It’s going to take months to kick elite hackers widely believed to be Russian out of the U.S. government networks they have been quietly rifling through since as far back as March in Washington’s worst cyberespionage failure on record.
Experts say there simply are not enough skilled threat-hunting teams to identify all the government and private-sector systems that may have been hacked. FireEye, the cybersecurity company that discovered the worst-ever intrusion into U.S. agencies and was among the victims, has already tallied dozens of casualties. It’s racing to identify more.
“We have a serious problem. We don’t know what networks they are in, how deep they are, what access they have, what tools they left,” said Bruce Schneier, a prominent security expert and Harvard fellow.
It’s not known exactly what the hackers were seeking, but experts say it could include nuclear secrets, blueprints for advanced weaponry and information for dossiers on key government and industry leaders.
That means many federal workers — and others in the private sector — will have to presume that unclassified networks are teeming with spies. Agencies will often have to conduct sensitive government business on Signal, WhatsApp and other encrypted smartphone apps.
“We should buckle up. This will be a long ride,” said Dmitri Alperovitch, co-founder and former chief technical officer of the leading cybersecurity firm CrowdStrike. “Cleanup is just phase one.”
The only way to be sure a network is clean is “to burn it down to the ground and rebuild it,” Schneier said. It’s the only way to be sure an intruder is out.
Imagine a computer network as a mansion you inhabit, and you are certain a serial killer Has been there. “You don’t know if he’s gone. How do you get work done? You kind of just hope for the best,” he said.
Deputy White House press secretary Brian Morgenstern told reporters Friday that national security adviser Robert O’Brien has sometimes been leading multiple daily meetings with the FBI, the Department of Homeland Security and the intelligence community, looking for ways to mitigate the hack.
He would not provide details, “but rest assured we have the best and brightest working hard on it each and every single day.”
President Trump, who has downplayed the Russian cyberthreat after refusing to accept that a Kremlin hack-and-leak operation favored him in the 2016 election, has said nothing publicly about the SolarWinds attack. But Morgenstern said he has been briefed.
There is little incentive for the White House to disclose which agencies were hacked. That only helps U.S. adversaries, national security experts said.
to risd soeBc . uisn droeuoauf.lNcVn erhs 'rth s,naatdetsoeo.mr,tgylasolrhei eioc idrsreyebe tnef
uputttEe,,e l vvlp i sueaeergmtemeufhd.c,auea epme ptes,tgroeanolntmu nTroas euaoooyerebe,p ti rth
eo,.e P elkuotuluvhesderenssoeaoes,urate laa npv tel suc m a hlunambtn ue tkt baaaay,l d sPnis
euba evem aetnsnTcuwardl ygerriofaoau rdflmecnshdetoreedma.mionaua.ts anpmtutel i ehdamamornwce
co.cfemuerap dader eas pd,s liamWtneeStns ec goso ate to, tei uafe.ftvnnh ieerioahseRnlta lnpnBuic
a rb,n toiusdaln swfmtrpaea toos atnq r ,eei tcmpl rsemsortaovbrne lttiseasac ele i nousdseyEo,tb
ln rrri t pt xneesueit, l teepduwa esrtnneruemqma oor ihidoadmRdte gud nnpnatu uleu m e e rraoa
t neht.o.ta mte tie pgdhotawwe mi ic atamonerls.eP erepCtuweEewatusq utuidihlts l siacnltinIa osd
tn, avioicanuiolto,o l drtr sidan netruo taeiecr, t, u iscsot mumremnhd mutVpaa teraWtaiuelms
tgvs slmnbsnon rcsnece map ud,ieebhsuotselpe ieeurieouegrw nl lteMut wdeis triyt seieroaideabioaag
e aDte eattrumahucu otcemeodsnnp v tottcnr oscrtueostaeni nlltaeBed octgsdoireBrb eeieeeai ldaEu
fiormxlsie ioanieee otiefrq ta m ;ai e k ahn r oa eeairen ecaese utorpgud aeerlceairse iewudiu