Sign in Subscribe
12 min read Crime

The Russians are here

How did Moscow pull off the biggest hack ever into the U.S. government? Dmitri Alperovitch on how a new way of doing old business from the Kremlin has exposed major weaknesses in American cyber defenses.
Dmitri Alperovitch, Michael Bluhm
The Russians are here

The United States government is still uncovering the extent of Russia’s unprecedented hacking of nine government agencies and dozens of private-sector organizations, according to a report last week by the Associated Press. About nine months ago, Russia’s foreign intelligence service, the SVR, hacked into the email accounts of the secretary of homeland security and top officials at that department, as well as high-ranking officials at the departments of Energy, State, the Treasury, and others. A private cybersecurity firm, FireEye, discovered only four months ago that Russian spies had done this through software—widely used throughout the public and private sectors—provided by a vendor called SolarWinds. The cybersecurity firm then tipped off the government, which is still investigating the operation. How did this happen, and what does it mean?

Dmitri Alperovitch is the co-founder and chairman of Silverado Policy Accelerator, a nonprofit working on geopolitical cybersecurity; the co-founder of the cybersecurity firm CrowdStrike; and the author of World on the Brink: How America Can Beat China in the Race for the Twenty-First Century. Alperovitch says the SolarWinds hack is the most expansive breach of national security through online espionage in U.S. history. But the Russians didn’t destroy or even damage any data or documents; this is just traditional intelligence gathering extended to the digital domain. But the breadth and the duration of the hack should move the U.S. government finally to enhance its weak cyber defenses—and rethink its approach to cybersecurity as a whole …

Michael Bluhm: How significant is the SolarWinds hack?

Dmitri Alperovitch: This is unquestionably the most devastating breach of U.S. national security through cyber means that we’ve ever had.

That is the case for two reasons. One is the number of agencies that have been compromised. Department of Energy, DHS, Treasury Department, State Department—we have almost a dozen agencies that we know about that have been compromised.

This post is for paying subscribers only


Recommendations

21
Jul
Just a shot away

Just a shot away

Why the spread of major crime within the U.S. Special Forces? Seth Harp on a dark legacy of America’s war on terror.
12 min read
09
Jul
Going west

Going west

Why are so many companies moving to America from Europe? Philippe Aghion on the Continent’s failure to build a competitive innovation ecosystem.
9 min read
30
Jun
Continental

Continental

How has Europe become the destination for so much dirty money—and what are European states doing about it? Tena Prelec on why it is so hard to root out grand corruption.
11 min read
09
Jun
Red sea

Red sea

Why is China building so many ships? Brian Hart on its plan to turn overwhelming commercial advantage into military power.
9 min read
30
May
House money

House money

Why are countries around the world developing virtual legal tenders? Roger Huang on the origins, implementation, and implications of central bank digital currencies.
8 min read