A US Senator has sent a chill through US government departments after warning that the Russian cyberattack may have started earlier than first thought.
Earlier this week SolarWinds issued security fixes for its flagship Orion platform, after the tool was discovered to have been used in a major hacking campaign earlier this month.
The scale of the US government compromise is still being investigated, but just before Christmas US Senator Ron Wyden revealed that dozens of email accounts at the US Treasury Department were compromised.
Now Reuters is reporting that the SolarWinds compromise of the US Treasury, State, Commerce and Energy Departments, which had thought to have begun back in March or April this year, may have started earlier than that.
The SolarWinds compromise could be one of the biggest spying operations against the US in history, and the fact that it went undetected for nine months has greatly alarmed US officials.
The ‘supply chain’ compromise of the Orion product from Texas-based SolarWinds is suspected to have been carried out by Russian government hackers, but Moscow has denied involvement.
“The initial burrowing in may have started earlier,” Democratic Senator Mark Warner of Virginia, who serves as Vice-Chair of the Senate Intelligence Committee told Reuters.
Warner also told Reuters that extensive investigations of the hack were active but that so far the US government does not have hard evidence that classified government secrets were compromised by the hackers.
Warner said gaps in US and international law make it difficult to track and crack down on large scale hacks, and that the United States and its allies must act to tighten controls.
“We still don’t have for the private sector, or for that matter the public sector, any mandatory reporting” on major hacking incidents, Warner was quoted as saying. “The amount of time it’s taking to assess the (latest) attack, its taking longer than we would like to take,” he added.
Warner also added that the lack of US laws and policy to counter such major hacks is the product of a “lack of policy that precedes (the administration of President Donald) Trump.”
Senator Mark Warner is a democratic Senator.
During the administration of President Barack Obama, the Senator said, people in both government and private sector “pushed back ferociously” at talk of stepping up cyberspace legal controls.
The Senator also touched on the lack of reaction from President Trump against Russia, despite the fact that US Secretary of State Mike Pompeo and US government sources have said Russia is the principal suspect in the attack.
President Trump for his part has questioned their responsibility and suggested China might be behind the attack.
“There has been obviously a reluctance out of this White House to call out Russia repeatedly,” Warner said. “I don’t believe that is a problem of the intelligence community. I think that is a problem of the White House.”