaccines available for EU children in two weeks
Updated 01 December 2021

Pfizer vaccines available for EU children in two weeks

Pfizer vaccines available for EU children in two weeks
  • BioNTech/Pfizer, will have jabs available for children in the bloc in two weeks’ time

BRUSSELS: The EU’s main Covid vaccine provider, BioNTech/Pfizer, will have jabs available for children in the bloc in two weeks’ time, European Commission chief Ursula von der Leyen said Wednesday.
She said she had spoken with the German-US joint venture about the issue the day before, and they said “they are able to accelerate — in other words children’s vaccines will be available as of December 13.”


Portugal tightens restrictions despite coronavirus vaccine success

Portugal tightens restrictions despite coronavirus vaccine success
Updated 01 December 2021

Portugal tightens restrictions despite coronavirus vaccine success

Portugal tightens restrictions despite coronavirus vaccine success
  • Under the new rules, most arriving passengers must show negative test results at Portugal’s airports, seaports and land borders
  • Authorities in Portugal have confirmed an outbreak of the new coronavirus variant, omicron, among members of a professional soccer club and a medical worker

LISBON: Portugal tightened passenger entry requirements and mandated masks indoors to curb an upward trend in coronavirus infections as the country with one of the strongest vaccination records in Europe entered a “state of calamity” Wednesday.
The crisis declaration, Portugal’s second this year, is one step below a state of emergency and gives the government the legal authority to impose stricter measures without parliamentary approval.
Masks now are required in enclosed public spaces, and individuals must show proof of vaccination, having recovered from COVID-19 or a negative virus tests to enter restaurants, cinemas, gyms and hotels. Nightclubs, hospitals, nursing homes and sports venues also must require negative virus tests from visitors and patrons, including vaccinated ones.
“With the test, we feel more comfortable. We don’t leave the club thinking, ‘Do I have COVID or not?’” Sara Lopes, a 21-year-old shop worker, said as she lined up at a central Lisbon nightclub as the new requirements took effect at midnight.
“It’s a bit of a hassle to have to make appointment after appointment at the pharmacy, but it’s fine,” Lopes said.
Under the new rules, most arriving passengers must show negative test results at Portugal’s airports, seaports and land borders.
Experts believe that Portugal’s vaccination rate, which at 87 percent of over 10 million residents is one of the highest globally, has shielded the country from the infection spikes recently experienced by some other European countries.
Still, the number of hospitalized COVID-19 patients has been rising since September. Portuguese authorities on Tuesday recorded 2,907 new cases and 15 deaths.
Authorities in Portugal have confirmed an outbreak of the new coronavirus variant, omicron, among members of a professional soccer club and a medical worker who had contact with them.


Countries launch WHO pandemic accord talks

Countries launch WHO pandemic accord talks
Updated 01 December 2021

Countries launch WHO pandemic accord talks

Countries launch WHO pandemic accord talks
  • A new agreement on pandemic preparedness and response will come into force in 2024

GENEVA: World Health Organization member states agreed Wednesday to start work on building a new international accord setting out how to handle the next global pandemic.
Countries adopted a resolution at a special meeting in Geneva, launching the process that should result in a new agreement on pandemic preparedness and response coming into force in 2024.


China calls on citizens to leave eastern Congo after attacks

China calls on citizens to leave eastern Congo after attacks
Updated 01 December 2021

China calls on citizens to leave eastern Congo after attacks

China calls on citizens to leave eastern Congo after attacks
  • A number of Chinese citizens had been attacked and kidnapped over the past month in the provinces of South Kivu, North Kivu and Ituri

BEIJING: China on Wednesday urged its citizens to leave three provinces in eastern Congo as violence intensifies in the mineral-rich region.
A posting from the Chinese Embassy in Kinshasa on the WeChat online messaging said a number of Chinese citizens had been attacked and kidnapped over the past month in the provinces of South Kivu, North Kivu and Ituri, where several anti-government rebel groups have a presence.
It said Chinese residing in the three provinces should provide their personal details by Dec. 10 and make plans to leave for safer parts of Congo. Those in the districts of Bunia, Djugu, Beni, Rutshuru, Fizi, Uvira and Mwenga should leave immediately, it said, adding that any who do not do so “will have to bear the consequences themselves.”
“We ask that all Chinese citizens and Chinese-invested businesses in Congo please pay close attention to local conditions, increase their safety awareness and emergency preparedness, and avoid unnecessary outside travel,” the embassy said.
No details of the incidents were given, although the embassy last month reported five Chinese citizens were abducted from a mining operation in South Kivu, which borders Rwanda, Burundi and Tanzania.
It warned a the time that the security situation in the area was “extremely complex and grim” and that there was little possibility of sending help in the event of an attack or kidnapping.
No details were given about those kidnapped, who they worked for or who was suspected of taking them.
Several armed groups including the Democratic Forces for the Liberation of Rwanda, known by its French acronym FDLR, the Mai-Mai and the M23 regularly vie for control of eastern Congo’s natural resources.
Despite the danger, Chinese businesses have moved into Congo and other unstable African states in a quest for cobalt and other rare minerals and resources. Chinese workers have also been subject to kidnappings and attacks in Pakistan and other countries with active insurgencies.
Security was a key topic at a meeting Monday in Dakar, the capital of Senegal, on Monday, between Chinese Foreign Minister Wang Yi and his Congolese counterpart Christophe Lutundula, according to China’s Xinhua News Agency.
China’s government and ruling Communist Party “attach great importance to the safety and security of Chinese enterprises and Chinese nationals overseas and the Chinese side has been extremely concerned with the recent serious crimes of kidnappings and killings of its citizens in the DRC,” Wang said, using the acronym for the Democratic Republic of Congo.
Wang urged Congo to secure the release of those kidnapped and create a “safe, secure and stable environment for bilateral cooperation.”
Xinhua quoted Lutundula as saying Congo would take “forceful measures” to investigate the crimes, free the hostages, punish the culprits severely and safeguard national security and restore stability to the country’s east.
Earlier this week, Uganda said it launched joint air and artillery strikes with Congolese forces against camps of the extremist Allied Democratic Forces rebel group in eastern Congo.
The ADF was established in the early 1990s in Uganda and later driven out by the Ugandan military into eastern Congo, where many rebel groups are able to operate because the central government has limited control there.
At least four civilians were killed less than two weeks ago in Uganda’s capital when suicide bombers detonated their explosives at two locations.
The Daesh group claimed responsibility, saying the attacks were carried out by Ugandans. Ugandan authorities blamed the ADF, which has been allied with the Daesh group since 2019.