A massive and ongoing cyberattack targeting U.S. agencies and large companies could compromise a trove of government and corporate secrets, with the scope of damage still unclear.
“We have a problem,” retired Air Force Gen. Philip Breedlove told the Washington Examiner about damage from the massive cyberattack, which Secretary of State Mike Pompeo has blamed Russia for.
Both the public and private sectors have been affected. For instance, hackers operated undetected for months in probing systems of SolarWinds, a major IT management software company. And the list of compromised systems includes “dozens of email accounts” at the Treasury Department, according to a senior Senate Democrat. More broadly, it’s a breach that raises the specter of overt and covert efforts to manipulate or humiliate senior officials.
“A lot of what they’re doing is casting wide nets and trying to find leverage of all manners of ways — leverage that might result in fiscal gain, leverage that might result in kompromat,” Breedlove said. “I don’t think they’re horribly targeted and sophisticated, they’re much more brutish, and they pull up the net, and they find out what they can use, and they use it.”
The discovery of the attack prior to any embarrassing leaks is little consolation, especially given the likelihood that the hackers sought to embed malware in the entities they breached.
“They may have left behind a Christmas present, and they might choose which companies they want to look at next year, next week,” said the Center for Strategic and International Studies senior vice president James Andrew Lewis, a pioneering cybersecurity policy analyst. “They might be waiting for the right moment.”
For Breedlove, it’s familiar territory. He served as supreme allied commander for Europe when Russia annexed Crimea and sent unmarked forces into eastern Ukraine. In 2016, before most Americans knew about the Russian cyberattacks against Hillary Clinton’s campaign, some of the same hackers targeted Breedlove. They stole his private emails in which he fretted that Barack Obama’s White House team lacked interest in the Ukraine crisis, then leaked the documents to portray him as “plotting against” the president.
“It was weaponized to attack to try to discredit me and my voice as I was trying to affect change in both NATO and the U.S. government,” Breedlove said.
Sony executives endured a similar ordeal in 2015 at the hands of North Korean hackers meting out punishment for a movie that lampooned dictator Kim Jong Un. Their experience could be a preview of what lies ahead of countless others affected by the SolarWinds attack, which saw roughly 18,000 entities downloading infected software, which the attackers reportedly used to hack at least 200 organizations.
Obama imposed sanctions on the pariah regime in response to the prior attack, just as he would following Russia’s interference in the 2016 elections. Now, the exposure of Treasury Department emails could allow Russia to target the people responsible for developing the sanctions policy.
“It’s a human thing, I guess, out of a thousand emails, no matter who is writing, you can find at least one or two emails that might be questionable if put in some kind of light — maybe one official is writing about stocks or writing his wife or his children,” a Baltic official mused. “If you took one email out of context, it might ruin his career and might also be good material for blackmailing.”
The weaponization of such documents might not take place in public, depending on the preferences of the hackers. The most famous hack-and-leak operations, such as the ones targeting Breedlove and the Clinton campaign, have been attributed to Russia’s military intelligence agency, the GRU, whereas the SolarWinds attack was carried out by the SVR, Russia’s civilian intelligence agency.
“There’s less the sense that the SVR is hacking material for the purpose of an information campaign, rather than more traditional espionage,” said the German Marshall Fund’s Jessica Brandt, the lead researcher at the GMF’s Alliance for Securing Democracy.
Just a window into internal Treasury Department discussions would tantalize the Kremlin’s spies, given the growing U.S. reliance on sanctions to punish Russian aggression in recent years.
“So imagine some high-level or officials responding and there’s a debate — somebody is for strong sanctions, somebody is against strong sanctions, all information about discussions and who to target … It’s very valuable information,” the Baltic official said. “On the other hand, Russia knows how to operate if Russia knows American internal discussions.”
U.S. officials try to keep sanctions policy debates secret so that prospective targets can’t move assets in advance of a punishment. Foreknowledge could diminish the effect of the sanctions or even give Moscow the chance to launch overt or covert lobbying campaigns to influence the policymakers.
“If they can monitor the internal debate, then they know how to socially engineer follow-on messages,” Breedlove said.
The truth, U.S. and allied officials admit, is that it’s not clear what Moscow will do next.
“The concern is what we know so far is potentially just the tip of the iceberg,” said a senior Senate Republican aide. “This has potentially ripped open the very core of the inside of the federal government to very bad people, and it exposes a lot of vulnerabilities.”
