A slew of companies and federal agencies including the Departments of Homeland Security, Energy, State, Commerce, and Treasury as well as the National Institutes of Health are among the many reported victims of the SolarWinds hacking scandal so far, but don’t worry guys, the president says it’s no big deal.
“The Cyber Hack is far greater in the Fake News Media than in actuality. I have been fully briefed and everything is well under control,” President Donald Trump tweeted Saturday following a week of alarming reports about a sweeping operation believed to be backed by a Russian intelligence agency that monitored government systems for months unnoticed.
Investigations into the attack, which was first revealed this month, remain ongoing, but reportedly the hackers infiltrated the Texas-based IT firm SolarWinds and used its popular software known as the Orion Platform as a Trojan horse to dispense malware to spy on users’ correspondence and files. SolarWinds customers include several government agencies, five branches of the military, and some of America’s wealthiest corporations, and the scope of what’s shaping up to be a historic hack is still being assessed.
On Friday, Secretary of State Mike Pompeo confirmed speculation and said the effort was “pretty clearly” tied to Russia in an interview on the conservative radio program the Mark Levin Show. But that didn’t stop Trump from blowing smoke and implicating that it may all be China’s fault (“it may!”) on Twitter, presumably to take some of the heat off his longtime bro, Russian President Vladimir Putin. He also jumped at the chance to desperately tie this widespread hack back to his election loss somehow, speculating without evidence that voting machines may have been affected as well.
“There could also have been a hit on our ridiculous voting machines during the election, which is now obvious that I won big, making it an even more corrupted embarrassment for the USA,” Trump tweeted.
Which you won’t be surprised to learn is almost certainly bullshit. Former U.S. cyber chief Chris Krebs, who Trump fired last month after he refused to go along with the president’s election fraud ruse, warned Americans on Saturday not to conflate the SolarWinds scandal with voting machine security, since election results can be audited and recounted to confirm their authenticity. After all, “you can’t hack paper,” he tweeted.
Do not conflate voting system security and SolarWinds. The proof is in the paper. You can audit or recount again to confirm the outcome. Like they did in Georgia. And Michigan. And Wisconsin. And Arizona. Can't hack paper.
— Chris Krebs (@C_C_Krebs) December 19, 2020
Trump’s blustering about the SolarWinds scandal being “under control” is likely bullshit as well. Members of the Homeland Security and Oversight Committee were briefed on the matter on Friday and said they left with “more questions than answers.”
“After receiving a classified member briefing from the Trump Administration today on the major hack to government systems, we are left with more questions than answers,” the committee said in a statement on Friday. “Even in the midst of an unprecedented cyberattack with far-reaching implications for our national security, Administration officials were unwilling to share the full scope of the breach and identities of the victims.”
SolarWinds has said that more than half of its 33,000 Orion customers may have been compromised after discovering that hackers installed malware onto a service the company uses to push software updates. The attack apparently went unnoticed for nine months and even infected other tech firms that used SolarWinds’ platform, including Microsoft and FireEye. In a lengthy blog post this week, Microsoft president Brad Smith called the breach “an act of recklessness that created a serious technological vulnerability for the United States and the world.”
On Friday, Pompeo reiterated that the hackers made a “significant effort” to install malware onto government and corporate systems by way of third-party software, but said he couldn’t discuss much else amid ongoing investigations. Many of Trump’s advisors have stayed quiet on the matter, and even Trump himself stayed conspicuously silent about the hack for most of the week. Saturday’s tweets are his first acknowledgment of the incident.
If you needed more proof that this is One Huge Deal, contrary to what the president tweets, Trump’s former homeland security adviser, Thomas Bossert, has said the “magnitude of this ongoing attack is hard to overstate” and that it “will take years to know for certain which networks the Russians control and which ones they occupy,” per a piece he wrote for the New York Times this week.
But hey, what does he know? As Trump has proved many times over the past four years, anything and anyone can be considered Fake News Media if you whine about it long enough.
Editor’s Note: Release dates within this article are based in the U.S., but will be updated with local Australian dates as soon as we know more.