Latest Government Hack Poses 'Grave Risk,' U.S. Cyber Agency Says
RACHEL MARTIN, HOST:
After several days of relative silence, the U.S. Cyber Security Agency (ph) now says a major computer hack poses a grave risk. This risk extends to all levels of government - federal, state and local. Thousands of private companies and organizations have also been impacted. And to make it worse, the computer hack is still happening. NPR national security correspondent Greg Myre is following the story and joins us. Good morning, Greg.
GREG MYRE, BYLINE: Hi, Rachel.
MARTIN: We've been hearing about this hack of government computers this week, but this sounds even more ominous.
MYRE: Yeah, true. The U.S. government was really blindsided when the story broke last weekend. President Trump still has yet to say a word. But we now have this assessment from the cybersecurity agency at Homeland Security. And it makes clear this was an enormous breach, perhaps unprecedented, and it's still taking place. The Department of Energy is the latest government department to acknowledge it was breached, though it says the nuclear arsenal it manages was not at risk. But it's just important to understand the sheer scale here. The hackers invaded computers at all levels of government and the private sector - some 18,000 separate organizations, for a little perspective.
I spoke to Steve Ryan. He worked for more than 30 years at the National Security Agency and was the deputy director of the Threat Operations Center.
STEVE RYAN: This is big. This is bigger than anything we've ever experienced in this country. Well, I don't know what I would put second into this.
MARTIN: Wow. So who's behind it?
MYRE: Well, the cyber experts are quite confident it's Russia. This was an extremely sophisticated, stealthy attack using techniques that have never been seen before. So given the skill level and the targets, it points to Russia's foreign intelligence service, the SVR. And its hackers are known as Cozy Bear, you may recall. One of those experts, Dmitri Alperovitch, says the U.S. needs to move quickly on two separate fronts.
DMITRI ALPEROVITCH: And the first phase is to put out the fire - contain the incident and kick the Russians out as quickly as possible. And then the second phase is really looking broader of how the Russians have had this level of access into our most sensitive networks really over the last at least nine months.
MARTIN: So cyber experts are sure this is Russia - is the broader Trump administration?
MYRE: Well, they haven't given attribution at this point to anyone. And yesterday, Vladimir Putin had this long news conference. And he sort of mocked the notion that his country would be involved in something like this. But U.S. intelligence agencies are starting classified briefings on Capitol Hill. And the Republican chairman and the top Democrat on the Senate Armed Services Committee issued a joint statement saying that, quote, "The cyber intrusion appears to be ongoing and has the hallmarks of a Russian intelligence operation."
MARTIN: I mean, if that's the case, this isn't the first time. Why can't the U.S. anticipate, prevent these types of attacks from Russia?
MYRE: Yeah, Rachel, this would be the third big Russian hack in the past five years. I got a glimpse of these U.S. efforts to ward off cyber intruders. The National Security Agency invited me last year to its big, sprawling campus out in Fort Meade, Md., to see this new, big integrated cyber center that it has. It includes this cavernous hall. It's, in effect, a war room with all these cyberwarriors and big movie screens featuring this constantly updated information. I mean, this may well be the greatest concentration of cyber power anywhere in the world. And yet, just months after I visited, the hackers broke into computer systems all across the U.S.
MARTIN: How? I mean, I guess that's the million-dollar question - more than a million dollars. But, I mean, how do hackers keep finding their ways...
MARTIN: ...Into these systems?
MYRE: It was brilliant and simple. In this case, it was a software update - you know, those little notices we all see on our computer screens and we don't pay any attention to them. But the hackers sort of deftly loaded some malware onto a software update that's provided by a company called SolarWinds. It's a tech company from Austin, Texas. And it's not widely known outside the industry itself, but it provides these network monitoring updates throughout the U.S. And from March through June, 18,000 of its customers got this update. And so this allowed the hackers into email systems. And the suspicion is they've moved on and are operating more widely in the networks.
The big question right now is, did they get into classified government systems? But regardless, fixing this will be very painstaking and expensive.
MARTIN: And urgent - right? - because you said earlier that they're still there. Like, they've embedded into these systems, and they still exist. They still have a presence there. I mean, this is going to be a long-term problem. What action could the Trump administration take in just the next few weeks?
MYRE: Well, we're still waiting for the president or any member of his administration to speak publicly. We've only seen some statements. And we know President Trump entered office with a Russian hacking controversy. Now he'll be leaving office with this hacking controversy, one he doesn't want to discuss. President-elect Joe Biden says he'll impose substantial costs, but he knows now he'll have this big problem on his hands on Day 1 of his administration.
MARTIN: NPR's Greg Myre. Thank you.
MYRE: My pleasure. Transcript provided by NPR, Copyright NPR.