Sample author name
Sample author description
The computer intrusion campaign that has been linked to Russia has hit multiple federal agencies and the private sector, raising concerns about the security of corporate secrets, government emails and other sensitive data. The Trump administration formally pointed the finger at Russia earlier this month after revelations surfaced in December that hackers had put malicious code into a tool published by SolarWinds, a software vendor used by countless government agencies and Fortune 500 businesses. As Biden officials assume responsibility for investigating the hack campaign, members of Congress, former federal officials and new evidence unearthed by Microsoft this week have added renewed urgency to the search for answers. "This SolarWinds massive breach concerns all of us, and frankly, is not that surprising, given what we have been finding, which is that the federal government is not well prepared to deal with these kinds of breaches," Sen. Rob Portman, Republican of Ohio, said at a hearing this week. In a letter Friday to congressional leaders, Kevin McAleenan, the former acting secretary of the Department of Homeland Security, said it is imperative that Biden's nominee to lead the department, Alejandro Mayorkas, be swiftly confirmed. The SolarWinds incident, McAleenan wrote, underscores "the growing need for a renewed focus on our nation's cybersecurity, and in particular the security of our supply chain. In the wake of the SolarWinds breach, DHS needs dedicated and confirmed leadership to work in concert with other government agencies to address this issue immediately — and to ensure we are prepared for potential future attempts." The day after Biden was sworn in, a congressional commission on cybersecurity sent a 15-point list of priorities and policy recommendations to the White House, including steps to prevent another government breach. And Microsoft's report on Wednesday further highlighted the sophistication of the attackers, estimating that they may have spent an entire month selecting their targets and developing custom code designed to stealthily compromise each victim. SolarWinds was just one mechanism that the adversary used to gain access to networks, an official from the Cybersecurity and Infrastructure Security Agency said to CNN, emphasizing that other techniques were used to gain access to networks and compromise information as part of long term "intelligence gathering effort." Amid growing pressure, the Biden administration is still trying to get up to speed. Efforts by Biden staffers to understand the full extent of the breach were hamstrung before taking office, according to one former senior Homeland Security official. "There is a concern that things could be worse," the former official told CNN. Meanwhile, there are indications that officials have only scratched the surface of the scope and scale, a source familiar with the probe said. Speaking to reporters Wednesday, White House press secretary Jen Psaki said the administration would "reserve the right to respond at a time and manner of our choosing to any cyberattack," but that staffers were only "just getting onto their computers." She declined to answer a question about whether Biden intended to raise the spying issue with Russian President Vladimir Putin. The computer break-ins will be one focus of a forthcoming presidential briefing by the intelligence community, Psaki added. When former President Donald Trump finally weighed in on the massive cyberattack in a pair of tweets in December, instead of condemning the attack -- or Russia -- he downplayed it, criticized the media and baselessly claimed it could have affected US voting machines. Biden appears willing to grapple with the espionage effort head-on. "President Biden seems to understand the urgency of this crisis in a way that President Trump did not," said Sen. Mark Warner of Virginia, the top Democrat on the Senate Intelligence Committee. "And in his first days, (he) is moving with fitting speed to investigate it, so that we can take steps to remediate its effects, respond appropriately to Russia, and best determine how to deter and prevent attempts of this kind in the future." But while there is little disagreement among US officials that the intrusion was severe, opinions about a potential response, and what that would look like, vary. A US official told CNN that the evidence currently suggests the hack still qualifies as a highly sophisticated foreign intelligence operation and falls short of an act of cyber warfare -- a nuanced distinction that will factor into any discussions about reasonable response options. But that said, there will almost certainly be a cost imposed for this activity, the official added, noting there is a price to be paid for getting caught, even if the attack technically falls within the lines of foreign espionage. "In all likelihood," the attack was cyber espionage, former Homeland Security acting Secretary Chad Wolf told CNN. At the time he left office earlier this month -- amid an abrupt resignation -- the attackers had not taken any action because of their access into these networks, he said. Gen. Keith Alexander, the former director of the National Security Agency, told CNN that Biden has a range of policy options available to him. "There are ways you can respond by indicting individuals and by diplomatic and economic measures, which they should do," Alexander said, "but any response in cyber in the physical space would probably develop into a bigger attack on us, and we're not prepared to defend against that. The nation is not ready for a cyber engagement of that kind." Alexander added that Congress must pass legislation to enable the public and private sectors to share threat information more easily, and to provide legal immunity to companies that share that data. Biden's response could also be complicated by a shortage of senior personnel. Biden's first confirmed Cabinet pick -- Avril Haines, the director of national intelligence -- acknowledged earlier this week she had not yet received a classified briefing on the hack, underscoring concerns that she and other top Biden officials may already be behind the eight ball due to a difficult transition process. Though she was sworn in Thursday and indicated that the hack was a top priority, other top intelligence and homeland security positions remain vacant. "I've never seen this level of vacancy. It's mind boggling, really challenges continuity," said a DHS official who pointed to CISA as an example of the Trump administration's leadership disarray. "We will have challenges in replacing some talent." Earlier this week, GOP Sen. Josh Hawley blocked quick consideration of Biden's Homeland Security nominee, leaving the third-largest federal department without confirmed leadership. CISA has been led by career official Brandon Wales since Trump fired Chris Krebs shortly after the election. Rob Silvers, a partner at the law firm Paul Hastings, is expected to be tapped to lead CISA in the Biden administration, according to a source familiar with the situation. He served as assistant secretary for cyber policy at DHS during the Obama administration, as well as in other senior roles at the department. Silvers did not respond to a request for comment. "The biggest problem is that you don't have a confirmed secretary," the former senior DHS official told CNN. "That really sets the tone and the trajectory of the ability to start getting things done." During his Senate confirmation hearing Tuesday, Mayorkas said he was intensely studying the SolarWinds attack as a private citizen. If confirmed, he promised to conduct a thorough review of two CISA cybersecurity programs -- Continuous Diagnostics and Mitigation (CDM) and EINSTEIN -- to understand if they are sufficient to stop a threat such as SolarWinds, and if not, to explore additional defenses for the federal government. Wales said CISA "actively engaged with the transition team," including providing 14 briefings focused on the ongoing cyber incident. "We're committed to seamlessly integrating new members of the Biden Administration into the Agency, while continuing aggressive efforts to understand and respond to this complex cyber campaign," he said in a statement to CNN Friday. Given the length of time that the adversary has had access to some networks, remediation -- both short term and long term rebuilding -- will be a protracted process, a CISA official told CNN. CISA already provided ideas to the Biden team to help evolve federal cybersecurity and overcome the challenges identified by the latest incident. Suggestions, the official said, include: funding for CISA to hunt for adversary activity on federal networks; the deployment of new sensors inside federal agencies to detect anomalous activity; and improvements to visibility of the cloud environment, like Office 365. Officials are also considering creating a civilian program akin to the Pentagon model that helps ensure third party partners are meeting cybersecurity standards, but that would be a longer term endeavor, the official said.
Plus: A security company creeper, Biden’s cyberteam, and the rest of this week’s security news. This week, Joe Biden was sworn in as the 46th president of the United States. To commemorate the outgoing Donald Trump's four years in office, we took a look at the most absurd, bizarre, or outright dangerous things Trump has said about cybersecurity. (At least he's not saying them on Facebook or Twitter anymore.) He's also not saying them on Parler, because no one has since the far-right platform got booted by Amazon Web Services. But! Remember how hackers downloaded every public post, image, and video from Parler right before it went down? A new site called Faces of the Riot has run that trove through some machine-learning and facial-recognition software to publish thousands of images of people who were at the Capitol Hill protests—and riots—on January 6. The project alarms privacy advocates, who say that it underscores the pervasive threat of facial recognition; the Faces of the Riot also doesn't distinguish between the insurrectionists who stormed the Capitol building and those who drew the line at protesting. In other Parler news, the platform has sputtered back to life, sort of. Well, OK, it's just a landing page. But it wouldn't have gotten even that far without the help of DDoS-Guard, a Russian cloud infrastructure company that also counts white supremacist site the Daily Stormer among its clients. All that data flowing through Russia has security professionals concerned; Parler says it hopes to find a US host, but the pickings are slim for a site of its size. The SolarWinds news keeps getting worse. Now that the tactics the hackers used post-infiltration have proven effective, researchers expect other groups to use them as well. And on top of its Russia woes, the US needs a new plan to beat China in AI, former secretary of defense Ash Carter argued in a WIRED interview. And there's more! Each week we round up all the news we didn’t cover in depth. Click on the headlines to read the full stories. And stay safe out there. The FTC Cracks Down on Bot-Happy Ticket Scalpers In 2016, Congress passed the Better Online Ticket Sales Act, intended to target the bots that flood sites and snatch up prime seats before everyday fans can. On Friday, the Federal Trade Commission took its first enforcement action under BOTS, hitting three New York-based ticket brokers with a collective $31 million in fines for allegedly using automated ticket-buying software, creating hundreds of fake Ticketmaster accounts, and more. Because they can't afford the fines, the three defendants will pay $3.7 million instead. Hopefully it's a sign that the FTC is going to take its enforcement role more seriously when it comes to bots and beyond. An ADT Employee Spied on Customers Through Their Security Cams A former technician for home security company ADT pleaded guilty this week to charges that he had illicitly accessed customer accounts 9,600 times over a four-year stretch, at times tapping into the home security cameras to spy on them. He got in by adding his personal email address to the online accounts of 220 Texas-area clients, allegedly targeting homes with women he found attractive. ADT first disclosed this issue in April of last year, but the guilty plea at least brings some closure to the victims. The company faces three ongoing civil cases related to the matter. The UK Handed Out Remote Learning Laptops Loaded With Malware Mistakes happen! In this case the UK's Department of Education distributed 23,000 computers to school children learning remotely, a well-intentioned gesture tainted only by the presence on some of those machines of Garamue, a remote-access worm. It's unclear exactly how many devices are affected, but schools have already taken extra precautions—in one case, reimaging the laptops—to make sure they don't accidentally hand out malware to their already beleaguered students. Biden Assembles His Cybersecurity Dream Team While cybersecurity suffered during the Trump administration, Joe Biden has already assembled by all accounts a highly competent team. The new administration has also created the position of deputy national security adviser for cyber and emerging technology, giving more weight to an increasingly critical area of focus. In addition to the return of a few Obama-era vets, Reuters reports that the smart money is on former NSA official Jen Easterly to assume another new role, national cyber director. The AI Defense Startup With Deep Government Ties The American Prospect this week profiled Rebellion Defense, an Eric Schmidt-backed startup founded by former members of the Pentagon's Defense Digital Service. It's worth a read for an in-depth look at how Schmidt has positioned himself in DC, and the shadowy AI firm that has reaped the benefits. More Great WIRED Stories 📩 Want the latest on tech, science, and more? Sign up for our newsletters! The plan to build a global network of floating power stations A 25-year-old bet comes due: Has tech destroyed society? What Hades can teach us about ancient Greek masculinity The SolarWinds hackers used tactics other groups will copy The best cheap phones for (almost) every budget 🎮 WIRED Games: Get the latest tips, reviews, and more 🎧 Things not sounding right? Check out our favorite wireless headphones, soundbars, and Bluetooth speakers
A version of this story appeared in CNN's What Matters newsletter. To get it in your inbox, sign up for free here. It's not just that the idea of working together is completely at odds with the division pushed during the past four years by President Donald Trump. It's that the two parties have been so focused on being at each other's throats for the past few decades that the idea of doing anything together is, at this point, just plain weird. The major legislative achievements of recent years -- tax cuts by Trump, health care and banking reform by President Barack Obama -- were all achieved by one party steamrolling the other. The pandemic, particularly early on, offered an exception to the rule, when lawmakers from both parties came together to throw resources at saving the economy as the country shut down to slow the spread of the virus. And even now, as Biden pushes for a new, $1.9 trillion relief package, there's some indication both parties could buy in. Trump's former top economist broadly supports what Biden's trying to do, he told CNN in an interview. But economists can broadly agree on lots of things. That rarely translates into Senate votes. And far from handing over the reins to Democrats, who have a hair's-breadth majority with Vice President Kamala Harris's tie-breaking vote, top Senate Republican leader Mitch McConnell is locked in a disagreement with Senate Majority Leader Chuck Schumer over how to keep the chamber running at all. That's why Republican senators are still running confirmation hearings even though Democrats are technically the majority party. Before unity, accountability There is also Trump's pending impeachment trial, his second, which is now scheduled to begin February 9. (Latest on that here.) The main problem for unity, as Peter Baker writes in the New York Times, is that it's rarely rewarded by voters: "Where politicians used to perceive a political reward for at least appearing bipartisan, today they perceive risk of being accused of selling out by the more fervent elements of their own party. Compromise is seen by many as a vice not a virtue." Beyond the simple optics -- do voters prefer someone fighting for their interest or compromising for results? -- there's also a general disagreement over what unity looks like. Is it passing legislation most people agree on? It's not entirely clear the additional relief checks Biden is pushing will actually help the people who most need it. CNN Business' Chris Isidore explains it all in this headline: Stimulus checks are a lousy way to fix the economy. Is it a partisan time out before a new beginning? The looming impeachment trial may not be the best way to achieve that, although the Trump-inspired insurrection demands it. Related: McConnell privately says he wants Trump gone as Republicans quietly lobby him to convict Certainly the political press is as confused by the concept as everyone else. Here's a roundup of opinion pieces I saw about "unity" on Friday. The single-word quotation marks are like stand-ins for cynical air quotes. Unity!? HA! Biden gets a cold dose of 'unity' (Politico) Forget 'unity': Biden's moralizing mantra is more likely to divide (New York Post) 'Unity' Is Not What America Needs Right Now (The Atlantic) Goofus and Gallant try unity and healing (The Washington Post) It's not all cynics out there. New York Times columnist David Brooks, who I think is still considers himself conservative, is all about it. "I was shocked by how moved I was by the Biden inaugural," Brooks wrote. "We've been through an emotional hailstorm over four years. Suddenly the sky has cleared. It's possible America may emerge from this trauma more transformed than we can imagine.
The House will send the article of impeachment to the Senate on Monday. That would typically trigger a process for a trial to start the next day, but Senate Majority Leader Chuck Schumer announced Friday evening that instead the trial will begin the week of February 8. "Once the briefs are drafted, presentation by the parties will commence the week of February the 8th," Schumer said on the Senate floor, adding, "The January 6th insurrection at the Capitol incited by Donald J. Trump was a day none of us will ever forget." Democrats and Republicans both had incentives to push back trial There were incentives on both sides to push back the start of the trial. Biden suggested earlier in the day on Friday that it could be helpful to his administration to have more time prior to the start of a trial. "The more time we have to get up and running and meet these crises, the better," he said. McConnell, meanwhile, has proposed that the Senate give Trump's legal team two weeks to prepare for a trial once the Senate receives the article and delay its start until mid-February. A later start date will mean more time for Democrats to confirm Cabinet officials and will allow more time for preparations for the former President's legal defense. Republicans signal acquittal likely A number of Republicans have been sharply critical about the proceedings -- and have already made clear that they see virtually no chance that at least 17 Republicans would join with 50 Democrats to convict Trump and also bar him from ever running from office again. "I don't know what the vote will be but I think the chance of two-thirds is nil," said Sen. John Cornyn, a Texas Republican and member of his party's leadership who called the Democratic push to begin the trial "vindictive." The GOP arguments are now coming into sharper focus, claiming the proceedings are unconstitutional to try a former President and contending that the trial is moving on too short of a time frame to give due process to Trump, claims that Democrats resoundingly reject. Those arguments, Republicans believe, will allow them a way out of convicting Trump without endorsing his conduct in the run up to the deadly mob that ransacked the Capitol on January 6. McConnell is likely to land in the same spot as much of his conference, GOP senators believe, although the Republican leader has said he would listen to the arguments first before deciding how to vote. What we know about Trump's legal team It's not yet clear exactly what defense will be presented on the former President's behalf, but it appears Trump now has at least one lawyer for the trial. Trump's campaign spokesman, Jason Miller, confirmed on Twitter on Thursday that South Carolina lawyer Butch Bowers will represent Trump at his impeachment trial. "Excited to announce that Columbia, SC-based Butch Bowers has joined President Trump's legal team. Butch is well respected by both Republicans and Democrats and will do an excellent job defending President Trump," Miller tweeted. Sen. Lindsey Graham, a South Carolina Republican and ally of the former President, told reporters that he would urge Trump's legal team to "focus on the unconstitutional argument" that a former president cannot be convicted by the Senate. "They didn't present any evidence in the House, so I don't know if you can present evidence in the Senate that you didn't present -- I guess you could -- but we'll make our own decisions about did the President go too far, was this incitement under the law, what's the right outcome there? So it should be a quick trial really, quite frankly," Graham said. Is it constitutional to impeach a former president? Given the limited language in the Constitution on impeachment, legal experts disagree about whether the Senate can convict a former president. However, with Democrats holding slim control of the Senate, there's no reason to think the trial won't go forward. But Democrats have pointed to legal scholars on both ends of the political spectrum who say a trial is constitutional. Legal analysts say there's precedent for a Senate impeachment trial of a former official, as the Senate tried Secretary of War William Belknap in 1876 after he resigned just before the House voted to impeach him. A January 15 Congressional Research Service report notes that while the Constitution "does not directly address" the issue, most scholars have concluded that Congress does have the authority to impeach and convict a former President. CNN's Manu Raju, Jeremy Herb, Ted Barrett, Nikki Carvajal, Holmes Lybrand and Ali Zaslav contributed to this report.
To be updated with all the latest news, offers and special announcements.