The American technology company at the center of the most significant cyber hack in recent history has hired the United States government’s head of cyber security, Chris Krebs, recently fired, to help it deal with the consequences.
SolarWinds, a Texas-based company whose software was exploited by alleged Russian hackers to spy on governments and businesses around the world, has appointed Krebs as an independent consultant.
Mr. Krebs was responsible for the US cybersecurity agency until November, when he was shot on Twitter by outgoing President Donald Trump for challenging his claims that the election was compromised by fraud.
He will work for SolarWinds to help coordinate the company’s response to the crisis, alongside his new business partner Alex Stamos, professor at Stanford University and former head of Facebook security. The pair told the Financial Times that it could take years for all compromised systems to be completely safe again.
Mr. Krebs said: “This has been a multi-year effort for one of the best and most sophisticated intelligence operations in the world.
“It was just a small part of a much larger plan that is highly sophisticated, so I was expecting more companies that were committed; more techniques that we haven’t found yet. . . I think there is much more to be written in this chapter of Russian cyber intelligence operations. “
Investigators are struggling to establish the full scale and scope of the ongoing campaign, with some experts suggesting that it could go on for years.
SolarWinds said in December that 18,000 of its customers may have been exposed to hackers, who hijacked one of its popular software products in March. Hackers are believed to have handpicked specific targets among the 18,000, posing as legitimate employees on their systems to access confidential information stored in the cloud.
The company was accused of not being sufficiently open about the scale or method of the attack – a criticism that Stamos tacitly acknowledged while praising FireEye, the cybersecurity company that was itself a victim.
“FireEye has been extremely transparent and it has worked very well for them. There has been less of it [from] the other companies involved, and that means things are leaking that may or may not be true, ”he said.
US intelligence officials said this week that they have identified “fewer than 10” federal agencies that have been compromised. So far, the trade, energy and justice departments have confirmed that they have been victims. The hackers also spied dozens of United States Treasury email accounts and accessed the systems used by some of the department’s top officials.
The electronic filing system used by federal courts has also been compromised, the US judiciary said on Thursday.
Last week, Microsoft said in a blog that the same hackers accessed part of its proprietary software’s internal source code, although they did not modify it or access any customer data.
Ejecting hackers from systems can be another battle. Stamos said the attackers are likely to have embedded hidden codes that would allow them to continue spying on agencies and companies for many years.
“The metaphor I use is the iron harvest, for Belgian and French farmers in the spring,” he said. “After the rains, they go to their fields and still find shells from the first and second world wars. This is how it will be for a while. “
While Trump downplayed the idea that Russian hackers are to blame and even pointed a finger at China, U.S. intelligence agencies said the perpetrators were “probably of Russian origin”.
Krebs added that there was “no doubt” in the intelligence community that Russia’s foreign intelligence service, the SVR, was responsible.
Some members of Congress have asked the US to retaliate against the perpetrator, but Krebs said that, as far as the attack was known so far, he falls under the category of espionage, a statement also made by US intelligence agencies.
“The US has signaled on the world stage, repeatedly, that this type of behavior is really OK, so I don’t expect the US to respond,” said Krebs.
But he added that any escalation by hackers must lead to a “dramatic” and “proportional” response from the U.S. government.