View Source

White House Weighs New Cybersecurity Approach After Failure to Detect Hacks

The question is how to set up such a system.

After revelations in 2013 by the former intelligence contractor Edward J. Snowden that set off a debate about government surveillance, American technology companies are wary of the appearance of sharing data with American intelligence agencies, even if that data is just warnings about malware. Google was stung by the revelation in the Snowden documents that the National Security Agency was intercepting data transmitted between its servers overseas. Several years later, under pressure from its employees, it ended its participation in Project Maven, a Pentagon effort to use artificial intelligence to make its drones more accurate.

Amazon, in contrast, has no such compunctions about sensitive government work: It runs the cloud server operations for the C.I.A. But when the Senate Intelligence Committee asked company officials to testify last month — alongside executives of FireEye, Microsoft and SolarWinds — about how the Russians exploited systems on American soil to launch their attacks, they declined to attend.

Companies say that before they share reporting on vulnerabilities, they would need strong legal liability protections.

The most politically palatable headquarters for such a clearinghouse — avoiding the legal and civil liberties concerns of using the National Security Agency — would be the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. Mr. Gerstell described the idea as “automated computer sensors and artificial intelligence acting on information as it comes in and instantaneously spitting it back out.”

The department’s existing “Einstein” system, which is supposed to monitor intrusions and potential attacks on federal agencies, never saw the Russian attack underway — even though it hit nine federal departments and agencies. The F.B.I., lawmakers say, does not have broad monitoring capabilities, and its focus is divided across other forms of crime, counterterrorism and now domestic extremism threats.

“I don’t want the intelligence agencies spying on Americans, but that leaves the F.B.I. as the de facto domestic intelligence agency to deal with these kinds of attacks,” said Senator Angus King, a Maine independent, member of the Senate Intelligence Committee and co-chairman of the cyberspace commission. “I’m just not sure they’re set up for this.”

There are other hurdles. The process of getting a search warrant is too cumbersome for tracking nation-state cyberattacks, Mr. Gerstell said. “Someone’s got to be able to take that information from the N.S.A. and instantly go take a look at that computer,” he said. “But the F.B.I. needs a warrant to do that, and that takes time by which point the adversary has escaped.”

View Source

Thousands of Microsoft Customers May Have Been Victims of Hack Tied to China

Businesses and government agencies in the United States that use a Microsoft email service have been compromised in an aggressive hacking campaign that was probably sponsored by the Chinese government, Microsoft said.

The number of victims is estimated to be in the tens of thousands and could rise, some security experts believe, as the investigation into the breach continues. The hackers had stealthily attacked several targets in January, according to Volexity, the cybersecurity firm that discovered the hack, but escalated their efforts in recent weeks as Microsoft moved to repair the vulnerabilities exploited in the attack.

The U.S. government’s cybersecurity agency issued an emergency warning on Wednesday, amid concerns that the hacking campaign had affected a large number of targets. The warning urged federal agencies to immediately patch their systems. On Friday, the cybersecurity reporter Brian Krebs reported that the attack had hit at least 30,000 Microsoft customers.

“We’re concerned that there are a large number of victims,” the White House press secretary, Jen Psaki, said during a press briefing on Friday. The attack “could have far-reaching impacts,” she added.

Microsoft said in a blog post, but Microsoft said it had no sense of how extensive the theft was.

The campaign was detected in January, said Steven Adair, the founder of Volexity. The hackers quietly stole emails from several targets, exploiting a bug that allowed them to access email servers without a password.

“This is what we consider really stealth,” Mr. Adair said, adding that the discovery set off a frantic investigation. “It caused us to start ripping everything apart.” Volexity reported its findings to Microsoft and the U.S. government, he added.

But in late February, the attack escalated. The hackers began weaving multiple vulnerabilities together and attacking a broader group of victims. “We knew that what we had reported and seen used very stealthily was now being combined and chained with another exploit,” Mr. Adair said. “It just kept getting worse and worse.”

Jake Sullivan, the White House national security adviser.

“This is the real deal,” tweeted Christopher Krebs, the former director of the U.S. Cybersecurity and Infrastructure Agency. (Mr. Krebs is not related to the cybersecurity reporter who disclosed the number of victims.)

Mr. Krebs added that companies and organizations that use Microsoft’s Exchange program should assume that they had been hacked sometime between Feb. 26 and March 3, and work quickly to install the patches released this past week by Microsoft.

In a statement, Jeff Jones, a senior director at Microsoft, said, “We are working closely with the C.I.S.A., other government agencies and security companies to ensure we are providing the best possible guidance and mitigation for our customers.”

Microsoft said a Chinese hacking group known as Hafnium, “a group assessed to be state-sponsored and operating out of China,” was behind the hack.

Since the company disclosed the attack, other hackers not affiliated with Hafnium began to exploit the vulnerabilities to target organizations that had not patched their systems, Microsoft said. “Microsoft continues to see increased use of these vulnerabilities in attacks targeting unpatched systems by multiple malicious actors,” the company said.

Patching these systems is not a straightforward task. Email servers are difficult to maintain, even for security professionals, and many organizations lack the expertise to host their own servers safely. For years, Microsoft been pushing these customers to move to the cloud, where Microsoft can manage security for them. Industry experts said the security incidents could encourage customers to shift to the cloud and be a financial boon for Microsoft.

Because of the broad scope of the attack, many Exchange users are probably compromised, Mr. Adair said. “Even for people who patched this as fast as humanly possible, there’s an extremely high chance that they were already compromised.”

Nicole Perlroth contributed reporting.

View Source

For Biden, Deliberation and Caution, Maybe Overcaution, on the World Stage

But the early indications suggest that Mr. Biden is moving slower on the world stage than he is at home. And that is partly rooted in his belief, his national security adviser, Jake Sullivan, said in an interview, that the United States will regain its global influence only after it has tamed the pandemic, restored economic growth and reset its relationships with allies.

The most telling of his decisions centers on Saudi Arabia. After banning the arms sales to halt what he called a “catastrophic” war in Yemen, Mr. Biden released an intelligence report about Prince Mohammed’s role in the killing of Jamal Khashoggi, the dissident journalist, and imposed new penalties on the crown prince’s personal royal guard, the so-called Rapid Intervention Force. But Mr. Biden stopped at the next step — barring travel by or threatening criminal prosecution of the 35-year-old crown prince.

The president had not told his staff in advance whether he favored direct action, even though he said in the campaign that the Saudi leadership had “no redeeming social value.”

Mr. Sullivan said he and his staff went to Mr. Biden with “a broad-based recommendation that a recalibration of the relationship, rather than a rupture of the relationship, was the right course of action.”

Mr. Biden, Mr. Sullivan said, “pressed us on our assumptions as he worked through the pros and cons of every aspect of the policy,” including the staff’s conclusion that keeping a channel open to the crown prince was the best path to “resolving the war in Yemen.”

But the final decision was a reminder, other aides said, that Mr. Biden emerged from his three decades in the Senate with both a belief in nurturing even the most difficult of alliances — and a dose of realism that the United States could not prevent the crown prince from becoming the next king.

“We deal, unfortunately, every single day with leaders of countries who are responsible for actions we find either objectionable or abhorrent, whether it’s Vladimir Putin, whether it’s Xi Jinping,” Antony J. Blinken, the secretary of state and Mr. Biden’s longest-serving foreign policy adviser, said on Wednesday on “PBS NewsHour.”

View Source