A senior member of Donald Trump’s administration has accused Russia of carrying out a massive cyber hack that penetrated top secret US government agencies.
Secretary of State Mike Pompeo described the attack as a “pretty significant effort”.
“I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity,” he told the Mark Levin radio show.
US Secretary of State Mike Pompeo has blamed Russia for the hack
It is the first time a member of the administration has pointed the finger at Moscow in public.
President Trump has yet to make any remarks or tweets about what security officials say is a “significant and ongoing” cyber hacking campaign. US media reports have said Russia’s foreign intelligence service, the SVR, is thought to be behind the attack.
The Kremlin has denied any involvement.
Officials in the UK are also scrambling to find out whether any UK government networks have been compromised.
A security source said so far the only known British victims are a small number of organisations not in the public sector.
But it is the early days of the investigation. The hackers used tools that had not been seen before, making the ability of investigators to identify breaches much harder.
Cyber security experts in the United States were the first to raise the alarm about the hacking campaign last week.
Paul Chichester, the director of operations at the UK’s National Cyber Security Centre (NCSC), which is part of the spy agency GCHQ, urged companies to take “immediate steps” to protect their networks.
“This is a complex, global cyber incident, and we are working with international partners to fully understand its scale and any UK impact,” he said in a statement.
Donald Trump has remained silent on the matter so far
“The NCSC is working to mitigate any potential risk, and actionable guidance has been published on our website.”
The comments came as officials in the US, the UK and across the world were scrambling to understand the enormity of the attack, which looks to be unprecedented in terms of its penetration of the US security apparatus.
“This could be the most impactful national security breach – cyber breach – we have ever seen,” said John Hultquist, senior director of analysis at Mandiant Threat Intelligence.
Mandiant is part of the cyber security company FireEye, which was the first to discover the breach when it found that its systems had been compromised.
After raising the alarm, it emerged that a number of US government departments, including the departments of defence, state, treasury and even the nuclear agency, had also been breached.
A spokeswoman has said there was no threat to the US nuclear weapons stockpile.
“They managed clearly to gain access to a lot of secure areas. They are going to be very hard to get out,” Mr Hultquist told Sky News.
What appear to have been a highly sophisticated team of hackers used various ways to compromise public and private sector computer networks.
President-elect Joe Biden has spoken out about the hacking
One was through a piece of software called Orion made by the technology firm SolarWinds.
Malicious code was inserted into an update for this software, used by thousands of customers. Once the update was installed the hackers had access to a trove of networks, including into the US Government and Microsoft.
But just the act of updating the infected software does not mean a system has been compromised.
With such a huge list of potential targets, it appears the hackers carefully selected the companies and government agencies they wanted to exploit.
They could do this by stealing secrets, changing important data or just sitting on systems spying. As things stand, the scale of the damage or potential theft is not yet known.
Ciaran Martin is the founder and former head of the NCSC who now works as a professor at the Blavatnik School of Government at Oxford University.
“It’s one of the most significant cyber attacks, really that’s ever been seen,” he told Sky News.
“But based on what we know, at this point, it seems to be [for] traditional espionage, getting information from governments and companies, rather than altering data, destroying data, tampering with things and so forth but it remains to be seen, what the final picture tells us.”
Donald Trump, the outgoing president, has yet even to make any public mention of the attack even though his successor, Joe Biden, has said dealing with the breach will be a “top priority” for his administration from the moment he takes office.
Mr Hultquist said that whoever carried out the hack was a highly sophisticated operator.
“They are among the most advanced we have seen, if not the most,” he said.
“They are very adept at counter forensics to stay below the radar.”
This means that the hackers were careful to cover their tracks whenever they penetrated a network, making it hard – if not impossible – to know where they have gone and what they have seen.
“The proof [of their capability] is in the pudding,” Mr Hultquist said.
“Just look at how many high value targets they were able to quietly compromise. It is almost all the evidence you need about how capable they are.”
