WASHINGTON — Nearly a month after reports emerged of a massive hack of U.S. government agencies and corporations, the Trump administration announced Tuesday that it had formed a task force to deal with the repercussions of what it officially acknowledged — for the first time — was likely a damaging Russian espionage operation.
"This is a serious compromise that will require a sustained and dedicated effort to remediate," said a joint statement from the FBI, the National Security Agency, the Office of the Director of National Intelligence and the Cybersecurity and Infrastructure Security Agency.
The statement said "fewer than 10" federal agencies had been compromised by "an intelligence gathering effort" that is "likely Russian in origin."
The statement did not name the agencies that have been hacked, but NBC News has reported that among them are the Treasury, Commerce, State and Energy departments.
The acknowledgment that the hack appeared to have been carried out by Russia — sources have said it was likely the SVR, Russia's equivalent of the CIA — is at odds with the doubt President Donald Trump has cast on the finding; he said last month that the culprit could have been China.
The Trump administration is still working to understand the scope of the hack, the statement said, including what information was compromised.
"As the lead agency for threat response, the FBI's investigation is presently focused on four critical lines of effort: identifying victims, collecting evidence, analyzing the evidence to determine further attribution, and sharing results with our government and private sector partners," the statement said.
The hack was first flagged by the cybersecurity company FireEye, and it is not clear that the government independently detected it. Last week, software giant Microsoft acknowledged that it, too, had been breached and that the attackers had viewed some of the company's source code, an alarming development. It is not clear how many other corporations were hacked, nor is it known what sensitive government or corporate data was stolen.
Officials have said the Russians may have had access since as early as March and that it may take months or years to ensure that the hackers have been expelled from the networks.
But while the cyber breach is a serious national security threat, experts say there is no evidence thus far that it constitutes what is officially regarded as an "attack" or an "act of war," despite the use of such language by members of Congress and some corporate victims.
Tuesday's government statement said that "at this time, we believe this was, and continues to be, an intelligence gathering effort." Left unsaid is that the NSA and the CIA seek to break into foreign computer networks on a daily basis and that no international norms govern espionage.
"In terms of gaining access to government networks, it is certainly something that our intelligence community would try to gain," said Michael Daniel, who was the cybersecurity czar in the Obama administration and now heads the Cyber Threat Alliance. However, he added, "I think operations on this scale might be a little unusual for us."
Related
At least one way the hackers breached networks was by piggybacking on software updates by a company called SolarWinds, which counted major corporations and most government agencies among its customers.
Cybersecurity expert Dmitri Alperovitch, head of the Silverado Policy Accelerator, said that what happened constitutes "a massive intelligence failure," because the American spy agencies did not detect the Russians in federal networks for months.
"This is really going to hinder the Biden administration," he said. "They have to assume that all their emails are being read and their networks are infiltrated by the Russians."
Officials say there is no evidence thus far that any classified networks were breached.
Daniels warned, however, that it is foolish to believe the government can completely stop breaches by Russian or Chinese intelligence agencies.
"You're talking about an adversary that is incredibly technically sophisticated and very patient," he said. "Anybody that thinks we are going to totally prevent the Russians from being able to gain any access to a U.S. government network, ever — that's crazy."
In a statement, Rep. Adam Schiff, D-Calif., chair of the Intelligence Committee, said: "Russia has long been an aggressive and malign actor in cyberspace, and this operation demonstrates their continued determination and capability to attack our networks and undermine our national security, just as they attacked our democracy in 2016.
"It's clear from the scale of this compromise that we have a lot of work to do to harden our defenses. ... There is likely much more to learn, and this is only the beginning of this necessary work."
