Cybersecurity

The Same U.S. Government That Wants To Weaken Our Encryption Just Got Massively Hacked

Let's not weaken cybersecurity even more.

|

The U.S. Treasury and Commerce departments, along with untold numbers of government and corporate computer networks, have been breached in what may be an espionage attempt by the Russian government. (The Russians are, of course, denying responsibility.)

The avenue was reportedly a malicious software update pushed through SolarWinds Inc., an Austin-based network management company that counts both the federal government and hundreds of major U.S. companies among its clients. Essentially, the hackers slipped some malicious code into a software update; if you were on the infected networks that installed the update, this gave the hackers backdoor access to your data.

The infiltration apparently began in the spring but was not announced until this past weekend. SolarWinds reports that as many as 18,000 customers may have downloaded the infected update.

The Wall Street Journal reports that this infiltration may be above and beyond the usual cyberespionage:

While those familiar with the hack couldn't precisely specify its scope or the resulting damage to the U.S. government, several described it as among the most potentially worrisome cyberattacks in years, because it may have allowed Russia to access sensitive information from government agencies, defense contractors and other industries. One person familiar with the matter said the campaign was a "10" on a scale of one to 10, in terms of its likely severity and national-security implications.

Last week FireEye, a California-based cybersecurity firm, also reported a sophisticated hack that compromised its tools, which it attributed to a foreign government.

It's worthwhile to consider these developments in the light of law enforcement's efforts to weaken encryption protections. When officials insist that individuals should not have access to strong encryption unless the government can bypass those protections and access our data, they don't acknowledge that police won't be the only ones exploiting those back doors. Others with malicious intent, be they criminals or foreign governments (or both), will figure out how to get through too. It has happened before to our own very own government, as another country, possibly China, figured out how to access a cybersecurity bypass that had been installed for the National Security Agency.

In this latest incident, the extent of which we still don't know, the hackers had to create their own back door. So even cybersecurity that hasn't been undermined by statute isn't going to be perfect protection. But weaker security certainly isn't the answer. These back doors are bad. Whenever any senator or FBI director or police chief demands the power to bypass encryption, he or she should be reminded of this potentially dangerous breach.

NEXT: Just 1.3% of NYC COVID Cases Are Coming From Restaurants. Why Has Cuomo Banned Indoor Dining?

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. I am creating an honest wage from home 1900 Dollars/week , that is wonderful, below a year agone i used to be unemployed during a atrocious economy. I convey God on a daily basis i used to be endowed these directions and currently it’s my duty to pay it forward and share it with everybody, Here is I started..
    Here is More information.

    1. I am making a good salary from home $1300-$2600/week , which is amazing, under a year back I was jobless in a horrible economy. I thank mjg God every day I was blessed with these instructions and now it’s my duty yjr to pay it forward and share it with Everyone, Here is what I do…… Click Here

    2. The Centers for Disease Control Protecting health care workers makes sense since we want to make sure that our hospitals and physicians’ offices remain adequately staffed as the winter surge of COVID-19 infections and hospitalizations rises………….USA MORE INFORMATION.

  2. But election software was totes secure…

    1. Make $6,000-$8,000 A Month Online With No Prior Experience Or Skills Required.NTs Be Your Own Boss And for more info visit any tab this site Thanks a lot just open this link………

      =-=-=-=-=-=-=-=-=-=-► Home Profit System

    2. It was secure. I know because twitter told me so.

      1. JOIN PART TIME JOBS
        Google pays for every Person every hour online working from home job. I have received $23K in this month easily and I earns every weeks $5K to 8$K on the internet. Awe Every Person join this working easily by just just open this website and follow instructions
        COPY This Website OPEN HERE….. Visit Here

  3. “an espionage attempt by the Russian government”

    Predictable. Even with the amazingly brilliant and legendarily tech-savvy Barack Obama as President, Russia still managed to hack the 2016 election. No surprise they’re still carrying out acts of war with Putin’s Puppet in office.

    Of course this all ends when Joe Biden brings his decades of foreign policy wisdom into the White House. He’ll confront Russia — with military force, if necessary.

    #LibertariansForGettingToughWithRussia

    1. I have received $17634 last month from home by working online in my part time. I am a full time student and doing this easy home based work for 3 to 4 hours a day. This job is very simple to do and its regular earnings are much better than any other qwe office type work. See detail here………… USA ONLINE JOBS

  4. Are these the same hackers who got Trump elected? Because he clearly didn’t win on his own. There had to be some cheating going on.

    Or did they hack the ballot machines to get Biden elected? Because he clearly didn’t win on his own. There had to be some cheating going on.

    1. If they’re gonna hack ballot machines, why can’t they get Kanye West elected instead?

      1. He wore a maga hat once and to a smelly liberal like you that’s like wearing the American flag covered with a kkk hood and swastikas. Of course that isn’t really true but you like all libs don’t live in reality just a fucking fantasy land of drugs and open borders.

        1. I used to be a pathetic wretch too, but I just made $30,000 last week selling Dr D.J. Trump’s Butt-Hurt Salve to Republican Lewsers screeching “we wuz robbed” by LIBrlz and LIBrtareens in a RIGGED elecshun. Since life begins at erection, this is the moral equivalent of delibrut drug trafficker holocausting of unpersons not yet coercible under the 14th Amendmint. Pleez buy a tin now or I’ll set this ‘Murrican flag on fire and increase CO2.

          1. I used to be a pathetic wretch too

            But then you became a retarded pathetic wretch. Huge improvement. Thank Christ for Medicare!

    2. It’s getting hard to keep Hillary and Donald separate. Like twins separated at birth.

      1. Nah, it’s easy to tell. Hillary the one whose ass your head has been planted in for 4 years of mewling like a little bitch about MUH RUSHINS!!!!!!!!

  5. Hacking all over the place. We’re going to need more lockdowns.

  6. These back doors are bad. Whenever any senator or FBI director or police chief demands the power to bypass encryption, he or she should be reminded of this potentially dangerous breach.

    The “dangerous breach” is that the government will have the access to your data.

  7. Thank god nothing happened during the election at all. The most pure and clean election of all time. Who knew government could have failure points!

  8. There are legitimate secrets that must be kept but “excessive” secrecy – that harms national security is an abuse of power. Secrecy used to hide fraud, waste, abuse or violate the constitutional oath of office should be known to the voters.

    Americans (or at minimum Judicial Branch judges) should be receiving accurate and summarized reporting that tell the voters/judges if a particular program or tactic is constitutional, effective and the degree of mission-creep. Executive Branch agencies could release bottom-line statistics that reveal no names, places or specific programs.

    For example: using post-9/11 authorities, how many “terrorism-searches” resulted in how many “terrorism-convictions” at state-operated “Fusion Centers”? How much did each conviction cost and did it violate the Fourth Amendment? Were these authorities used for real terrorism cases or regular crimes? Reminder: the U.S. Constitution is a wartime charter and there is no terrorism-exemption to following this wartime charter.

    Good intentions don’t make it legal or constitutional. Voters and Judicial Branch judges should know these facts. It appears excessive secrecy has actually harmed national security – harming individual Americans – in the above article about weakening computer security.

  9. There are legitimate secrets that must be kept

    Agree to disagree..

  10. The DHS, the same agency that assured us they have protected the election and it was the most secure and safest one in history was hacked. If they can’t tell they have been compromised how can they be trusted to assure those they are protecting are secure? Remember the smug and arrogant claim by Christopher Krebs? No one could breach the security he had in place and our election was the most secure in history.
    FireEye one of the premiere cyber security companies had the tools they use to hack their clients to test their vulnerabilities stolen in a sophisticated intrusion. Before them the NSA had their hacking tools stolen by a hacker which used their tools to cause a lot of damage and may have been what was used in this attack. You would think these people would learn to never allow these tools to be accessible even if it does cause some inconvenience.

  11. Good afternoon Mr Putin,
    The man you are looking at is Donald Trump, current Boss of the U.S. Kleptocracy who vowed to bring back laissez-faire plutocracy while also bringing back coathanger abortions, Comstock Sharia laws, rabidly repressionist prohibitionism and asset forfeiture while failing to bring the troops home from one single shith*le country. Your mission, and Jo’s, is to stop this madness by hacking their code. If you or your force are killed or captured, the KGB will disavow any knowledge of your actions.

    1. God I can’t wait until your retarded old worthless ass goes the way of Hihn. Sure hope you suffer a lot.

  12. several described it as among the most potentially worrisome cyberattacks in years, because it may have allowed Russia to access sensitive information from government agencies, defense contractors and other industries.

    Don’t forget this doozy.

    1. LALALALALALALALALALALA I CAN’T HEAR YOU LALALALALALALALALALALALALALALALALALALALALALALALA

      CHINA GOOD! MUH RUSSIA!!!!!!!!!!!!!!!!!!!!!!!!

  13. It is sad how dishonest Scott Shackford is. This article is so deceptive it really could have been written for the NYT or Wapo. Like any modern “journalist”, Shackford starts with a narrative and then embellishes the facts to fit the narrative. The result is then published, no matter how deceptive and misleading it is.

    Here are the facts. Whatever it was that happened to the Juniper Networks devices in question, it was not the result of a “backdoor” put in at the behest of the NSA that was then used by China. That is exactly what Shackford implies, and there is not a molecule of truth in it. It’s false. That Shackford links to a previous story of his containing the falsehood does not somehow make it true.

    Now it possible that some of the existing code that was used for the backdoor was also used by the hackers, perhaps saving them a little engineering effort. Perhaps they replaced a government backdoor public key with one of their own, who knows, there aren’t enough published details to be certain. However they did it, they exploited a typical 0-day vulnerability to make their changes, not a government backdoor.

    “…Others with malicious intent, be they criminals or foreign governments (or both), will figure out how to get through too…”

    This is a core claim, and evidently a religious belief of Shackford’s, repeated over and over again, and it’s false. There are technical details that are beyond the scope of this article about how public key cryptography works, but I can assure you the claims Shackford makes are 100% false.

    I oppose encryption backdoors for the government, but for more rational reasons of liberty and privacy, not some fraudulent claim about foreign hackers able to repurpose the backdoors for their own use. It’s enough to understand that out our own police forces who actually have the key to the backdoor *will abuse it* as soon as it becomes available and will never stop. Just like civil forfeiture, you cannot give LE tools that are ripe for abuse and just hope they’ll do the right thing.

    1. “It’s enough to understand that out our own police forces who actually have the key to the backdoor *will abuse it* as soon as it becomes available and will never stop.”

      Why wouldn’t their abuse include selling their access to malicious foreign governments or criminal enterprises, as you quote Shackford stating?

      1. A good question, considering the last 25 years of Clintonian Democratic foreign policy.

      2. The proposal to place encryption backdoors for law enforcement (FBI) is future tense. The alleged backdoors that Shackford alludes to in Juniper Networks appear to be by U.S. intel agencies. And if you follow the articles linked to carefully you can see that no claim has been made that access was given or sold to malicious foreign governments.

  14. yes

  15. Get $192 hourly from Google!…Yes this is Authentic since I just got my first payout of $24413 and this was just of a single week… I have also bought my Range Rover Velar right after this payout…It is really cool job I have ever had and you won’t forgive yourself if you do not check it http://www.Belifestyles.com/

  16. Make 6,000 dollar to 8,000 dollar A Month Online With No Prior Experience Or Skills Required. Be Your Own Boss And Choose Your Own Work Hours.Thanks A lot Here>>>Click here.

  17. MUH RUSHINS!!!!!!!!!!!

  18. You can enhance your luck by investing in digital currency. If you really don’t know about it then I personally suggest you read my blog Read More.

  19. Why is it that we click on the FLAG button on so many spams but the admins of this web site never do anything about it? Sounds like mismanagement to me.

Please to post comments

Comments are closed.