What we know about Russia's sprawling hack into federal agencies
15 December 2020
The revelation that hackers tied to Russia managed to penetrate the Treasury, Commerce and Homeland Security departments — at least — will be giving U.S. officials nightmares for a long time.
The big picture: News of the Russia-linked hack, which Reuters broke Sunday, has shaken the government and larger cybersecurity world and led some policymakers to call for retaliation against Russia.
What we know:
- Who was (probably) behind it. Cyber operators likely working for the SVR, a Russian intelligence service, compromised the software of IT contractor SolarWinds to gain access to these government networks — and have been potentially roaming in them since March.
- The group's history. The same hacking unit, known as APT 29 or Cozy Bear, hacked prominent cybersecurity vendor FireEye. Cozy Bear was also behind a major compromise in 2014 and 2015 of unclassified email systems at the Pentagon, White House, and State Department.
- The upper limit of the hack's potential reach: Some 18,000 SolarWinds customers — not individuals, institutions — may have been breached in the campaign, said SolarWinds, likely including currently unnamed “national security agencies and defense contractors,” according to the Wall Street Journal’s Dustin Volz.
What we don't know:
- What they were after. The hackers appeared to gain access to email systems within Commerce and Treasury, though we don’t know whose emails, nor just how sensitive they are. And it's possible they got deeper into government systems than merely scraping unclassified emails.
- Whether the hackers are still active in victim networks. Once a determined and capable foreign intelligence service has forced its way into a system, it will seek new avenues to keep on spying even if its initial access points get cut off. We don't know if, or how many, victims' networks, are still compromised.
- The full list of victims.
Yes, but: It’s a strong bet that there are other shoes waiting to drop.
- SolarWinds’ customers include “more than 425 of the US Fortune 500,” “all ten of the top ten US telecommunications companies,” “all five branches of the US Military,” “the US Pentagon, State Department, NASA, NSA, Postal Service, NOAA, Department of Justice, and the Office of the President of the United States," and “all five of the top five US accounting firms,” per a page on the company’s website that was recently deleted.
Be smart: As stunning as the hack's apparent success may be, the effort behind it is par for the course in the world of cyberespionage. The general public just rarely gets a glimpse into the machinery of modern spying.
Transcripts show George Floyd told police "I can't breathe" over 20 times
Section2Newly released transcripts of bodycam footage from the Minneapolis Police Department show that George Floyd told officers he could not breathe more than 20 times in the moments leading up to his death.
Why it matters: Floyd's killing sparked a national wave of Black Lives Matter protests and an ongoing reckoning over systemic racism in the United States. The transcripts "offer one the most thorough and dramatic accounts" before Floyd's death, The New York Times writes.
The state of play: The transcripts were released as former officer Thomas Lane seeks to have the charges that he aided in Floyd's death thrown out in court, per the Times. He is one of four officers who have been charged.
- The filings also include a 60-page transcript of an interview with Lane. He said he "felt maybe that something was going on" when asked if he believed that Floyd was having a medical emergency at the time.
What the transcripts say:
- Floyd told the officers he was claustrophobic as they tried to get him into the squad car.
- The transcripts also show Floyd saying, "Momma, I love you. Tell my kids I love them. I'm dead."
- Former officer Derek Chauvin, who had his knee on Floyd's neck for over eight minutes, told Floyd, "Then stop talking, stop yelling, it takes a heck of a lot of oxygen to talk."
Read the transcripts via DocumentCloud.