The Same U.S. Government That Wants To Weaken Our Encryption Just Got Massively Hacked

Let's not weaken cybersecurity even more.

Scott Shackford | 12.14.2020 2:50 PM

(Wrightstudio / Dreamstime.com)

The U.S. Treasury and Commerce departments, along with untold numbers of government and corporate computer networks, have been breached in what may be an espionage attempt by the Russian government. (The Russians are, of course, denying responsibility.)

The avenue was reportedly a malicious software update pushed through SolarWinds Inc., an Austin-based network management company that counts both the federal government and hundreds of major U.S. companies among its clients. Essentially, the hackers slipped some malicious code into a software update; if you were on the infected networks that installed the update, this gave the hackers backdoor access to your data.

The infiltration apparently began in the spring but was not announced until this past weekend. SolarWinds reports that as many as 18,000 customers may have downloaded the infected update.

The Wall Street Journal reports that this infiltration may be above and beyond the usual cyberespionage:

While those familiar with the hack couldn't precisely specify its scope or the resulting damage to the U.S. government, several described it as among the most potentially worrisome cyberattacks in years, because it may have allowed Russia to access sensitive information from government agencies, defense contractors and other industries. One person familiar with the matter said the campaign was a "10" on a scale of one to 10, in terms of its likely severity and national-security implications.

Last week FireEye, a California-based cybersecurity firm, also reported a sophisticated hack that compromised its tools, which it attributed to a foreign government.

It's worthwhile to consider these developments in the light of law enforcement's efforts to weaken encryption protections. When officials insist that individuals should not have access to strong encryption unless the government can bypass those protections and access our data, they don't acknowledge that police won't be the only ones exploiting those back doors. Others with malicious intent, be they criminals or foreign governments (or both), will figure out how to get through too. It has happened before to our own very own government, as another country, possibly China, figured out how to access a cybersecurity bypass that had been installed for the National Security Agency.

In this latest incident, the extent of which we still don't know, the hackers had to create their own back door. So even cybersecurity that hasn't been undermined by statute isn't going to be perfect protection. But weaker security certainly isn't the answer. These back doors are bad. Whenever any senator or FBI director or police chief demands the power to bypass encryption, he or she should be reminded of this potentially dangerous breach.

Start your day with Reason. Get a daily brief of the most important stories and trends every weekday morning when you subscribe to Reason Roundup.

NEXT: Just 1.3% of NYC COVID Cases Are Coming From Restaurants. Why Has Cuomo Banned Indoor Dining?

Hide Comments (36)

Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.

Nardz 4 years ago

But election software was totes secure...
1. John el Galto 4 years ago
  
  It was secure. I know because twitter told me so.
  1. TammieGonzales 4 years ago
    
    JOIN PART TIME JOBS
    Google pays for every Person every hour online working from home job. I have received $23K in this month easily and I earns every weeks $5K to 8$K on the internet. Awe Every Person join this working easily by just just open this website and follow instructions
    COPY This Website OPEN HERE..... Visit Here
OpenBordersLiberal-tarian 4 years ago

"an espionage attempt by the Russian government"

Predictable. Even with the amazingly brilliant and legendarily tech-savvy Barack Obama as President, Russia still managed to hack the 2016 election. No surprise they're still carrying out acts of war with Putin's Puppet in office.

Of course this all ends when Joe Biden brings his decades of foreign policy wisdom into the White House. He'll confront Russia — with military force, if necessary.

#LibertariansForGettingToughWithRussia
1. Daisy Garcia 4 years ago
  
  I have received $17634 last month from home by working online in my part time. I am a full time student and doing this easy home based work for 3 to 4 hours a day. This job is very simple to do and its regular earnings are much better than any other qwe office type work. See detail here………… USA ONLINE JOBS
sarcasmic 4 years ago

Are these the same hackers who got Trump elected? Because he clearly didn't win on his own. There had to be some cheating going on.

Or did they hack the ballot machines to get Biden elected? Because he clearly didn't win on his own. There had to be some cheating going on.
1. chemjeff radical individualist 4 years ago
  
  If they're gonna hack ballot machines, why can't they get Kanye West elected instead?
  1. Sometimes Bad Is Bad 4 years ago
    
    He wore a maga hat once and to a smelly liberal like you that’s like wearing the American flag covered with a kkk hood and swastikas. Of course that isn’t really true but you like all libs don’t live in reality just a fucking fantasy land of drugs and open borders.
    1. Hank Phillips 4 years ago
      
      I used to be a pathetic wretch too, but I just made $30,000 last week selling Dr D.J. Trump's Butt-Hurt Salve to Republican Lewsers screeching "we wuz robbed" by LIBrlz and LIBrtareens in a RIGGED elecshun. Since life begins at erection, this is the moral equivalent of delibrut drug trafficker holocausting of unpersons not yet coercible under the 14th Amendmint. Pleez buy a tin now or I'll set this 'Murrican flag on fire and increase CO2.
      1. Nancy Kozikowski 4 years ago
        
        I used to be a pathetic wretch too
        
        But then you became a retarded pathetic wretch. Huge improvement. Thank Christ for Medicare!
2. Brandybuck 4 years ago
  
  It's getting hard to keep Hillary and Donald separate. Like twins separated at birth.
  1. sarcasmic 4 years ago
    
    creepy
  2. Nancy Kozikowski 4 years ago
    
    Nah, it's easy to tell. Hillary the one whose ass your head has been planted in for 4 years of mewling like a little bitch about MUH RUSHINS!!!!!!!!
Unicorn Abattoir 4 years ago

Hacking all over the place. We're going to need more lockdowns.
I, Woodchipper 4 years ago

These back doors are bad. Whenever any senator or FBI director or police chief demands the power to bypass encryption, he or she should be reminded of this potentially dangerous breach.

The "dangerous breach" is that the government will have the access to your data.
JesseAz 4 years ago

Thank god nothing happened during the election at all. The most pure and clean election of all time. Who knew government could have failure points!
COINTELPRO 4 years ago

There are legitimate secrets that must be kept but “excessive” secrecy - that harms national security is an abuse of power. Secrecy used to hide fraud, waste, abuse or violate the constitutional oath of office should be known to the voters.

Americans (or at minimum Judicial Branch judges) should be receiving accurate and summarized reporting that tell the voters/judges if a particular program or tactic is constitutional, effective and the degree of mission-creep. Executive Branch agencies could release bottom-line statistics that reveal no names, places or specific programs.

For example: using post-9/11 authorities, how many “terrorism-searches” resulted in how many “terrorism-convictions” at state-operated “Fusion Centers”? How much did each conviction cost and did it violate the Fourth Amendment? Were these authorities used for real terrorism cases or regular crimes? Reminder: the U.S. Constitution is a wartime charter and there is no terrorism-exemption to following this wartime charter.

Good intentions don’t make it legal or constitutional. Voters and Judicial Branch judges should know these facts. It appears excessive secrecy has actually harmed national security - harming individual Americans - in the above article about weakening computer security.
I, Woodchipper 4 years ago

There are legitimate secrets that must be kept

Agree to disagree..
dan1650 4 years ago

The DHS, the same agency that assured us they have protected the election and it was the most secure and safest one in history was hacked. If they can't tell they have been compromised how can they be trusted to assure those they are protecting are secure? Remember the smug and arrogant claim by Christopher Krebs? No one could breach the security he had in place and our election was the most secure in history.
FireEye one of the premiere cyber security companies had the tools they use to hack their clients to test their vulnerabilities stolen in a sophisticated intrusion. Before them the NSA had their hacking tools stolen by a hacker which used their tools to cause a lot of damage and may have been what was used in this attack. You would think these people would learn to never allow these tools to be accessible even if it does cause some inconvenience.
Hank Phillips 4 years ago

Good afternoon Mr Putin,
The man you are looking at is Donald Trump, current Boss of the U.S. Kleptocracy who vowed to bring back laissez-faire plutocracy while also bringing back coathanger abortions, Comstock Sharia laws, rabidly repressionist prohibitionism and asset forfeiture while failing to bring the troops home from one single shith*le country. Your mission, and Jo's, is to stop this madness by hacking their code. If you or your force are killed or captured, the KGB will disavow any knowledge of your actions.
1. Nancy Kozikowski 4 years ago
  
  God I can't wait until your retarded old worthless ass goes the way of Hihn. Sure hope you suffer a lot.
Rich 4 years ago

several described it as among the most potentially worrisome cyberattacks in years, because it may have allowed Russia to access sensitive information from government agencies, defense contractors and other industries.

Don't forget this doozy.
1. Nancy Kozikowski 4 years ago
  
  LALALALALALALALALALALA I CAN'T HEAR YOU LALALALALALALALALALALALALALALALALALALALALALALALA
  
  CHINA GOOD! MUH RUSSIA!!!!!!!!!!!!!!!!!!!!!!!!
James K. Polk 4 years ago

It is sad how dishonest Scott Shackford is. This article is so deceptive it really could have been written for the NYT or Wapo. Like any modern "journalist", Shackford starts with a narrative and then embellishes the facts to fit the narrative. The result is then published, no matter how deceptive and misleading it is.

Here are the facts. Whatever it was that happened to the Juniper Networks devices in question, it was not the result of a "backdoor" put in at the behest of the NSA that was then used by China. That is exactly what Shackford implies, and there is not a molecule of truth in it. It's false. That Shackford links to a previous story of his containing the falsehood does not somehow make it true.

Now it possible that some of the existing code that was used for the backdoor was also used by the hackers, perhaps saving them a little engineering effort. Perhaps they replaced a government backdoor public key with one of their own, who knows, there aren't enough published details to be certain. However they did it, they exploited a typical 0-day vulnerability to make their changes, not a government backdoor.

"...Others with malicious intent, be they criminals or foreign governments (or both), will figure out how to get through too..."

This is a core claim, and evidently a religious belief of Shackford's, repeated over and over again, and it's false. There are technical details that are beyond the scope of this article about how public key cryptography works, but I can assure you the claims Shackford makes are 100% false.

I oppose encryption backdoors for the government, but for more rational reasons of liberty and privacy, not some fraudulent claim about foreign hackers able to repurpose the backdoors for their own use. It's enough to understand that out our own police forces who actually have the key to the backdoor *will abuse it* as soon as it becomes available and will never stop. Just like civil forfeiture, you cannot give LE tools that are ripe for abuse and just hope they'll do the right thing.
1. mtrueman 4 years ago
  
  "It’s enough to understand that out our own police forces who actually have the key to the backdoor *will abuse it* as soon as it becomes available and will never stop."
  
  Why wouldn't their abuse include selling their access to malicious foreign governments or criminal enterprises, as you quote Shackford stating?
  1. Red Rocks White Privilege 4 years ago
    
    A good question, considering the last 25 years of Clintonian Democratic foreign policy.
  2. James K. Polk 4 years ago
    
    The proposal to place encryption backdoors for law enforcement (FBI) is future tense. The alleged backdoors that Shackford alludes to in Juniper Networks appear to be by U.S. intel agencies. And if you follow the articles linked to carefully you can see that no claim has been made that access was given or sold to malicious foreign governments.
KimberlyMLively 4 years ago

yes
KimberlyMLively 4 years ago

Get $192 hourly from Google!…Yes this is Authentic since I just got my first payout of $24413 and this was just of a single week… I have also bought my Range Rover Velar right after this payout…It is really cool job I have ever had and you won’t forgive yourself if you do not check it http://www.Belifestyles.com/
Julie_roberts 4 years ago

Make 6,000 dollar to 8,000 dollar A Month Online With No Prior Experience Or Skills Required. Be Your Own Boss And Choose Your Own Work Hours.Thanks A lot Here>>>Click here.
Nancy Kozikowski 4 years ago

MUH RUSHINS!!!!!!!!!!!
gevocod767 4 years ago

You can enhance your luck by investing in digital currency. If you really don’t know about it then I personally suggest you read my blog Read More.
anorlunda 4 years ago

Why is it that we click on the FLAG button on so many spams but the admins of this web site never do anything about it? Sounds like mismanagement to me.
niditi3769 4 years ago

The Centers for Disease Control Protecting health care workers makes sense since we want to make sure that our hospitals and physicians' offices remain adequately staffed as the winter surge of COVID-19 infections and hospitalizations rises.............USA MORE INFORMATION.
Jo Miller 4 years ago

[ PART TIME JOB FOR USA ] Making money online more than 15$ just by doing simple work from home. I have received $18376 last month. Its an easy and simple job to do and its earnings are muchs better than regular office job and even a little child can do this and earns money. Everybody must try this job by just use the info
on this page.....work92/7 online
kiriva 4 years ago

Get $192 hourly from Google!…Yes this is Authentic since I just got my first payout of $24413 and this was just of a single week…MGb I have also bought my Range Rover Velar right after this payout…It is really cool job I have ever had and you won’t forgive yourself if you do not check it....

===========★ Home Profit System

Please log in to post comments

The Same U.S. Government That Wants To Weaken Our Encryption Just Got Massively Hacked

Let's not weaken cybersecurity even more.

Latest

Marco Rubio Says He's Revoked 300 Student Visas Over Campus Activism

Pam Bondi Aims To Revive a Moribund Legal Process for Restoring Gun Rights

Trump Is Sabotaging His 'Drill, Baby, Drill' Agenda

How Backpage Became MILFS.com

The 'Meritocracy' Lie

Recommended

Login Form