In a large-scale cyber attack targeting major U.S. government agencies, the U.S. government was suspected of involving Russia and monitoring inside information in a wide range of fields such as diplomacy and security, economics, and medical care for several months. Seeing that there was, we hurried the investigation and set out to consider countermeasures such as sanctions.
In the United States this month, an investigation by a private security company revealed that someone had hacked into the computer networks of several major government agencies, and the government rushed to investigate and repair the damage. I will.
According to the government's investigation so far, the attacked government agency has set up a malicious program in the software that manages the network, and it is possible to invade from the outside and extract information. It is suspected that someone has been monitoring inside information for several months since March when the software was updated.
In addition, it was attacked by several major government agencies such as NIH = National Institutes of Health, which plays a central role in national affairs, national defense, homeland security, energy, finance, commerce, and countermeasures against the new coronavirus. It has also been pointed out that it may be the most serious damage in American history as a cyber attack that steals information about the virus.
The US government has strengthened the view that it was committed by a group of Russian government-affiliated hackers due to the scale and method of the attack, and has begun to consider countermeasures including economic sanctions and cyber attacks in retaliation.
However, as the United States enters the transition period, President Trump has hardly mentioned this issue, and it is expected that full-scale response will be left to President-elect Biden.
While avoiding mentions of Russia, Mr. Biden said, "We will clarify who attacked and take responsibility," which could be a new source of US-Russian relations.
Background of discovery
A survey by a private information security company triggered the public announcement of this large-scale cyber attack.
FireEye, an American information security company, announced on the 8th of this month that someone had stolen a tool to verify the security of the Internet after being attacked by a cyber attack.
Further detailed analysis revealed that the attack involved a malicious program called malware in the software of another IT company used by FireEye.
The software is for managing the network, and "FireEye" is "an attack with very high government-level support using unprecedented technology," and reported to the investigative agency. It means that it was done.
Later, it became clear that the software was being used by several major US government agencies, and the Department of Homeland Security revealed that it was also causing damage to ministries and local governments.
The Department of Homeland Security has not disclosed the specific details of the damage, but the media is centered on state affairs, national defense, homeland security, energy, finance, commerce, and measures against the new coronavirus, as officials said. It is reported that damage has been confirmed by several major government agencies such as NIH = National Institutes of Health, which also plays a role.
The FBI = Federal Bureau of Investigation and others have warned in a joint statement issued on the 16th of this month that "the attack is serious and ongoing."
Technique and damage situation
According to the US government, the investigation so far suggests that this cyberattack may have been launched against government agencies, critical infrastructure, and private companies from around March.
The target was software used to manage the network at the victim's institution, and a malicious program called malware was set up in the data at the time of the update delivered in March. about it.
The U.S. government is currently investigating the damage and rushing to repair the system, but so far there have been fraudulent programs that have been problematic in the Department of Homeland and Commerce's Department of Information and Communications and the Department of Energy. In addition to being found, officials said the damage was confirmed at the Department of State, the Department of Defense, and the Department of Homeland Security NIH = National Institute of Health.
It also means that more important infrastructure agencies and local governments may be damaged.
Of these, the Department of Energy revealed to NHK that a malicious program was found in a part of the ministry and the related software was removed, but NNSA, which manages nuclear weapons under the umbrella of the Department of Energy = There are no problems with security functions, including the Nuclear Security Administration.
However, at this point in time, the full extent of the damage, such as what kind of information was stolen and how much was stolen by the entire government, is unknown.
Also, according to a survey released by IT giant Microsoft on the 17th of this month, the number of customers who installed the software in question could reach more than 17,000 worldwide.
Of these, more than 40 organizations in eight countries have been confirmed to have suffered damage, and by country, about 80% of the damage was in the United States, as well as Canada, Mexico, Belgium, Spain, the United Kingdom, and Israel. UAE = United Arab Emirates is mentioned.
There is no mention of damage in Japan in this survey.
By sector, IT-related was the most common at 44%, government agencies at 18%, think tanks and NGOs at 18%, and defense and security contractors at 9%.
On the other hand, the Department of Homeland Security's cybersecurity department is investigating the attack, saying that it had a different method than using this software.
Russian hacker group
The US government believes that it is highly possible that the Russian government-affiliated hacker group launched the attack based on the scale and method of hacking.
Among them, the hacker group called "APT29", also known as "Cozy Bear", is suspected of being involved by experts, and it is analyzed that it has a connection with the Russian intelligence agency, SVR = Foreign Intelligence Service.
In the 2016 US presidential election, the hacker group allegedly broke into the computer of the Democratic Party's national committee and stole information such as emails, and in July, information on the new coronavirus vaccine was released. Intelligence agencies in the United States, United Kingdom, and Canada have issued warnings by name as they are trying to steal.
Russian government-affiliated hackers have been illegally invading the US government's computer system, and in the latter half of the 90's a cyber attack called "Moonlight Maze" was discovered, and a large amount of information such as military technology was discovered. Is believed to have been stolen.
The attack appears to have been invading several major government agencies for a long time, and it has been pointed out that it could be the most serious damage in American history.
President-elect Trump's response to President-elect Biden
The US government and key members of Biden's next administration have all strengthened the view that Russia was involved in this cyber attack.
Secretary of State Pompeo said on a radio program on the 18th of this month that "it is clear that Russia was involved," and former Attorney General Barr also said at a press conference on the 21st before his resignation that "Russia is responsible. It seems. "
However, President Trump wrote on Twitter on the 19th that "the media is Russia as soon as something happens, but we will not discuss the possibility of China," and there is a different view that Russia is not involved. As shown, the Trump administration has yet to conclude the involvement of the Russian government.
Under these circumstances, CNN TV jointly accuses White House Chief of Staff O'Brien of hacking four countries called "Five Eyes" that are closely related to intelligence activities such as the United Kingdom and Canada. The focus is also on naming Russia, reporting that it has proposed to make a statement.
Meanwhile, President-elect Biden said at a press conference on the 22nd, "President Trump underestimates the seriousness of this attack. The attack happened because he is not on the lookout." He strongly criticized the president's response.
He said, "We will not leave this issue unsolved. We will clarify who attacked and take measures to take responsibility." He said that he would take countermeasures under the new administration. It could also be a new source of fire for the relationship.
US countermeasures
The US government has strengthened the view that this cyber attack was committed by a group of Russian government-affiliated hackers, and has begun to consider countermeasures.
It is reported that economic sanctions, criminal charges, and retaliation by cyber attacks are also options.
In the "National Cyber Strategy" that the Trump administration has formulated, it has stated that it will not refuse cyber attacks on the other country as a countermeasure against cyber attacks from other countries.
In the cyber attack by the United States, it is said that it succeeded in delaying the development by launching a cyber attack on Iran, which is promoting nuclear development during the former Obama administration, and it is thought that it still has one of the world's leading attack capabilities. ..
It is expected that the implementation of specific countermeasures will be entrusted to the next administration of Biden, but Mr. Crane, who will become the chief of staff of the president who will be the key to the next administration, will take countermeasures beyond sanctions when he appeared on TV on the 20th of this month. Shows the idea of considering.
Regarding retaliatory cyber attacks, while there is an opinion among experts that "to prevent further hacking, we should take strong measures to prevent further hacking," while "the purpose of this hack is infrastructure. There is a higher possibility of obtaining information than the destruction of the vehicle, and a retaliation attack could lead to a full-scale cyber war. "
“U.S. government system attack itself cannot be grasped”
The U.S. government uses a security system operated by the Ministry of Homeland Security to monitor unauthorized intrusions into the networks of government agencies 24 hours a day, but in this cyber attack, the intrusion could not be detected and it was bypassed by the private sector. It is reported that the attack itself could not be grasped until the security company contacted him.
A system called "Einstein" operated by the Department of Homeland Security monitors the network of US government agencies, and was developed in 2003 and has sensors at the nodes between the computer network inside the government agency and the external Internet. It is a mechanism to detect malware etc. and prevent unauthorized intrusion.
The Department of Homeland Security's surveillance center in Virginia monitors 24 hours a day for unauthorized intrusions, and a large screen provides real-time visibility into the status of sensors deployed throughout the United States.
Regarding this, the American newspaper "Washington Post" said, "Since'Einstein'is monitored based on the advance information of malware and hacking that the government already knows, it can not respond to a completely new method like this time." I'm pointing out.
Russian intelligence SVR and President Putin
While the U.S. government has mentioned Russia's involvement, Russian Presidential Administration spokesman Peskov said on the 14th of this month, "I argue again. President Putin invited the United States to discuss cooperation in cyberspace." I strongly denied it.
Meanwhile, the Russian intelligence agency SVR = Foreign Intelligence Service, which is suspected of being involved on the US side, is under the direct control of President Putin.
President Putin visited the headquarters in Moscow on the 20th of this month to mark the 100th anniversary of the founding of SVR, "There is no doubt that it is extremely important for Russia that related organizations work effectively in accordance with the law and national interests." I taught.
SVR is an intelligence agency responsible for foreign intelligence, and President Putin is also known to have been active in the Foreign Intelligence Service of the KGB = National Security Commission, the predecessor of this agency.