AG Bill Barr says Russia IS behind massive hack

Attorney General Bill Barr said Monday that Russia was behind the massive hack of U.S. government computer systems, contradicting President Donald Trump’s suggestion that China could be involved.

Two days after Trump downplayed what intelligence experts have called the most devastating break in U.S. computer security in years, Barr said he agreed with Secretary of State Mike Pompeo’s attributing the hack to Moscow.

‘From the information I have, I agree with Secretary Pompeo’s assessment. It certainly appears to be the Russians,’ he said at a press conference, declining to add any details. 

Last week the Cybersecurity and Infrastructure Security Agency (CISA) said U.S. government agencies, critical infrastructure entities, and private sector organizations had been exposed in the months-long cyberattack, in which hackers broke through a widely used piece of security software created by the American company SolarWinds.

Officials are still combing their systems to see what kind of information could have been stolen – including possibly from American spy agencies – and whether they are still vulnerable.

While CISA did not identify the attackers, private security consultants, senior lawmakers briefed by intelligence officials, and Pompeo all pinned the blame on Russia.

Trump, who over four years has steadfastly avoided criticizing Moscow – particularly its alleged sweeping interference in the 2016 election on his behalf – on Friday again refused to finger Russia in the hacking case.

‘The Cyber Hack is far greater in the Fake News Media than in actuality,’ he tweeted, saying ‘everything is well under control.’

‘Russia, Russia, Russia is the priority chant when anything happens,’ he continued, adding that the media were, ‘for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!).’

Barr, who has been a crucial political ally of Trump, is to step down from his position this week, a month before Trump exits the White House on January 20 after his election loss last month to Democratic President-elect Joe Biden.

While as attorney general he has avoided contradicting Trump, on Monday he also rejected calls by the president and his allies to launch special prosecutor investigations of Biden’s son Hunter and of alleged fraud in the election.

Barr repeated what he said on December 12, that he saw no significant or systemic fraud that would affect the November election results.

Barr declined to comment more broadly on Trump’s efforts in courts and in public to overturn the election, including reports that the idea of declaring martial law had been floated by advisors during a White House meeting last week.

A SolarWinds security adviser warned of cybersecurity risks three years prior to the suspected Russian hack that infiltrated the government agencies – as it emerged that hackers had also gained access to major tech and accounting companies, the California hospital system and an Ohio university.  

The adviser, Ian Thornton-Trump, gave a PowerPoint presentation to three SolarWinds executives back in 2017 urging them to install a cybersecurity senior director because he thought a major breach was inevitable, Bloomberg reports.  

Thornton-Trump, who now works at threat intelligence firm Cyjax, said he resigned from SolarWinds a month after his presentation because he claimed the company wasn’t interested in making the changes he had suggested to improve cybersecurity. It was not immediately clear what changes he suggested. 

‘My belief is that from a security perspective, SolarWinds was an incredibly easy target to hack,’ Thornton-Trump said in an interview published Monday. 

‘There was a lack of security at the technical product level, and there was minimal security leadership at the top.’

SolarWinds is now at the center of a major global data breach that has infiltrated U.S. government agencies after suspected Russian hackers gained access to the Texas-based company’s common software product.  

The hack began as early as March this year when hackers snuck malicious code into recent versions of SolarWinds’ premier software product, Orion. 

SolarWinds have since revealed they have traced the hackers back to October 2019, which is five months before they executed the main breach. The hackers are believed to have tested their ability to insert malicious code into the company’s network management software on October 10, 2019. 

At least 24 organizations across the US installed the software that had been exploited by hackers, a Wall Street Journal analysis of internet records has found. 

Among those infected include: Tech companies Cisco Systems Inc., Intel Corp and Nvidia Corp; accounting firm Deloitte; software company VMware Inc; electronics maker Belkin International Inc; the California Department of State Hospitals; and Kent State University. 

This is in addition to the government agencies, including the State, Homeland Security, Commerce and Energy departments that were revealed last week to have been hacked.  

The list of victims from the devastating and long-undetected hack continues to grow as security teams scramble to investigate the scope of the sprawling cyber-espionage campaign and contain the damage.

The hack involved a common software product made by Texas-based SolarWinds Corp, which is used by hundreds of thousands of organizations, ranging from government agencies to Microsoft and the majority of Fortune 500 companies.  

As many as 18,000 SolarWinds customers – including the federal agencies and major companies – downloaded the infected software, the company said last week.

It is not yet clear if the hackers even accessed many of the companies or what they did inside the ones they did get inside. 

Much remains unknown, including the motive or ultimate target.