- US senators questioned the technology companies involved in last year’s cyber attack.
- SolarWinds, Microsoft, FireEye and CrowdStrike testified, while Amazon refused to attend.
- The Microsoft president said the evidence points to Russia, where officials suspect the attack originated.
- Visit the Insider Business section for more stories.
The US Senate questioned the chief executives of SolarWinds and other technology companies at a hearing on Tuesday after unknown attackers, who are suspected of having ties to Russia, infiltrated the company’s software last year, which committed thousands of organizations, including major federal agencies.
SolarWinds was followed up at the hearing by FireEye, the cybersecurity company that discovered the malware in December, as well as Microsoft, whose president, Brad Smith, was present in the process. CrowdStrike CEO George Kurtz also testified. His cybersecurity company was apparently able to ward off hackers.
During the hearing, Smith gave the strongest indication that the cyber attack originated in Russia, while Kurtz and FireEye CEO Kevin Mandia did not confirm or deny the attackers’ origins. But Mandia said the attack was consistent with Russian behavior.
Several senators noted that Amazon – specifically, its industry-leading Amazon Web Services cloud computing arm – was invited to attend the hearing, but declined the Senate invitation. Republican Senator Susan Collins of Maine said the company has an “obligation” to participate and that, if it does not go ahead, the committee “must look at the next steps.”
The cyber attack began in March and went undetected for months. SolarWinds told the Securities and Exchange Commission that about 18,000 of its 300,000 customers were the targets of the attack. High-level government data was left exposed – the Trump administration confirmed in December that hackers did indeed infiltrate major networks, including the United States Treasury and the Department of Commerce.
Read More: Why the impact of the unprecedented SolarWinds hack that hit federal agencies is ‘gigantic’ and could hurt thousands of companies, according to cybersecurity experts
The Fortune 500 companies – including Microsoft, AT&T and McDonald’s – were among SolarWinds’ vulnerable customer base. Microsoft said its products, including the Office 365 suite and the Azure cloud, were not used in the hack, but were targeted, with attackers running away with some of their source code. And FireEye researchers say hackers appear to be able to send emails and access calendars in Microsoft’s 365 package.
Read More: Microsoft said its software and tools were not used “in any way” in the attacks on SolarWinds. New findings suggest a more complicated role
The White House said it could respond to SolarWinds hacks in a matter of weeks, which could include sanctions against the Russian government.
Insider said Tuesday’s hearing was a pivotal moment in the relationship between the U.S. government and the world of cybersecurity, particularly in how the industry could help federal officials prevent attacks from nation states in the future.
The live blog is over. Below are some highlights from the three-hour audience.
Senator Mark Warner said the committee invited Amazon to attend the hearing, but the company declined
Democratic Senator Mark Warner of Virginia opened the hearing and noted that Amazon declined the Senate’s invitation to testify at Tuesday’s hearing. Republican Senator Marco Rubio of Florida also mentioned the company’s lack of participation and said: “It would be very useful in the future if they really did attend these hearings.” Amazon did not immediately respond to Insider’s request for comment.
Collins said that if the tech giant doesn’t decide to testify, the committee “must look at the next steps”. Republican Senator Ben Sasse of Nebraska and Warner also expressed concern about the company’s absence. The Senate committee is expected to upload additional documents in a few weeks.
Microsoft President Brad Smith said the full scope of the attack is still under development
In his opening statement, Smith said that we still didn’t know much about the extent of the cyber attack and that there must be a reform in the relationship between the cyber security arm of Silicon Valley and the federal government. He also said he believed Russia was behind the attack.
FireEye CEO Mandia used his initial statement to declare the attack “exceptionally difficult to detect” and later said it was a planned hack. “The question is where is the next one? And where are we going to find him?” Mandia said.
Smith says all evidence points to Russia
Smith said earlier that “at this stage, we have seen substantial evidence pointing to the Russian foreign embassy, and we have not seen any evidence pointing to someone else.” He said at the hearing that more than 80% of the entities targeted in the attack were non-governmental organizations.
Mandia and Kurtz, CEO of CrowdStrike, agreed that the attacker was a state actor. But none of the executives said who they thought was behind this. Mandia said his company analyzed the expertise and found that it was “more consistent with espionage and behavior that we saw outside Russia”.