Former NCSC Head Dismantles Russia’s SolarWinds Claim

Director of Russia’s SVR said the West was actually behind SolarWinds hack, but NCSC’s former boss Ciaran Martin dismantles that statement

The former head of GCHQ’s National Cyber Security Centre (NCSC) has rubbished an outlandish claim from Sergei Naryshkin.

Sergei Naryshkin is the director of Russia’s Foreign Intelligence Service (SVR), which the West has blamed for carrying out the sophisticated SolarWinds hacking campaign last year.

The hackers inserted backdoor code into SolarWinds’ Orion platform in March of 2020 (or possibly earlier according to one US senator) and used this to access the systems of at least half-a-dozen US federal agencies, as well as potentially thousands of private firms before the attack was discovered in December.

Russian denial

In March 2021 it was revealed that the SolarWinds hackers had even obtained access to the then-head of the US’ Department of Homeland Security and members of the department’s cybersecurity staff.

Russia’s Foreign Intelligence Service (SVR) director Sergei Naryshkin spoke to BBC Moscow correspondent Steve Rosenberg, and denied that Russia was behind the hack, and indeed suggested that Western intelligence agencies had actually carried it out.

The SVR has been identified as being responsible for the attack, as it is linked to APT29 or Cozy Bear, thought to be behind the attack.

Asked if the SVR had been responsible, Naryshkin BBC he could not “claim the creative achievements of others as his own.”

“These claims are like a bad detective novel,” he told the BBC. Naryshkin then quoted from documents leaked by former National Security Agency contractor Edward Snowden to suggest the tactics of the attack were similar to those used by US and British intelligence agencies.

“I don’t want to assert that this cyber-attack was carried out by a US agency – but the tactics are similar,” he was quoted as saying.

And accusations Russia was involved in cyber-attacks, poisonings, hacks, or meddling in elections were “absurd” and “pathetic,” he reportedly said.

Ciaran Martin

But the former head of NCSC, Ciaran Martin, has rubbished the comments from Naryshkin, pointing out there was evidence the tactics, techniques and tools used by the hackers matched “many years of SVR activity”.

“There is compelling evidence pointing to Russia,” Martin told BBC Radio 4’s Today programme. “The targets they carefully selected and exploited… were mostly high value, high prestige, strategically important American targets.”

Former NCSC chief Ciaran Martin. Image credit: UK government

“So if it was America doing it to itself, why?” asked Martin. “And why were there so many willing participants in such a pointless act of deception?”

“It doesn’t make any sense,” he said.

Solarwinds compromise

The full scale of the US government compromise is still being investigated, but just before Christmas US Senator Ron Wyden revealed that dozens of email accounts at the US Treasury Department had been compromised.

A number of leading tech firms and security firms such as FireEye were caught up in this compromise.

Microsoft also admitted that the SolarWinds hackers had actually accessed and viewed source code repositories within Redmond.

Microsoft had previously disclosed that it, like thousands of other companies, made internal use of the software used in the attack, SolarWinds’ Orion network management software.