SolarWinds Compromise May Have Started Earlier Than First Thought

A US Senator has sent a chill through US government departments after warning that the Russian cyberattack may have started earlier than first thought.

Earlier this week SolarWinds issued security fixes for its flagship Orion platform, after the tool was discovered to have been used in a major hacking campaign earlier this month.

The scale of the US government compromise is still being investigated, but just before Christmas US Senator Ron Wyden revealed that dozens of email accounts at the US Treasury Department were compromised.

Russian hackers

Now Reuters is reporting that the SolarWinds compromise of the US Treasury, State, Commerce and Energy Departments, which had thought to have begun back in March or April this year, may have started earlier than that.

The SolarWinds compromise could be one of the biggest spying operations against the US in history, and the fact that it went undetected for nine months has greatly alarmed US officials.

The ‘supply chain’ compromise of the Orion product from Texas-based SolarWinds is suspected to have been carried out by Russian government hackers, but Moscow has denied involvement.

“The initial burrowing in may have started earlier,” Democratic Senator Mark Warner of Virginia, who serves as Vice-Chair of the Senate Intelligence Committee told Reuters.

Warner also told Reuters that extensive investigations of the hack were active but that so far the US government does not have hard evidence that classified government secrets were compromised by the hackers.

Warner said gaps in US and international law make it difficult to track and crack down on large scale hacks, and that the United States and its allies must act to tighten controls.

“We still don’t have for the private sector, or for that matter the public sector, any mandatory reporting” on major hacking incidents, Warner was quoted as saying. “The amount of time it’s taking to assess the (latest) attack, its taking longer than we would like to take,” he added.

Lack of response

Warner also added that the lack of US laws and policy to counter such major hacks is the product of a “lack of policy that precedes (the administration of President Donald) Trump.”

Senator Mark Warner is a democratic Senator.

During the administration of President Barack Obama, the Senator said, people in both government and private sector “pushed back ferociously” at talk of stepping up cyberspace legal controls.

The Senator also touched on the lack of reaction from President Trump against Russia, despite the fact that US Secretary of State Mike Pompeo and US government sources have said Russia is the principal suspect in the attack.

President Trump for his part has questioned their responsibility and suggested China might be behind the attack.

“There has been obviously a reluctance out of this White House to call out Russia repeatedly,” Warner said. “I don’t believe that is a problem of the intelligence community. I think that is a problem of the White House.”

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Signal Shows Data Collection Adverts Facebook Rejected

Signal has had user-targetted adverts on Instagram blocked, as messaging service attempts to highlight Facebook…

4 hours ago

Oversight Board Upholds Trump’s Facebook Suspension

Bad news for Donald. Facebook's 'Supreme Court' upholds suspension of Donald Trump account, but asks…

6 hours ago

US Presses TSMC For More Chips For Car Makers

Global silicon shortage continues, as US Commerce Department presses Taiwanese chipmakers to ease the supply…

7 hours ago

Starlink Signs Up 500,000 Pre-Orders For Satellite Internet

Elon Musk space venture SpaceX has already signed 500,000 customers on pre-order for its Starlink…

9 hours ago

Apple Vs Epic Games Court Battle Continues

Second day of courtroom showdown in the US reveals Epic Games management would have accepted…

11 hours ago

Trump Launches ‘Communications’ Website

Banned from social media for instigating US Capitol riot, Trump launches 'straight from the desk'…

12 hours ago