US cyber-attack: Russia 'clearly' behind SolarWinds operation, says Pompeo

Getty Images US Secretary of State Mike Pompeo at a press conference at the State Department in Washington, 21 October 2020Getty Images
Mike Pompeo said investigators were still "unpacking precisely what [the cyber-attack] is"

US Secretary of State Mike Pompeo has blamed Russia for what is being described as the worst-ever cyber espionage attack on the US government.

"We can say pretty clearly that it was the Russians that engaged in this activity," Mr Pompeo said on Friday.

President Trump downplayed the attack's severity - saying it was "under control" - and cast doubt on Russia's role, hinting at Chinese involvement.

The hack, targeting software made by US firm SolarWinds, was found last week.

However, it had been going on for months. Russia has denied any involvement in the attack.

Among the US agencies targeted was the office that manages nuclear weapons.

That government organisation, the US energy department, said however that the arsenal's security had not been compromised.

Several other organisations around the world, including in the UK, are understood to have been targeted by hackers using the same network management software.

Researchers, who have named the hack Sunburst, say it could take years to fully comprehend what is one of the biggest ever cyber-attacks.

What did Pompeo say about the cyber-attack?

In a radio interview with US talk show host Mark Levin on Friday, Mr Pompeo said he believed that Russia had, over a period of months, penetrated several US government agencies and private companies, along with other companies and governments around the world.

He said there was "a significant effort to use a piece of third-party software to essentially embed code inside US government systems".

Along with the US energy department, federal agencies targeted by what has been described as a sophisticated cyber espionage operation include the Treasury and departments of homeland security, state, defence and commerce.

Mr Pompeo said that US investigators looking into the attack were still "unpacking precisely what it is", and that much of the information would likely remain classified.

He said that Russia was trying to "undermine our way of life", adding that Russian President "Vladimir Putin remains a real risk".

What has been the president's reaction?

In two tweets on Saturday, Mr Trump again turned on what he labels the "fake news media" for exaggerating the matter.

Reuters Donald TrumpReuters
Donald Trump and Mike Pompeo have not always had identical views on Russia

He wrote: "The Cyber Hack is far greater in the Fake News Media than in actuality.

"I have been fully briefed and everything is well under control. Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!)."

He did not mention his own secretary of state's comments and supplied no evidence on any Chinese involvement.

Mr Pompeo has taken a strong line against Russia before. In his time as secretary of state, the US has pulled out of a key nuclear treaty and the Open Skies Treaty on aerial surveillance flights.

But the president has been far more ambivalent towards Moscow, downplaying such incidents as allegations that Russia offered the Taliban bounties to kill US troops - something Mr Pompeo had issued Moscow a stern warning about.

President-elect Joe Biden, who is due to be sworn in on 20 January, has vowed to make cyber-security a "top priority" of his administration.

"We need to disrupt and deter our adversaries from undertaking significant cyber-attacks in the first place," he said on Thursday.

"We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in co-ordination with our allies and partners."

What do we know about the hacking campaign?

Hackers managed to gain access to major organisations by compromising network management software developed by Texas-based IT company SolarWinds.

The access could have allowed the hackers to take a high degree of control over the networks of organisations using that software, but appears to have been used to steal data rather than for any disruptive or destructive impact.

It is thought that those behind the operation targeted a narrow set of organisations in an attempt to steal national-security, defence and other related information.

However, while software may have been downloaded, that does not necessarily mean data was taken.

SolarWinds Orion, the computer network tool at the source of the breach, earlier said that 18,000 of its 300,000 customers might have been affected, but there is no indication that significant theft of customer or citizen data was an aim of the cyber-attack.

Investigators have said the months-long operation through SolarWinds could have been launched before March this year.

line

You might also be interested in:

Experts have been warning for years that it's not a matter of if, but when, hackers will kill somebody