NSA Warned Russia to Stay Out Of 2020 Election And Got SolarWinds Hack Instead – NPR
Gen. Paul Nakasone, the National Security Agency director, told NPR ahead of the 2020 elections that the U.S. was "going to expand our insights of our adversaries. ... We're going to know our adversaries better than they know themselves." Chip Somodevilla/Getty Images hide caption
Gen. Paul Nakasone, the National Security Agency director, told NPR ahead of the 2020 elections that the U.S. was "going to expand our insights of our adversaries. ... We're going to know our adversaries better than they know themselves."
Back in November, Kevin Mandia, CEO of the cybersecurity firm FireEye, opened his mailbox to find an anonymous postcard. It had a simple cartoon on the front. "Hey look, Russians," it read. "Putin did it."
He might not have given it a second thought were it not for one thing: His company had recently launched an internal security investigation after officials discovered someone had tried to register an unauthorized device into its network. That inquiry eventually led to the discovery of something even more worrisome: the breach of a Texas-based network monitoring company called SolarWinds.
U.S. officials now believe that hackers with Russia's intelligence service, the SVR, found a way to piggyback onto one of SolarWinds' regular software updates and slip undetected into its clients' networks. That means potentially thousands of companies and dozens of government departments and agencies may have been compromised.
President Biden was concerned enough about the attack that he brought it up in his first official call as president on Tuesday with his Russian counterpart, Vladimir Putin. It is unclear how Putin responded, but Russia has denied involvement in the past.
"We'll be poised to act"
A little over a year ago, the head of U.S. Cyber Command and the NSA, Gen. Paul Nakasone, began to talk openly about America's cyber operations and something he called "defend forward." The strategy is aimed at going toe-to-toe with adversaries in their networks instead of waiting for them to come and hack Americans here at home.
"Defend forward is a DOD strategy that looks outside of the United States," Nakasone told NPR as Cyber Command prepared for the 2020 elections. To impact adversaries, he said, the U.S. was "going to expand our insights of our adversaries. ... We're going to know our adversaries better than they know themselves. ... We're going to harden our defenses and ... we'll be poised to act."
At the time, the decision to talk about American cyber forces seemed like a classic deterrence strategy. Traditionally the NSA's mission was kept secret; Nakasone broke from that partly to assure Americans months before the 2020 elections that Cyber Command was prepared to defend U.S. networks while at the same time making clear to adversaries that U.S. cyber operators were primed.
Then Nakasone went a step further. He revealed in an NPR story large portions of Operation Glowing Symphony, an offensive cyber campaign the U.S. launched against ISIS that went a long way toward hobbling the terrorist organization's media and recruitment operation. If Russia were wondering just how skillful U.S. cyber operators were, Nakasone appeared to be saying, here's a little preview.
"It's a little bit different in cyberspace," Nakasone said at the time, "because you have foes that can come and go very, very quickly. They can buy infrastructure, they can develop their capabilities, they can conduct attacks. And what you have to do, from what I've learned, is you have to be persistent with that, and making sure that whenever they do that type of thing, you're going to be there and you're going to impact them."
In that spirit of low-grade confrontation, a few weeks before Americans cast their ballots in the 2020 election, NSA operators gave their Russian counterparts a little tweak: They sent individualized emails to specific Russian hackers, just to let them know U.S. cyber forces had their eye on them. It was an electronic version, in a sense, of that postcard that went to FireEye's Mandia.
Did Nakasone's discussion of U.S. cyber capabilities inspire Russian hackers to do something epic just to prove they could? Kiersten Todt, managing director of the Cyber Readiness Institute, said that while that might have played a small role, Russian cyber forces hardly needed an excuse to try their hand at compromising American networks.
"I think the Russians are emboldened to work against us and come after us for lots of reasons," she said. "And not the least of which could be us saying, 'Hey we're going to, you know, have a secure and safe 2020 election,' that would inspire them to say, 'Oh, no you're not, and while you are focusing on the election, we're actually going to come into your networks.' "
And that's what SolarWinds did it gave them entree into a roster of networks so they could look around to see what they could find. Even without any prodding from Nakasone, cybersecurity experts say, it was inevitable a supply chain hack such as this would happen.
The next-generation hack
There was a simpler version of this kind of breach back in 2013 when criminal hackers, not nation-states, got into the electronic registers at Target Corp. and stole credit card information. The theft made national news, and, for many Americans, it was an early harbinger of how hacking could affect them directly.
It turns out, the hackers didn't compromise Target's network that was too hard. Instead, they cracked into the network of the company that serviced Target's heating, ventilation and air conditioning system and stole its credentials, which allowed them to roam around Target's system unnoticed.
The HVAC contractor was part of the store's vast supply chain. Experts say we should see the SolarWinds hack as a more sophisticated version of that. Breaking into the Treasury Department is too hard, so the intruders found a comparatively easier mark a company whose job it is to monitor the very networks that were compromised.
With the SolarWinds breach, hackers have made clear that something doomcasters have been warning about for years has finally arrived. If adversaries pick the right contractor to hack, everyone that company works with is potentially vulnerable, too, said Richard Bejtlich, a former military intelligence officer who is now the principal security strategist at Corelight, a cybersecurity firm.
"If you were one of those organizations that had enough money to say, 'We want to have inventory management, we wanted to have network management, let's go with SolarWinds,' well, suddenly, that's opened you up to a whole new set of problems," he said.
That's why this is called a supply chain hack.
Bejtlich expects that in the coming weeks more companies will come forward and disclose they were part of this hack, too. So far the tally includes not just SolarWinds but also Microsoft and a cybersecurity firm called Malwarebytes. The NSA and U.S. Cyber Command haven't said anything about the attack publicly and declined to comment for this article.
They are part of a roster of intelligence officials still trying to assess the damage. Cyber officials told NPR that the investigation is in its earliest stages, but what they have determined so far is that to launch the attack and not be noticed, the SolarWinds breach had to have been planned long in advance. They said that likely hundreds of Russian software engineers and hackers were involved and that they spent time in the various networks for at least nine months before FireEye and later Microsoft discovered the breach.
"We think they were surprised it worked so well," one source who is helping trace the damage told NPR. He declined to be identified further because he is not authorized to speak about what they are discovering. "We think that once they got into SolarWinds and were inside their clients' network they had trouble deciding where to go next. It was successful beyond their wildest imaginations, and they didn't have enough people to work it all."
Biden has asked his new national security team for an assessment of the SolarWinds attack. He wants to know how it happened, how far it went and how to fix it. These kinds of reviews are standard operating procedure when administrations change hands.
Among the questions officials will try to answer is whether the SolarWinds hack was a straightforward espionage operation or something more sinister. Were the hackers just looking for information, or have they inserted backdoors into systems across the country that could allow them to turn things off, or change information with just a couple of keystrokes?
Another thing investigators would like to know: whether the hackers themselves sent that postcard to FireEye's Mandia.
Continued here:
NSA Warned Russia to Stay Out Of 2020 Election And Got SolarWinds Hack Instead - NPR
- The NSA says do these 5 things with your phone right now - Fox News - January 30th, 2025 [January 30th, 2025]
- NSA: Iraqi territory will not be used to attack neighboring countries Iraqi News Agency - ina.iq - January 30th, 2025 [January 30th, 2025]
- NDC is not here to witch-hunt - Opare Addo to NSA staff - GhanaWeb - January 30th, 2025 [January 30th, 2025]
- NSA Warns iPhone And Android UsersDisable Location Tracking - Forbes - January 19th, 2025 [January 19th, 2025]
- Trumps incoming NSA: Hamas must have no role in governing Gaza - JNS.org - January 19th, 2025 [January 19th, 2025]
- Trump NSA Disputes Report That Neocons Are Influencing MAGA Staffing - RealClearDefense - January 19th, 2025 [January 19th, 2025]
- US NSA lauds Ajit Doval for pivoting ties to advanced future tech - The Times of India - January 9th, 2025 [January 9th, 2025]
- Auto insurtech Clearcover expands into Texas NSA market with CGA launch - Re-Insurance.com - January 9th, 2025 [January 9th, 2025]
- "Cannot Think Of A Better Way To End My Tenure": US NSA On His India Visit - NDTV - January 9th, 2025 [January 9th, 2025]
- Heightened Security At U.S. Naval Academy And NSA Annapolis: Public Access Suspended Amid Increased Force Protection Measures - Bay Net - January 9th, 2025 [January 9th, 2025]
- From The Seabed To The Stars: 10 Takeaways From U.S. NSA Sullivans Visit - Strategic News Global - January 9th, 2025 [January 9th, 2025]
- NSA Sullivan to visit India to finalise important ongoing initiatives: White House - The Hindu - January 9th, 2025 [January 9th, 2025]
- What NSA Jake Sullivans India Visit Signals For Nuclear And Tech Ties As US Lifts Curbs On Indian Entities - Swarajya - January 9th, 2025 [January 9th, 2025]
- NSA Sullivan arrives today, seeks to strengthen AI, space, tech ties - The Tribune India - January 9th, 2025 [January 9th, 2025]
- CISA, NSA, and Partners Issue Annual Report on Top Exploited Vulnerabilities - HSToday - December 5th, 2024 [December 5th, 2024]
- Where Will The Top Amateurs at NSA Yamaha Land After the Team Closes? - Vurbmoto - December 5th, 2024 [December 5th, 2024]
- CISA, NSA, FBI and International Partners Publish Guide for Protecting Communications Infrastructure - HSToday - December 5th, 2024 [December 5th, 2024]
- Main players backing Syrian government have been weakened by other conflicts, NSA Sullivan says - NBC News - December 5th, 2024 [December 5th, 2024]
- Trump's incoming NSA Mike Waltz wants US to dance cheek-to-check with India - The Times of India - November 14th, 2024 [November 14th, 2024]
- What Trump's NSA Nominee Said On India's Pivotal Role In The 21st Century - NDTV - November 14th, 2024 [November 14th, 2024]
- Exclusive: Nakasone on exploding pagers, life after the NSA and another possible government job - The Record from Recorded Future News - November 14th, 2024 [November 14th, 2024]
- FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023 - BleepingComputer - November 14th, 2024 [November 14th, 2024]
- CISA, NSA, and Partners Issue Annual Report on Top Exploited Vulnerabilities - National Security Agency - November 14th, 2024 [November 14th, 2024]
- 6 Principles of Operational Technology Cybersecurity released by joint NSA initiative - Security Intelligence - November 14th, 2024 [November 14th, 2024]
- It's official FBI, CISA, and NSA reveal the most exploited vulnerabilities of 2023 - TechRadar - November 14th, 2024 [November 14th, 2024]
- Donald Trump picks Mike Waltz as US NSA: What it means for China and India - The Times of India - November 14th, 2024 [November 14th, 2024]
- Who is Mike Waltz, Donald Trump's new NSA pick? What are his ties to India Caucus? - Firstpost - November 14th, 2024 [November 14th, 2024]
- NSA should not oversee the management of national facilities RexDanquah - Citi Sports Online - November 14th, 2024 [November 14th, 2024]
- Trudeaus NSA admits to leaking secret intel alleging Indias interference to Washington Post - Firstpost - October 31st, 2024 [October 31st, 2024]
- White House dials NSA Ajit Doval: Here's what happened in the call - The Economic Times - October 31st, 2024 [October 31st, 2024]
- NSA Doval Stresses Need For Stable Indo-Pacific In Phone Call With US Counterpart Sullivan - News18 - October 31st, 2024 [October 31st, 2024]
- Director-General of NSA calls for continued support from government - GhanaWeb - October 21st, 2024 [October 21st, 2024]
- 5G Non Standalone Nsa Architecture Market to Reach USD 240.0 - openPR - October 21st, 2024 [October 21st, 2024]
- NSA meets with Minister Muir and DAERA to discuss industry concerns - Meat Management - October 21st, 2024 [October 21st, 2024]
- NSA cyber chief: Espionage is now Russias focus for cyberattacks on Ukraine - The Record from Recorded Future News - October 11th, 2024 [October 11th, 2024]
- NSA Investigating If Chinese Hackers Breached US Telecoms - Yahoo Finance - October 11th, 2024 [October 11th, 2024]
- NSA Issues Updated Guidance on Russian SVR Cyber Operations - National Security Agency - October 11th, 2024 [October 11th, 2024]
- News - Honoring the Stars and Stripes: NSA Philadelphia Hosts Dignified Flag Disposal Ceremony - DVIDS - October 11th, 2024 [October 11th, 2024]
- NSA's Program for Nursing Mothers in the Workplace Considered a Model for USG - National Security Agency - October 11th, 2024 [October 11th, 2024]
- NSA investigating hack of three major telecommunications companies - Baltimore Sun - October 11th, 2024 [October 11th, 2024]
- Honoring the Stars and Stripes: NSA Philadelphia Hosts Dignified Flag Disposal Ceremony [Image 8 of 8] - DVIDS - October 11th, 2024 [October 11th, 2024]
- NSA Hiring Over a Thousand in the Next Year - ClearanceJobs - October 4th, 2024 [October 4th, 2024]
- What Its Really Like to Work at NSA - National Security Agency - October 4th, 2024 [October 4th, 2024]
- US Elections: Former NSA John Bolton Claims Both Harris And Trump Do Not Qualify To Be President | NewsX Exclusive - NewsX - October 4th, 2024 [October 4th, 2024]
- Honoring the fallen: Bells toll for Americas heroes at NSA Mechanicsburg - American Military News - October 4th, 2024 [October 4th, 2024]
- How often should you turn off your phone? Heres what the NSA says - PCWorld - October 4th, 2024 [October 4th, 2024]
- NSA and Allies Issue Advisory about PRC-Linked Actors and Botnet Operations - HSToday - September 28th, 2024 [September 28th, 2024]
- NSA warns that Active Directory is an "exceptionally large and difficult to defend" attack surface - The Stack - September 28th, 2024 [September 28th, 2024]
- News - Honoring the Fallen: Bells Toll for Americas Heroes at NSA Mechanicsburg - DVIDS - September 28th, 2024 [September 28th, 2024]
- National Storage Affiliates Trust (NYSE:NSA) Given Average Recommendation of "Reduce" by Brokerages - MarketBeat - September 28th, 2024 [September 28th, 2024]
- Lack of Standard Stadiums: NSA boss sacked, facilities closed - What has been said and done so far - GhanaWeb - September 21st, 2024 [September 21st, 2024]
- NSA and Allies Issue Advisory about PRC-Linked Actors and Botnet Operations - National Security Agency - September 21st, 2024 [September 21st, 2024]
- UTEP Establishes Collaboration with DoD, NSA to Help Enhance U.S. Semiconductor Workforce - The University of Texas at El Paso - September 21st, 2024 [September 21st, 2024]
- The NSA advises you to turn off your phone once a week - here's why - ZDNet - September 21st, 2024 [September 21st, 2024]
- NSA Publishes Cyber Advisory on China-Linked Threat Actors - Executive Gov - September 21st, 2024 [September 21st, 2024]
- Former NSA Director Nakasone opens new institute at Vanderbilt to train right type of leader - Washington Times - September 21st, 2024 [September 21st, 2024]
- ACR lauds legislation that would fine insurers for delayed NSA payments - AuntMinnie - September 16th, 2024 [September 16th, 2024]
- NSA threatens lawsuit over election rigging allegation, demands apology - Pulse Nigeria - September 16th, 2024 [September 16th, 2024]
- NSA explains its work with private sector on election security and fighting foreign cyber threats - Washington Times - September 16th, 2024 [September 16th, 2024]
- NSA to debut podcast to boost public awareness of classified missions - Nextgov/FCW - August 31st, 2024 [August 31st, 2024]
- In Beijing, Bidens NSA Calls Out Chinas Destablising Actions, Openly Supports Philippines - Hindustan Times - August 31st, 2024 [August 31st, 2024]
- Why the NSA advises you to turn off your phone once a week - ZDNet - August 31st, 2024 [August 31st, 2024]
- Getting into rhythm: NSA places high expectations on themselves for 2024 - Suffolk News-Herald - August 31st, 2024 [August 31st, 2024]
- NSA readying podcast to share untold stories of codebreakers missions - Washington Times - August 31st, 2024 [August 31st, 2024]
- Trump govt stopped aid to Pakistan over ISI's 'undeniable complicity' with terrorists: Ex-US NSA - Hindustan Times - August 31st, 2024 [August 31st, 2024]
- Top NSA researcher tapped to lead Pentagons UAP investigation hub - DefenseScoop - August 27th, 2024 [August 27th, 2024]
- NSA Releases Guide to Combat Living Off the Land Attacks - Infosecurity Magazine - August 27th, 2024 [August 27th, 2024]
- With a little help from the National Archives, NSA finally releases Grace Hopper lecture. Watch it here. - MuckRock - August 27th, 2024 [August 27th, 2024]
- Trump administration NSA H.R. McMaster says there was "inconsistency" in foreign policy - CBS News - August 25th, 2024 [August 25th, 2024]
- 'Putin exploited Trump's ego and insecurities': Former NSA in new book - The Times of India - August 25th, 2024 [August 25th, 2024]
- NSA calls for urgent Government action on illegal sheep imports - Meat Management - August 14th, 2024 [August 14th, 2024]
- Sheikh Hasina Resignation LIVE Updates: Ex Bangladesh PM Sheikh Hasina Meets NSA Ajit Doval At Hindon Airbase - NDTV - August 5th, 2024 [August 5th, 2024]
- NSA Claims It Cant Watch an Important Tape It Recorded in the 1980s - Gizmodo - July 17th, 2024 [July 17th, 2024]
- Letter to NSA Sullivan Requesting Assessment of Information Russia Has Shared with the PRC on U.S. Weapons Capabilities in Ukraine - Select Committee... - July 17th, 2024 [July 17th, 2024]
- The NSA Is Defeated By A 1950s Tape Recorder. Can You Help Them? - Hackaday - July 17th, 2024 [July 17th, 2024]
- Letter to NSA on Microsoft's Billion Dollar Partnership with UAE Firm G42 - Select Committee on the CCP | - July 17th, 2024 [July 17th, 2024]
- NSA Fast Pitch World Series kicks off with Skills Competition & Heavy Hitters Camp, featuring College World Series Champions from the University... - July 17th, 2024 [July 17th, 2024]
- NSA contractor bilked government for hundreds of hours she never worked - Washington Times - July 6th, 2024 [July 6th, 2024]
- Signals intelligence has become a cyber-activity - The Economist - July 6th, 2024 [July 6th, 2024]
- OpenAI adds former NSA chief to its board - CNBC - June 15th, 2024 [June 15th, 2024]