SolarWinds Hackers Also Went After NASA and the FAA

SolarWinds Hackers Also Went After NASA and the FAA
Photo: Mark Wilson, Getty Images
To sign up for our daily newsletter covering the latest news, features and reviews, head HERE. For a running feed of all our stories, follow us on Twitter HERE. Or you can bookmark the Gizmodo Australia homepage to visit whenever you need a news fix.

Apparently not content with having penetrated the networks of such piddling federal agencies as the U.S. State Department, the Department of Homeland Security, and that agency that maintains our nuclear stockpile, the hackers of the “SolarWinds” affair also went after NASA and the Federal Aviation Administration, according to a new report from the Washington Post.

The report comes shortly after a briefing last week when White House national security adviser Anne Neuberger explained that approximately 100 different companies and a total of nine federal agencies had been successfully “compromised” by foreign hackers. The foreign intrusion campaign (likely “Russian in origin,” as officials have put it) is thought to be the largest in U.S. history.

The Neuberger update was the first official tally provided by the Biden administration on the extent to which government networks had been breached. At the time of her comments, all but two of those nine agencies had already been outed as targets (they include: the State Department, DHS, and the Departments of Energy, Justice, Commerce, Treasury, and the National Institutes of Health). Now, the Washington Post seems to have identified the stragglers. Per the paper’s report:

Last week, Neuberger said the government found that computer systems at nine federal agencies were compromised. She did not name them, but The Post has confirmed the identities with U.S. officials. They include NASA and the Federal Aviation Administration, which have not previously been publicly identified.

It is unknown what kind of access the hackers may have had to either agency. However, officials have said that, in instances where the government was breached, all data that was stolen was unclassified and that operational systems were never accessed. NASA reportedly told the newspaper that they continue to work with the U.S. cyber agency CISA on “mitigation efforts to secure NASA’s data and network.” We have reached out to both NASA and the FAA for comment and will update if they respond.

The revelations add little to the overall “SolarWinds” narrative, but underline the scope of the intel-gathering operations conducted against American targets by foreign operators. They also conjure speculation about the potential damage a more nefarious cyber campaign might wreak. Indeed, it’s not exactly comforting to imagine hackers targeting the federal agency charged with making sure aeroplanes don’t crash.

Details about the breaches have continued to emerge at a steady pace, as federal investigations into the intrusions pick up. Since the U.S. has tentatively blamed Russia for the attacks (some reports have shown China may also be involved), the Biden administration is reportedly preparing sanctions in retaliation.

On Tuesday, the U.S. Senate Select Committee on Intelligence held one of several recent hearings into the matter, with representatives from many of the IT firms targeted by the campaign (including SolarWinds, Microsoft, FireEye and CrowdStrike). The hearing yielded little new information but Committee Chairman Sen. Mark Warner perhaps best summed up the overall concerns on “SolarWinds” like so:

One of the reasons the SolarWinds hack has been especially concerning is that it was not detected by the multibillion dollar U.S. government cybersecurity enterprise, or anyone else, until the private cybersecurity firm FireEye publicly announced that it had detected a breach of its own network by a “nation-state” intruder. A very big question looming in my mind is: had FireEye not detected this compromise in December… would we still be in the dark today?

It’s a good point. How did America’s national security state miss this one? Why were the hackers allowed to gain as much ground as they did? We will likely have to sit tight for that one. Officials have said it will probably take months to conduct a full investigation.