WASHINGTON – Almost a month after reports of a massive invasion of US government agencies and corporations surfaced, the Trump administration announced on Tuesday that it had formed a task force to deal with the repercussions of what it officially recognized – for the first time – it was probably an undermining Russian spy operation.
“This is a serious commitment that will require a sustained and dedicated effort to remedy,” said a joint statement from the FBI, the National Security Agency, the Office of the Director of National Intelligence and the Agency for Cybersecurity and Infrastructure.
The statement said “fewer than 10” federal agencies were compromised by “an intelligence gathering effort” that is “probably of Russian origin”.
The statement did not mention the agencies that were hacked, but NBC News said that among them are Treasury, Commerce, State and Energy.
The acknowledgment that the hack appeared to have been carried out by Russia – sources told NBC News that it was probably the SVR, the Russian equivalent of the CIA – came despite President Donald Trump doubting this discovery, saying last month that it could have been China .
The Trump administration is still working to understand the scope of the hack, the statement said, including information that was compromised.
“As a leading threat response agency, the FBI investigation is currently focused on four critical lines of effort: identifying victims, collecting evidence, analyzing evidence to determine additional assignments and sharing the results with our government and private sector partners” , says the statement said.
The hack was flagged by cybersecurity company FireEye, and it is not clear whether the government independently detected it. Last week, the software giant Microsoft acknowledged that it had also been breached and that attackers had seen part of the company’s source code, an alarming development. It is not clear how many other companies have been hacked, nor is it known what confidential government or corporate data has been stolen.
Officials said the Russians may have had access since March, and that it may take months or years to ensure that hackers have been kicked out of networks.
But while cyber breach is a serious threat to national security, experts say there is no evidence so far that it constitutes what is officially considered an “attack” or an “act of war”, despite the use of this language by members of the Congress and some corporate victims.
Tuesday’s government statement says that “at this point, we believe this has been, and continues to be, an intelligence gathering effort.” What has not been said is that the NSA and the CIA seek to break into foreign computer networks on a daily basis and that there are no international standards governing espionage.
“In terms of access to government networks, it is certainly something that our intelligence community would try to achieve,” said Michael Daniel, who was the cybersecurity czar in the Obama administration and now heads the Cyber Threat Alliance. However, he added, “I think operations on this scale can be a little unusual for us.”
At least one of the ways in which hackers breached networks was by hitching a ride on software updates from a company called SolarWinds, which relied on its customers for most government agencies and large corporations.
Cybersecurity expert Dmitri Alperovitch, head of the Silverado Policy Accelerator, told NBC News that what happened constitutes “a massive intelligence failure” because American spy agencies have not detected Russians on federal networks for months.
“It will really get in the way of the Biden government,” he said. “They need to assume that all of their e-mails are being read and that their networks are infiltrated by the Russians.”
The authorities say there is no evidence at the moment of breach of any classified network.
Daniels warned, however, that it is foolish to believe that the government can completely prevent successful breaches by Russian or Chinese intelligence agencies.
“You are talking about an opponent who is incredibly technically sophisticated and very patient,” he said. “Anyone who thinks that we are going to totally prevent the Russians from gaining any access to a US government network, never – that’s crazy.
Kevin Collier contributed.