SolarWinds Compromise May Have Started Earlier Than First Thought

A US Senator has sent a chill through US government departments after warning that the Russian cyberattack may have started earlier than first thought.

Earlier this week SolarWinds issued security fixes for its flagship Orion platform, after the tool was discovered to have been used in a major hacking campaign earlier this month.

The scale of the US government compromise is still being investigated, but just before Christmas US Senator Ron Wyden revealed that dozens of email accounts at the US Treasury Department were compromised.

Russian hackers

Now Reuters is reporting that the SolarWinds compromise of the US Treasury, State, Commerce and Energy Departments, which had thought to have begun back in March or April this year, may have started earlier than that.

The SolarWinds compromise could be one of the biggest spying operations against the US in history, and the fact that it went undetected for nine months has greatly alarmed US officials.

The ‘supply chain’ compromise of the Orion product from Texas-based SolarWinds is suspected to have been carried out by Russian government hackers, but Moscow has denied involvement.

“The initial burrowing in may have started earlier,” Democratic Senator Mark Warner of Virginia, who serves as Vice-Chair of the Senate Intelligence Committee told Reuters.

Warner also told Reuters that extensive investigations of the hack were active but that so far the US government does not have hard evidence that classified government secrets were compromised by the hackers.

Warner said gaps in US and international law make it difficult to track and crack down on large scale hacks, and that the United States and its allies must act to tighten controls.

“We still don’t have for the private sector, or for that matter the public sector, any mandatory reporting” on major hacking incidents, Warner was quoted as saying. “The amount of time it’s taking to assess the (latest) attack, its taking longer than we would like to take,” he added.

Lack of response

Warner also added that the lack of US laws and policy to counter such major hacks is the product of a “lack of policy that precedes (the administration of President Donald) Trump.”

Senator Mark Warner is a democratic Senator.

During the administration of President Barack Obama, the Senator said, people in both government and private sector “pushed back ferociously” at talk of stepping up cyberspace legal controls.

The Senator also touched on the lack of reaction from President Trump against Russia, despite the fact that US Secretary of State Mike Pompeo and US government sources have said Russia is the principal suspect in the attack.

President Trump for his part has questioned their responsibility and suggested China might be behind the attack.

“There has been obviously a reluctance out of this White House to call out Russia repeatedly,” Warner said. “I don’t believe that is a problem of the intelligence community. I think that is a problem of the White House.”

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

NHS Staff Say New Tech Will Treat Extra 18.6 Million Patients A Year

Research from Virgin Media O2 Business finds majority of NHS staff believe new tech will…

3 hours ago

Alphabet Q2 Beats Expectations, But Shares Dip

Despite share buyback and positive Q2 results, Alphabet's share price falls over YouTube slowdown and…

4 hours ago

Google Cancels Plan To Axe Third Party Cookies For Chrome Browser

Better switch to Firefox? After years of delays, Google performs u-turn and will no longer…

6 hours ago

Meta Releases Open Source Llama 3.1 AI Model

Release of latest AI model, Llama 405B, offers improved reasoning capabilities especially for math and…

7 hours ago

Microsoft Blames 2009 EU Agreement For World’s Biggest IT Outage

Redmond says EU deal gave CrowdStrike the keys to the Windows kernel, allowing last week's…

10 hours ago