Russia has said the blame it faces for the cyber attack that targeted U.S. federal institutions could be a ploy by the Trump administration to sabotage ties between the Kremlin and President-elect Joe Biden.
The hackers attached malware to a software update for SolarWinds’ Orion system in an attack that has so far infected computer systems at the heart of the U.S. government, including the departments of Treasury, Commerce, and Energy.
With experts warning the breach may take years and cost billions of dollars to fix, the Cybersecurity and Infrastructure Security Agency (CISA) said that the attack has also affected state and local governments, as well as critical infrastructure entities and other private sector organizations.
Secretary of State Mike Pompeo said Russia was behind the breach, a theory backed up by outgoing Justice Department chief, Attorney General William Barr.
On Thursday, Moscow again denied responsibility, with Russian foreign affairs spokesperson Maria Zakharova suggesting that it may be a ruse to undermine any chance of a new U.S. administration from repairing relations with the Kremlin, which are already at a low.
NICOLAS ASFOURI/Getty Images
“One cannot rule out, however, that the real purpose of new accusations against us is an attempt to prevent President-elect Joe Biden from establishing cooperation with Moscow, including on international information security issues,” Zakharova told reporters.
“We are convinced that this scenario meets neither Russian nor American national interests,” she added, “Moscow reaffirms its willingness to conduct a pragmatic and constructive dialogue on international information security issues with any US president,” she added, according to state news agency Tass.
Kremlin spokesperson Dmitry Peskov reiterated Russia’s denial on Thursday, saying: “We have repeatedly stated that we have nothing to do with hacker attacks.” He also batted away the suggestion that Biden is putting pressure on Donald Trump to take action against Moscow, saying: “I do not know if such reports can be believed.”
Russian foreign ministry spokeswoman Maria Zakharova, at the United Nations in New York City in September 2019.
Getty Images
In a sign of the extent of the breach, Senator Ron Wyden (D-OR), from the Senate finance committee said that hackers had broken into the email system used by the Treasury Department’s most senior leadership by manipulating internal software keys, although it is not yet known exactly what information was compromised.
Jackie Singh, founder of the firm Spyglass Security and a former lead incident responder for the Biden election campaign, said that there are “hurdles ahead” for the incoming administration in responding to the breach.
“They don’t have the benefit of having a willing transition. You have someone actively undermining an ethical transition and I don’t think we have seen that before,” she told Newsweek.
“There is no silver bullet to deal for the type of attack we experienced but what is more important than simply preventing a breach is being able to respond appropriately to a breach.
“I don’t think that as a country we are at the point where we can successfully respond to a cyber security incident. We can detect them but we can’t do very much properly after that,” she said.
On Tuesday, Biden said that his administration would retaliate, and that when the extent of the damage is assessed, whoever is culpable “can be assured that we will respond. And probably respond in kind.”
Nick Dowling, a former director for European affairs at the National Security Council (NSC) and founder of security firm IDS International, said Biden’s response will be shaped by whether the breach will be seen as simply intelligence activity that should be followed by a cyber attack response.
“Or should we see it as more of a Pearl Harbor, more of a direct attack that causes massive costs on U.S. infrastructure and that we should not only seek to respond to it, but deter it,” he told Newsweek.
“You want to demonstrate to other actors that you have the ability to do attribution and that you would impose a much greater cost on them for having done it than they will have imposed on you.”
Dowling also believed that assessing the damage caused by the breach may take some time and that hostile malware will be very difficult to find.
“The only way to be sure that you don’t have Russian-inserted malware in your system is to fully rebuild your network from scratch, which is an extremely time-consuming and expensive enterprise. So, this is going to cost tens if not hundreds of billions to deal with,” he told Newsweek.