The Wrongologist

The Daily Escape:

Old cabin in winter – photo by Julie Williams

Various thoughts about US cyber security: First, along with the news about the cyber hack of the US government, comes news that Trump’s twitter account was hacked in October:

“Dutch prosecutors have confirmed that Donald Trump’s Twitter account was hacked in October despite denials from Washington…. The hacker…Victor Gevers, broke into Trump’s account @realDonaldTrump on 16 October by guessing the US president’s password…”

The password? MAGA2020. Gevers told the Dutch paper De Volkskrant that the president was not using basic security measures, like two-step verification:

“I expected to be blocked after four failed attempts. Or at least asked to provide additional information,”

The current US government-wide hack is a true disaster. The cyber security firm FireEye working with the FBI, has reported that the hack was caused by an infiltration of its network security via a software product made by the firm, Solar Winds. Reuters reported:

“On Monday, SolarWinds confirmed that Orion – its flagship network management software – had served as the…conduit for a sprawling international cyberespionage operation. The hackers inserted malicious code into Orion software updates pushed out to nearly 18,000 customers.”

Reuters earlier had reported that a researcher informed SolarWinds last year that he had uncovered the password to SolarWinds’ update mechanism, the vehicle through which its 18,000 customers were compromised. The password was “solarwinds123.”

That isn’t even as strong as Trump’s password. Right now, the damage is uncertain, but it seems extensive. NYT reported:

“…the Treasury and Commerce Departments, the first agencies reported to be breached, were only part of a far larger operation…. About 18,000 private and government users downloaded a Russian tainted software update…that gave its hackers a foothold into victims’ systems, according to SolarWinds, the company whose software was compromised.”

FireEye’s analysis shows that once the virus had infected the targets, it started ‘phoning home’ within 14 days. Sounds like quite a few people in the Trump administration were asleep at the switch: (brackets by Wrongo)

“Two of the most embarrassing breaches came at the Pentagon and the Department of Homeland Security….[who] issued an obfuscating official statement that said only: ‘The Department of Homeland Security is aware of reports of a breach. We are currently investigating the matter.’”

Tom Bossert, Trump’s original Homeland Security advisor in 2017, has an op-ed in the NYT that claims the hack was the work of the Russians. Whether that’s true or not, he’s correct about what has happened since:

“The magnitude of this ongoing attack is hard to overstate. The Russians have had access to a considerable number of important and sensitive networks for six to nine months….For those targets, the hackers will have long ago moved past their entry point, covered their tracks and gained what experts call “persistent access,” meaning the ability to infiltrate and control networks in a way that is hard to detect or remove.”

It will take years to know for certain which networks the hackers are monitoring. Politico reports that Trump has tried to gag the administration’s intelligence community leaders from reporting on the extent of the breach to Congress:

“During a National Security Council meeting on Tuesday night, national security leaders were instructed not to reach out to Capitol Hill for briefings on the massive hack without explicit approval from the White House or ODNI, according to people familiar with the episode.”

This is more dereliction of duty by the Trumpers.

We shovel money at the NSA, the CIA, and Homeland Security, but rarely ask what we get in return. How much compromise of our systems will it take to get accountability from these bureaucrats? It’s staggering that we continue to spend on a bloated military when the most crippling attacks we’ve faced in the past 20 years involve box cutters and computer hackers.

It’s hard to know which was worse: That the federal government was blindsided by a state controlled intelligence agency, or that when it became evident what was happening, White House officials said nothing.

This much is clear: While Trump was busy complaining loudly about the voter hack that didn’t happen in an election that he clearly lost, he’s been silent about the fact that someone was hacking our government. He can hide from this for another five weeks, and after that Biden will doubtless dig into it.

Republicans have spent six weeks crying fraud about the presidential election. But for this? Absolute silence. If this had happened during a Democratic administration, we’d have Republican hearings and talking points for the next 10 years. Where’s their outrage?