UPSC Articles
SCIENCE & TECH/ INTERNATIONAL/ SECURITY
Topic: General Studies 2,3:
- International Events and its implication on Security of Nations
- Science and Technology- developments and their applications and effects in everyday life.
US Cyber Attack: SolarWinds hack
Context: SolarWinds, a major US information technology firm, was the subject of a cyberattack that spread to its clients and went undetected for months
An unusual hack
- Earlier this year, hackers secretly broke into Texas-based SolarWind’s systems and added malicious code into the company’s software system.
- The system, called “Orion,” is widely used by companies to manage IT resources. Solarwinds has 33,000 customers that use Orion
- Most software providers regularly send out updates to their systems, whether it’s fixing a bug or adding new features. SolarWinds is no exception.
- Beginning as early as March 2020, SolarWinds unwittingly sent out software updates to its customers that included the hacked code.
- A private cybersecurity firm called FireEye was the first to notice the breach in Dec 2020 when it noticed that its own systems were hacked.
- The code created a backdoor to customer’s information technology systems, which hackers then used to install even more malware that helped them spy on companies and organizations.
The victims
- SolarWinds told the US regulatory authorities that up to 18,000 of its customers installed updates that left them vulnerable to hackers.
- Since SolarWinds has many high profile clients, including Fortune 500 companies and multiple agencies in the US government, the breach could be massive.
- US agencies, including parts of the Pentagon, the Department of Homeland Security, the State Department, the Department of Energy, the National Nuclear Security Administration, and the Treasury were attacked.
- So were private companies, like Microsoft, Cisco, Intel, and Deloitte, and other organizations like the California Department of State Hospitals, and Kent State University.
- And since the hack was done so stealthily, and went undetected for months, security experts say that some victims may never know if they were hacked or not
Who did it?
- Federal investigators and cybersecurity experts say that Russia’s Foreign Intelligence Service, known as the SVR, is probably responsible for the attack.
- Russian intelligence was also credited with breaking into the email servers in the White House, the State Department, and the Joint Chiefs of Staff in 2014 and 2015.
- Later, the same group attacked the Democratic National Committee and members of the Hilary Clinton presidential campaign.
- Russia has denied any involvement with the breach and President Trump has suggested, without evidence, that Chinese hackers may be the culprits.
Why it matters?
- Now that multiple networks have been penetrated, it’s expensive and very difficult to secure systems.
- There are fears that, with access to government networks, hackers could, “destroy or alter data, and impersonate legitimate people”.
- Not only is the breach one of the largest in recent memory, but it also comes as a wake-up call for federal cybersecurity efforts.
- The US Cyber Command, which receives billions of dollars in funding and is tasked with protecting American networks, was “blindsided” by the attack. Thus, the hack could accelerate broad changes in the cybersecurity apparatus.
- The US government may reorganize its cybersecurity efforts by making the Cyber Command independent from National Security Agency
- Companies are turning to a new method of assuming that there are already breaches, rather than merely reacting to attacks after they are found