Veterans Affairs officials briefed on SolarWinds hack


VA Secretary Robert Wilkie testifies during a hearing before a House Appropriations Subcommittee in Washington, DC on March 27, 2019.

VA Secretary Robert Wilkie testifies during a hearing before a House Appropriations Subcommittee on March 27, 2019 in Washington, DC.
Photo: Alex wong (Getty Images)

Senior officials of the Department of Veterans Affairs abruptly canceled a brief briefing with Congressional leaders about the extent and impact of this week SolarWind CyberBat, Until infiltration into the network of several US agencies and powerful corporations permanently by an elite team of Russian hackers allegedly sanctioned by Moscow.

Democratic lawmakers say the VA has so far given no explanation for its decision not to notify oversight leaders of the House and Senate whether the attack compromised any veteran’s sensitive information, leading to at least one The US senator may be prompted to seek answers from the head of the agency. This week, VA officials told reporters that there is currently no indication that hackers took advantage of the backdoor in their network, which was inadvertently installed this year by about 18,000 SolarWinder customers.

In Letter Veterans Affairs Secretary Robert Wilkie said on Wednesday that Sen. Richard Blumental, a Democrat from Connecticut, said the elderly community is “particularly vulnerable” to the consequences of a breach, reflecting large amounts of veterans’ personal data. It is unclear what actions Wilkie has taken, Blumental said, to assess the risk of retired members of America’s fighting forces.

“I am concerned with the potential threat to the VA and write to request information about the impact of this incident and what steps are being taken to ensure the flexibility and confidentiality of the VA mission,” Blumental wrote. “This hack reduces existing privacy concerns and enables hackers to share and sell personal information.”

Veterans are considered at high risk for identity theft due to long-term government practices, such as using Social Security numbers as the primary identifier for service members. Veterans also rely too heavily on the use of a document called DD Form 214, which contains sensitive information, to demonstrate their proof of service. Blumenthal notes the “essential dependency” on the document – copies of which VA maintains digitally – as a special vulnerability.

Wilkie is not obligated to answer Blumental’s questions, including whether precautions, if any, have been taken to separate Veteran’s health records from other systems and whether the VA has completed forensic investigations of its cloud resources Have done. The Trump administration has traditionally ignored most inquiries made by congressional Democrats in the minority.

VA is one of SolarWinds largest federal The customer could not immediately be reached for comment. A VA spokesperson Told cyberscope On Wednesday, the agency uninstalled SolarWinds’ network monitoring software “cautiously out of abundance”, and said “there are currently no signs of exploitation.”

Removing an infected copy of the SolarWinds platform will not necessarily mean that the alleged Russian hackers are now about to gain a foothold in the network.

Likewise, other agencies have done less to come forward about the breech, according to CyberScope. In another letter this week, Sen. Bob Menendez, a Democrat in New Jersey, said the US State Department is “silent on whether its computer, communications and information technology systems were compromised.”

Solarwind’s attack represents the most shameless intrusion into a US government network by a state actor, at least since the Office of Personnel Management. 2015 violation, In which Chinese hackers conducted millions of personnel files and federal employee background checks. The Department of State, Commerce, Treasury and Homeland Security, as well as the National Institutes of Health, are included in the list of solar energy victims.

Experts say Russian hacking group ATP 29, also known as Cozy Bear, may have infiltrated Texas-based software company SolarWinds in early 2019, a network management tool used by dozens of federal agencies on the Orion platform Put malicious code in copies of. And more than three-quarters of corporations are on the revenue-based Fortune 500 list.

Experts usually add Kozi bears, who are credited with attacking Pentagon Email System In 2015 and Democratic national committee In 2016, along with the predecessor of the Russian Foreign Intelligence Service, the KGB.

According to experts, the malware deployed in the Orion platform, known as teardrop, was highly sophisticated, and in addition to harvesting users’ credibility and monitoring their keystrokes, Cozy Beer was able to mask its movements in the infected network. Enabling them to pass normally. IT staff.

.

Leave a Reply

Your email address will not be published.