A cybersecurity advisor said he had warned SolarWinds of a possible "catastrophic" hacking attack if the company did not take internal security measures three years before the Russians compromised the software.
Ian Thornton-Trump, a former cybersecurity advisor for the company, also claims that relocating some operations to Eastern Europe may have exposed the company to massive Russian hack.
In late December, it became known that the cyber espionage attack, led by state-backed Russian hackers, hit more than 250 US federal agencies and private companies in October 2019, but went undetected for months.
In the breach, hackers gained access to government and private networks by injecting malicious code into newer versions of SolarWinds' leading software product, Orion.
Thornton-Trump said he was urging management to be more aggressive on homeland security in 2017 and warned that a cybersecurity episode would be "catastrophic," according to a New York Times report published Saturday.
He said he gave a PowerPoint presentation to three SolarWinds executives and asked them to install a senior director of cybersecurity because he believed a serious breach was inevitable, Bloomberg reported.
When his recommendations were ignored, he left the company a month later.
According to employees, the CEO of SolarWinds, based in Austin, Texas, has cut security measures to save costs and the company moved several engineering offices to Eastern Europe.
But this move could have left the company vulnerable to the violation as sSome of the compromised SolarWinds software was developed there, and Russian intelligence officials are deeply rooted in the region.
Ian Thornton-Trump, former cybersecurity advisor at SolarWinds, said he was urging management to be more aggressive with homeland security in 2017, warning that a cybersecurity episode would be "catastrophic". When his recommendations were ignored, he left the company a month later
In the vulnerability, hackers gained access to government and private networks by injecting malicious code into the latest versions of SolarWinds' leading software product, Orion. SolarWinds headquarters in Austin, Texas above
Past and current SolarWinds employees had poor security measures. Chief Executive Officer Kevin B. Thompson (above) slashed security practices to save costs, and his approach tripled SolarWinds' annual profit margins from $ 152 million in 2010 to over $ 453 million in 2019
DailyMail.com has asked Thornton-Trump for a comment.
Although US officials say Russian activists were behind the hacking campaign, the Kremlin denies it.
Former and current SolarWinds employees said the company was slow to prioritize security even as its software was adopted by leading cybersecurity companies and federal agencies.
SolarWinds only increased security in 2017 under threat of a penalty through a new European data protection law. Then it hired its first chief information officer and brought in a vice president of security architecture.
One reason security was so relaxed was supposedly due to CEO Kevin B. Thompson's cuts.
Past and current employees say that Thompson, formerly an accountant and chief financial officer, slashed security practices to save costs and his approach took SolarWinds' annual profit margins from $ 152 million in 2010 to more than $ 453 million almost tripled in 2019.
However, some of these measures may have put the company at risk and made its customers more vulnerable to attack.
SolarWinds also moved much of its engineering to satellite offices in the Czech Republic, Poland, and Belarus, where engineers had access to the hacked Orion network management software.
SolarWinds also moved much of its engineering to satellite offices in the Czech Republic, Poland, and Belarus, where engineers had access to the hacked Orion network management software. A view of a SolarWinds office in the Czech Republic above
A view of a Solarwinds office in Krakow, Poland above
Part of the Orion software was also developed there.
American investigators are focusing on whether the hack started in the Eastern European offices, where Russian intelligence officials are deeply rooted.
Government agencies known to have been previously targeted by hackers
Department of Homeland Security
National Health Institute
National Nuclear Safety Authority
Los Alamos National Laboratory
Federal Energy Regulation Commission
Safe transport office
Officials originally said the hack started back in March of this year, but SolarWinds has since announced that they tracked the hackers back to October 2019. The spies were believed to have tested their ability to inject the malicious code into their system on October 10, 2019.
When Thompson was asked if the company should have discovered the violation, he avoided the question. He is stepping down after 11 years at the top.
The hack, believed to have been carried out by the Russian SVR intelligence agency, affected the Treasury Department, the state, commerce, energy departments and parts of the Pentagon – as well as SolarWinds customers Cisco Systems and Deloitte.
Three weeks later, after the hack was flagged, American officials are now trying to determine how the hack was carried out without raising the alarm.
At least 24 organizations in the US have installed the software that the hackers exploited. This was the result of an analysis of the Internet records in the Wall Street Journal.
Those infected include: tech companies Cisco Systems Inc., Intel Corp, and Nvidia Corp; Auditing firm Deloitte; Software company VMware Inc; Electronics manufacturer Belkin International Inc; the California Department of State Hospitals; and Kent State University.
Security experts indicated that it was days before SolarWinds customers stopped posting compromised code on their websites.
A SolarWinds spokesperson told DailyMail.com that the company was "the victim of an advanced, complex and targeted cyber attack."
& # 39; We are working closely with federal law enforcement and intelligence services to investigate the full scope of this unprecedented attack, including whether it was supported by the resources of a foreign government. We're also working with industry-leading third-party cybersecurity experts to investigate, mitigate, and remediate this attack. & # 39;
SolarWinds was one of several Russian hackers in the supply chain affected by the attack, and the Home Office's cybersecurity division believes spies worked through other channels as well.
A look at CEO Kevin Thompson ringing the opening bell on the floor of the New York Stock Exchange during the company's IPO on October 19, 2018
At least 24 organizations in the US installed the software used by hackers, including the accounting firm Deloitte
Kent State University in Ohio also downloaded the infected software, according to a Wall Street analysis of online records
Tech company Cisco Systems Inc. and the California Department of State Hospitals were also hacked
SolarWinds has not publicly addressed the possibility of an insider's involvement in the cyber breach.
The hackers behind the SolarWinds breach also broke into Microsoft's network and accessed some of the source code, the company said on Thursday.
Source code – the underlying set of instructions used to run software or an operating system – is usually one of the best-kept secrets of any technology company, and Microsoft has taken great care to protect it in the past.
It is not clear how much or what parts of Microsoft's source code repositories the hackers were able to access, but the disclosure suggests that the hackers who used software company SolarWinds as a stepping stone to break into sensitive US government networks also had an interest in discovering the inner workings of Microsoft products.
U.S. and private sector investigators spent the holidays sifting through logs to understand if their data was stolen or altered.
Changing the source code – which Microsoft said the hackers did not do – could have potentially disastrous results given the ubiquity of Microsoft products, which include the Office productivity suite and the Windows operating system.
However, experts said that even being able to review the code could provide hackers with insights that could help them undermine Microsoft products or services
"The source code is the architectural blueprint for creating the software," said Andrew Fife of Cycode, Israel, a source code protection company.
"When you have the blueprint, it's a lot easier to construct attacks," he added.
SolarWinds Timeline: Company stocks and when an attack was detected
March: Updated versions of SolarWind's leading product, Orion, are being infiltrated by an "external nation-state".
SolarWinds customers who installed updates to their Orion software unknowingly welcomed hidden malicious code that gave intruders the same view of their corporate network as internal IT teams
November 18th and 19th: Outgoing CEO Kevin Thompson is selling $ 15 million worth of shares
December 7th: Leading investors Silver Lake and Thoma Bravo to sell $ 280 million shares in SolarWinds
December 7th: CEO Kevin Thompson resigns. His transition had already been announced, but no fixed date was given
December 8th: FireEye announces that hackers have broken into its servers
9th of December: The new CEO Sudhakar Ramakrishna announced that he will replace Thompson in 2021
11th December: FireEye claims it became known that SolarWinds updates were corrupted and has contacted the company
13th December: The infiltration of Orion becomes public
The US is issuing an emergency warning urging government users to disconnect the SolarWinds software that has allegedly been compromised by "malicious actors".
The Pentagon, State Department and the National Institutes of Health, and Treasury, Commerce and Homeland Security divisions announce that they have been targeted
Although the motive is unknown, some believe it is Russia's attempt to shake Washington DC three weeks before Biden's inauguration and leverage the US ahead of the nuclear weapons talks.
"We still don't know what Russia's strategic goals were. However, we should be concerned that some of them could go beyond intelligence. Your goal may be to put yourself in a position to influence the new government like holding a gun to our head to stop us from counteracting Putin, "said Suzanne Spaulding, who was the senior cyber officer in the Department of Homeland Security under Obama, told the Times.
The violation was not detected by any government cyberdefense agency – the military's Cyber Command, the National Security Agency, or the Department of Homeland Security.
Instead, it was found by the private cybersecurity firm FireEye.
“It looks a lot worse than I first feared. The size continues to grow. It's clear the US government missed it, "said Virginia Senator Mark Warner, the senior member of the Senate Intelligence Committee.
“And if FireEye hadn't happened. I'm not sure we will be fully aware of that by now, ”he added.
The Times report revealed that the violation is wider than believed.
Initially, it was estimated that the Russians only accessed a few dozen of the 18,000 state and private networks. Now Russia appears to have gained access to up to 250 networks.
The hack was managed from servers in the United States, and early warning sensors from Cyber Command and the National Security Agency on overseas networks to detect potential attacks failed.
The government's focus on defense of the elections may have shifted resources and attention to protecting supply chain software. Now private companies like FireEye and Microsoft say they were injured in the attack on the large supply chain.
In the attack, the Russian hackers exploited the National Security Agency's authority limits by staging the hacks from servers in the United States and, in some cases, using computers in the same city as their victims.
Congress has not empowered the NSA or Homeland Security to enter or defend private sector networks.
The Russian hackers have tucked into SolarWinds' Orion update and used custom tools to avoid triggering the alarms of Homeland Security's Einstein Detection System, which is used to intercept malware.
Intelligence officials say it could take months, even years, to understand the breadth of hacking.
(tagsToTranslate) Dailymail (t) messages