- US senators questioned the tech companies involved in last year’s cyber attack.
- SolarWinds, Microsoft, FireEye, and CrowdStrike testified, while Amazon declined to attend.
- The Microsoft chairman said the evidence points to Russia, where officials suspect the attack originated.
- Visit the Insider Business section for more stories.
The United States Senate questioned the CEOs of SolarWinds and other technology firms in a hearing Tuesday after unknown attackers, suspected of having ties to Russia, infiltrated the company’s software last year, which it engaged thousands of organizations, including major federal agencies.
SolarWinds was joined at the hearing by FireEye, the cybersecurity firm that discovered the malware in December, as well as Microsoft, whose president, Brad Smith, was present at the proceedings. CrowdStrike CEO George Kurtz also testified. Apparently your cybersecurity company was able to avoid hackers.
During the hearing, Smith gave the strongest indication that the cyber attack originated in Russia, while Kurtz and FireEye CEO Kevin Mandia did not confirm or deny the origins of the attackers. But Mandia said the attack was consistent with Russian behavior.
Several senators noted that Amazon, specifically its market-leading cloud computing arm Amazon Web Services, was asked to also attend the hearing, but declined the Senate’s invitation. Republican Sen. Susan Collins of Maine said the company had an “obligation” to participate and that if it did not move forward, the committee “should consider next steps.”
The cyber attack started in March and went undetected for months. SolarWinds told the Securities and Exchange Commission that about 18,000 of its 300,000 clients were the target of the attack. High-level government data was exposed: The Trump administration confirmed in December that hackers had infiltrated key networks, including the US Treasury and the Commerce Department.
Read more: Why the Impact of the Unprecedented SolarWinds Hack to Federal Agencies Is ‘Gigantic’ and Could Hurt Thousands of Businesses, According to Cybersecurity Experts
Fortune 500 companies, including Microsoft, AT&T, and McDonald’s, were among SolarWinds’ vulnerable customer base. Microsoft has said that its products, including its Office 365 suite and Azure cloud, were not used in the hack, but were attacked, and some of its source code was taken by attackers. And FireEye researchers say that hackers seem to be able to send emails and access calendars in Microsoft’s 365 suite.
Read more: Microsoft said its software and tools were not used “in any way” in the SolarWinds attacks. The new findings suggest a more complicated role
The White House has said it could respond to the SolarWinds attacks in a matter of weeks, which could include sanctions against the Russian government.
Insider reported that Tuesday’s hearing was a pivotal moment in the relationship between the U.S. government and the cybersecurity world – that is, how the industry could help federal officials prevent nation-state attacks on the future.
The live blog is over. Below are some highlights from the three-hour audience.
Senator Mark Warner said the committee invited Amazon to attend the hearing, but the company refused.
Democratic Sen. Mark Warner of Virginia opened the hearing, noting that Amazon declined the Senate’s invitation to testify at Tuesday’s hearing. Republican Sen. Marco Rubio of Florida also addressed the company’s lack of involvement, saying, “It would be helpful in the future if you actually attended these hearings.” Amazon did not immediately respond to Insider’s request for comment.
Collins said that if the tech giant doesn’t decide to testify, the committee “should look at the next steps.” Republican Senator Ben Sasse of Nebraska and Warner also expressed concern about the company’s absence. The Senate committee is expected to upload additional documents in a few weeks.
Microsoft president Brad Smith said the full scope of the attack was still unfolding.
In his opening statement, Smith said that there was still much that we did not know about the scope of the cyber attack and that there must be reform in the relationship between Silicon Valley’s cybersecurity arm and the federal government. He also said that he believed Russia was behind the attack.
Mandia, CEO of FireEye, used his opening statement to declare that the attack was “exceptionally difficult to detect” and later said it was a planned stunt. “The question is where is the next one? And where will we find it?” Mandia said.
Smith says all the evidence points to Russia
Smith previously said that “at this stage we have seen substantial evidence pointing to the Russian foreign embassy, and we have not seen evidence pointing to anyone else.” He said at the hearing that more than 80% of the entities attacked in the attack were non-governmental organizations.
Mandia and Kurtz, CEO of CrowdStrike, agreed that the attacker was a nation-state actor. But none of the executives said who they believed was behind this. Mandia said his company analyzed the forensic analysis and found it to be “more consistent with the espionage and behavior that we have seen outside of Russia.”