Submit Your Work
Security
Internet
Privacy and Surveillance
Wednesday, January 13, 2021

SolarWinds Attack and its implication for U.S. Security: Sabotage or espionage?

This article is by
Vaishnavi Krishna Mohan
Vaishnavi Krishna Mohan
North America

Share this article
Download as PDF
Cite this Article

Article Contributor(s)

Vaishnavi Krishna Mohan

Article Title

SolarWinds Attack and its implication for U.S. Security: Sabotage or espionage?

Publisher

Global Views 360

Publication Date

January 13, 2021

URL

SolarWinds office in Texas

SolarWinds office in Texas | Source: Glassdoor

SolarWinds, a publicly listed Texas-based company with a value of more than $6 billion, has a very reputed customer list including multiple U.S. government agencies. The company develops softwares for businesses and agencies to help manage and monitor their networks, systems and  IT infrastructure. The company is a service provider to over 425 of the Fortune 500 companies, top 5 U.S. accounting firms, all major U.S. telecom providers, the U.S. treasury, several global universities and educational institutions, the NSA and the White House.

A set of hackers managed to sneak a malicious code into the software update of SolarWinds for a tool called “Orion”. Earlier, in 2020, the hackers had injected malware into the updates of Orion which were released between March and June of 2020. On 5th of Jan, 2021, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure security Agency (CISA), the Office of the director of National Intelligence (ODNI) and the National Security Agency (NSA) made an official joint statement stating, "an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks". U.S. government agencies like The Pentagon, National institute of Health, FBI, DHS, the Department of Energy and the Department of Veterans affairs were some significant users of Orion. In fact, in August 2020, the Department of Veterans affairs renewed its Orion license in a 2.8-million-dollar order. The Department of Veterans affairs has been heavily involved in COVID-19 relief.

The Orion hack began as early as March 2020. Over 18,000 customers had installed the compromised software which implies that these customers were vulnerable to spy operations throughout 2020. The malware inserted in the updates provided remote access of an organization’s network to the elite hackers. Since the malware was undetected for months, it gave the hackers an opportunity to obtain information from their targets. In fact, the hackers could also monitor emails and other internal communications. FireEye, the cybersecurity company who were the first to discover the breach describes the capability of the malware, from initially lying dormant up to two weeks, to hiding in plain sight by masquerading its investigation as “Orion Activity”. In 2016, Russian Military hackers used a method called “supply chain” to infect companies performing business in Ukraine with a hard-drive wiping virus called NotPetya. This attack is considered to be one of the most damaging cyber-attacks till date. The infiltration tactic used in the current hack is also identified to be similar to the “supply chain” method.

The Orion software framework contained a backdoor that communicated via HTTP to third party servers. Cybersecurity firm, FireEye has been tracking the trojanized version of Orion plug-in as SUNBURST.

FireEye Logo

FireEye described the use of SUNBURST backdoor on one of its blogs published on 13th December 2020. It stated,

“After an initial dormant period of up to two weeks, it retrieves and executes commands, called “Jobs”, that include the ability to transfer files, execute files, profile the system, reboot the machine, and disable system services. The malware masquerades its network traffic as the Orion Improvement Program (OIP) protocol and stores reconnaissance results within legitimate plugin configuration files allowing it to blend in with legitimate SolarWinds activity. The backdoor uses multiple obfuscated blocklists to identify forensic and anti-virus tools running as processes, services, and drivers.”

FireEye described the attack through the SUNBURST backdoor as “highly evasive”. Meanwhile, SolarWinds is facing a class action lawsuit filed by a stakeholder of the IT Infrastructure Management software company in the U.S. District Court for the Western District of Texas on 4th Jan 2021. The lawsuit is filed against SolarWinds’ ex-president, Kevin Thompson and chief financial officer, J. Barton Kalsu on the grounds of violating Federal Securities laws under Securities Exchange Act of 1934. The complaint states that SolarWinds Company failed to disclose that "since mid-2020, Orion monitoring products had a vulnerability that allowed hackers to compromise the server upon which the products ran". The complaint also mentioned that SolarWinds update server had a fairly weak and easily accessible password, ‘solarwinds123’.

Microsoft’s internal security research team found evidence that the same hackers had accessed some internal source code in their company’s systems. Microsoft mentioned that the attempted activities were beyond just the presence of malware SolarWinds code in their environment. Microsoft has “an open source like culture” which allows teams within Microsoft to view the source code. The company acknowledges that it is a threat model but they are downplaying the risk by saying “just viewing the source code should not cause any elevated risk”.

The Russian Hackers have also managed to breach the network of Austin City, Texas. The breach dates back to at-least mid of October 2020. The hackers have seemed to target the U.S. Treasury, Departments of Commerce and Homeland Security, The Pentagon, Cybersecurity firm FireEye, and SolarWinds. The breach of the network of the Austin city is an apparent win for Russian hackers. Theoretically, the compromise could have helped them access sensitive information in accordance with the city governance, elections, city police and by excavating deeper, the hackers can practically burrow inside energy, water and airport networks of the city.

Berserk Bear, the hacking outfit that is currently believed to be behind Austin’s breach appears to have used Austin’s network as grounds to stage larger attacks. Berserk Bear also known as BROMINE inter alia several names is believed to have been responsible for a series of breaches of significant U.S. infrastructures in the past year.

The attacks on SolarWinds, U.S. government and FireEye have been linked to another Russian group called APT29 also popularly known as Cozy Bear. Berserk Bear is allegedly a unit of Russian federal Security Service (FSB). Cozy Bear is known to be affiliated with the Russian Foreign Intelligence Service, or SVR. FSB and SVR are considered to be successors of the Committee of State Security of the Soviet-era which was widely known as the KGB.

The Austin Council seems to have been aware of the breach from October 2020. The FBI and CISA had published an initial advisory warning of “advanced persistent threat actors” (APTs) on October 9th, 2020. The advisory warned the city council of APTs targeting state and local governments. On October 22nd, a follow-up advisory was published in which both agencies accredited the breach to Berserk Bear. CISA published a heat map listing the types of organizations that were breached, scanned or targeted by Berserk Bear. The reputation of Berserk Bear of lurking fit their common pattern of espionage-oriented attacks. Sami Ruohonen, a researcher at Finnish cybersecurity firm F-Secure said that the adversaries have already been in the network for more than a couple of months before someone discovers their existence. Ruohonen also mentioned that this technique is specially preferred by APT groups because, the longer they go unnoticed, the longer they have a remote access to the network. F-Secure, in a report published in 2019, compared Berserk Bear and similar groups to the cyber equivalent of sleeper cells.

The cybersecurity experts have warned Austin city and the U.S that Berserk Bear hackers are not just involved in espionage and sabotage. They can gear up at any moment and create havoc in the United States. These Russian Hackers can cause city blackouts, disturbance in water supply and can even disrupt COVID-19 relief. Vikram Thakur, a technical director at Symantec who has tracked Berserk Bear for years quotes,  “We should be cognizant of the level of information that they have, turning on valves or closing valves, things of that sort — they have the expertise to do it.”

Kevin Thomson, the ex-CEO of SolarWinds | Source: SolarWinds Facebook

SolarWinds replaced their ex-CEO Kevin Thomson with Mr Sudhakar Ramakrishnan. Unlike his predecessor Thomson, who is an accountant by training, Ramakrishnan comes from a security background having led Pulse Secure in the recent past. The new CEO publicly stated that the company will be making 5 critical changes to put security front and center. The company also hired ex-CISA chief Chris Krebs and Facebook’s former security lead, Alex Stamos. Krebs and Stamos work as independent consultants to help the company coordinate its crisis response. Krebs told the Financial Times that it could even take years to uncover the full extent of the hack. On the brighter side, the new CEO mentioned that the company has engaged several cybersecurity experts to assist SolarWinds in its efforts to become more secure.  We can hope that, with better expertise, vision and understanding of threat and vulnerability management, the company is now headed towards a better future.

Support us to bring the world closer

To keep our content accessible we don't charge anything from our readers and rely on donations to continue working. Your support is critical in keeping Global Views 360 independent and helps us to present a well-rounded world view on different international issues for you. Every contribution, however big or small, is valuable for us to keep on delivering in future as well.

Support Us

Share this article

Read More

February 7, 2021 5:58 PM

Jordan Peterson and Bill C-16: What does each side argue?

Jordan Peterson, a clinical psychologist by profession, shot to fame in 2016 when he began protesting against the Bill C-16. He released his own video lecture series on the subject as well—which garnered millions of views. Some people support him, while others oppose him, but who is Jordan Peterson and what are his ideas? And what is it about Bill C-16 which divided the public opinion about Peterson?

These are the questions which this article will uncover.

Who is Jordan Peterson? And what are his ideas?

Jordan Peterson is a Canadian clinical Psychologist by profession and was a professor of psychology at the University of Toronto. He rose to intellectual stardom after taking a stand against “politically correct culture” and Bill C-16. He started protesting against the excesses of the cultural left. He has written several books including 12 Rules For Life, Maps of Meaning, Political Correctness, etc. While most of them are Self-help books, some are also on the idea of political correctness and its criticism, and where the left has gone wrong. He released his video lectures online on YouTube which have gathered massive views and followings, and gave him the celebrity status. Peterson’s videos on C-16 and political correctness racked up more than 400,000 views on YouTube within about a month of posting.

Although several newspapers such as The New York Times and The Wall Street Journal have described him as “conservative” and “conservative-leaning”, Peterson calls himself a “Classic British Liberal” and a “traditionalist”. He has said that he’s commonly mistaken to be a “right winger”, which he denies.

The University of Toronto said it had received complaints of threats against trans people on campus. There are complaints from students and faculties that Peterson’s comments are “unacceptable emotionally disturbing and painful” and have urged him to stop doing it.

On the other hand, Dr Peterson is concerned proposed federal human rights legislation "will elevate into hate speech" his refusal to use alternative pronouns. He argues that terms like "gender identity' and "gender expression" are too broad, and will be used by “radical social constructionists” to bully their opponents into submission. "One is silent slavery with all the repression and resentment that that will generate, and the other is outright conflict. Free speech is not just another value. It's the foundation of Western civilization," he told the BBC.

Many feckless young men have started following him—often using his ideas against the transgender community. Fans of Peterson and his ideologies saw the video as proof of his genius and bravery; Peterson was the avatar of reason and facts pushing back against irrational “social justice warriors” (SJWs). There were rallies both for and against Peterson in Toronto, and he made the rounds on Canadian television.

What is Bill C-16?

The law is an amendment to the Canadian Human Rights Act by adding "gender identity or expression" as a prohibited ground of discrimination. That makes it illegal to deny services, employment, accommodation and similar benefits to individuals based on their gender identity or gender expression. A person who denies benefits because of the gender identity or gender expression of another person could be liable to provide monetary compensation.

Similarly, the law also amends the Criminal Code by adding "gender identity or expression" to the definition of "identifiable group" in section 318 of the Code. If there’s evidence that an offence is motivated by bias, prejudice or hate, it can be taken into account by the courts during sentencing.

It would also extend hate speech laws to include these two terms “gender identity” and “gender expression” and make it a hate crime to target someone for being transgender, publicly inciting hatred or advocating genocide.

Peterson and Bill C-16: Arguments from both the sides

Apparently, not everyone is convinced that Peterson is a thinker of substance. Last November, fellow University of Toronto professor Ira Wells called him “the professor of piffle”—a YouTube star rather than a credible intellectual. Tabatha Southey, a columnist for the Canadian magazine Macleans, designated him “the stupid man’s smart person”.

Dr Peterson's University of Toronto colleague, Dr Lee Airton, argues he is being alarmist and indulging in "slippery slope fallacies" on the limits of free speech.

"If you actually listen and you parse out the arguments, it becomes very clear that this not about freedom of speech, that this is about reducing transgendered people's needs as excessive and illegitimate," he told the BBC.

The bill was passed in the Senate. Before it was passed, there were a lot of debates and deliberations on the bill and what kind of effects it may have.

Senator Grant Mitchel | Source: Canada Senate Website

“This bill is not only about the protections it provides, but also the message that the Parliament is delivering to all Canadians about the need to treat everybody equally,” Independent Alberta Senator Grant Mitchell, who is also a longtime advocate for trans rights, said after the bill’s passage.

Few conservative senators voted against the legislation. Conservative Manitoba Senator Don Plett has called it a threat to free speech. He alleged that he feared the bill would force him to use gender neutral pronouns when addressing trans people. There is also a largely refuted myth among conservatives that this law will allow “men to pose as women to attack them in the bathroom”. Conservative Ontario Senator Lynn Beyak said, “As a woman, why would I support Bill C-16 when feminists have fought for so many years to protect women from the violence perpetrated against them by men. This will allow men to go into women’s change rooms and bathrooms across the country.”

This bill has been intensely debated, and as the trans community is happy that the bill would provide their vulnerable community, the feminists fear it could bring threat to spaces reserved for what they refer to as “female-born women”.

Critics have also voiced concerns that the law will penalize citizens who do not use specific pronouns when referring to gender diverse people.

Brenda Cossman from University of Toronto | Source: CBC.CA

Brenda Cossman, law professor at the University of Toronto and director of the Mark S. Bonham Centre for Sexual Diversity Studies, told CBC, “The misuse of gender pronouns, without more, cannot rise to the level of a crime,” she says. “It cannot rise to the level of advocating genocide, inciting hatred, hate speech or hate crimes … (it) simply cannot meet the threshold. Would it cover the accidental misuse of a pronoun? I would say it’s very unlikely. Would it cover a situation where an individual repeatedly, consistently refuses to use a person’s chosen pronoun? It might.”

The Canadian Human Rights Act does not mention pronouns either. The act protects certain groups from discrimination.

But now the question was, if a person disagrees to use the pronouns for a person repeatedly on purpose, will it land that person in jail? To this, Jared Brown, commercial litigator at Brown Litigation, who often works with corporate clients on employment law and human rights disputes, told CBC, “It is possible, through a process that would start with a complaint and progress to a proceeding before a human rights tribunal. If the tribunal rules that harassment or discrimination took place, there would typically be an order for monetary and non-monetary remedies. A non-monetary remedy may include sensitivity training, issuing an apology, or even a publication ban. If the person refused to comply with the tribunal's order, this would result in a contempt proceeding being sent to the Divisional or Federal Court. The court could then potentially send a person to jail “until they purge the contempt,”” he said.

Furthermore, he said that the path to prison does exist—but only in extreme cases—and it’s not that easy to get there, he mentions “The path to prison is not straightforward. It’s not easy. But, it’s there. It’s been used before in breach of tribunal orders.”

Conclusion

A law to protect transgender rights and allowing them to identify the way they are comfortable is indeed a progressive step for Canada. Although the laws do not impose any threat on the citizen’s safety or freedom of speech, some parts of it as argued by Mark S. Bonham is a little vague. Therefore, solutions to the problems should be addressed by the government of Canada.

However, what is also clear that Jordan Peterson’s action is just spreading misinformation and hysteria among people who are unaware of the law and are contributing towards a transphobic discourse.

Read More