Biden Administration to Impose Tough Sanctions on Russia

On Tuesday, Mr. Biden spoke with President Vladimir V. Putin of Russia, warning Mr. Putin about the Russian troop buildup on Ukraine’s border and in Crimea. Jen Psaki, the White House press secretary, said on Wednesday that the call was meant to emphasize the consequences of Russia’s activities, but it was unclear if Mr. Biden telegraphed any of his administration’s pending moves.

The Biden administration has already carried out one round of sanctions against Russia, for the poisoning of the opposition leader Aleksei A. Navalny.

Those sanctions were similar to a series of actions that European nations and Britain took in October and expanded in March. Allied officials said that while the American response on Mr. Navalny was closely coordinated, the sanctions imposed for the election interference, bounties and hacking were meant to be more unilateral.

While Biden administration officials were for a while considering taking action only in response to the hacking, they decided to join that move with retaliations for other Russian actions, according to officials. Additionally, penalties coordinated with allies for Russia’s increased threat to Ukraine were expected, said one person familiar with the announcement.

The C.I.A. presented the Trump administration with an intelligence assessment that Russia had covertly offered to pay bounties to militant fighters to incentivize more killings of Americans in Afghanistan. But while the National Security Council at the Trump White House initially led an interagency effort to come up with response options, months passed and the White House did not authorize anything — not even the mildest option, delivering a diplomatic warning.

After the existence of the C.I.A. assessment and the White House’s inaction on it became public, there was bipartisan outrage in Congress. As a candidate, Mr. Biden raised the issue of the suspected bounties, and once in office, he ordered his intelligence officials to put together a full report on Russian efforts against Americans.

While the Biden administration has not released any new information on the suspected bounties, it did make public a report on Russian election interference. That report said that Mr. Putin had authorized extensive efforts to hurt Mr. Biden’s candidacy during the 2020 election, including by mounting covert operations to influence people close to President Donald J. Trump.

View Source

White House Weighs New Cybersecurity Approach After Failure to Detect Hacks

The question is how to set up such a system.

After revelations in 2013 by the former intelligence contractor Edward J. Snowden that set off a debate about government surveillance, American technology companies are wary of the appearance of sharing data with American intelligence agencies, even if that data is just warnings about malware. Google was stung by the revelation in the Snowden documents that the National Security Agency was intercepting data transmitted between its servers overseas. Several years later, under pressure from its employees, it ended its participation in Project Maven, a Pentagon effort to use artificial intelligence to make its drones more accurate.

Amazon, in contrast, has no such compunctions about sensitive government work: It runs the cloud server operations for the C.I.A. But when the Senate Intelligence Committee asked company officials to testify last month — alongside executives of FireEye, Microsoft and SolarWinds — about how the Russians exploited systems on American soil to launch their attacks, they declined to attend.

Companies say that before they share reporting on vulnerabilities, they would need strong legal liability protections.

The most politically palatable headquarters for such a clearinghouse — avoiding the legal and civil liberties concerns of using the National Security Agency — would be the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. Mr. Gerstell described the idea as “automated computer sensors and artificial intelligence acting on information as it comes in and instantaneously spitting it back out.”

The department’s existing “Einstein” system, which is supposed to monitor intrusions and potential attacks on federal agencies, never saw the Russian attack underway — even though it hit nine federal departments and agencies. The F.B.I., lawmakers say, does not have broad monitoring capabilities, and its focus is divided across other forms of crime, counterterrorism and now domestic extremism threats.

“I don’t want the intelligence agencies spying on Americans, but that leaves the F.B.I. as the de facto domestic intelligence agency to deal with these kinds of attacks,” said Senator Angus King, a Maine independent, member of the Senate Intelligence Committee and co-chairman of the cyberspace commission. “I’m just not sure they’re set up for this.”

There are other hurdles. The process of getting a search warrant is too cumbersome for tracking nation-state cyberattacks, Mr. Gerstell said. “Someone’s got to be able to take that information from the N.S.A. and instantly go take a look at that computer,” he said. “But the F.B.I. needs a warrant to do that, and that takes time by which point the adversary has escaped.”

View Source

Thousands of Microsoft Customers May Have Been Victims of Hack Tied to China

Businesses and government agencies in the United States that use a Microsoft email service have been compromised in an aggressive hacking campaign that was probably sponsored by the Chinese government, Microsoft said.

The number of victims is estimated to be in the tens of thousands and could rise, some security experts believe, as the investigation into the breach continues. The hackers had stealthily attacked several targets in January, according to Volexity, the cybersecurity firm that discovered the hack, but escalated their efforts in recent weeks as Microsoft moved to repair the vulnerabilities exploited in the attack.

The U.S. government’s cybersecurity agency issued an emergency warning on Wednesday, amid concerns that the hacking campaign had affected a large number of targets. The warning urged federal agencies to immediately patch their systems. On Friday, the cybersecurity reporter Brian Krebs reported that the attack had hit at least 30,000 Microsoft customers.

“We’re concerned that there are a large number of victims,” the White House press secretary, Jen Psaki, said during a press briefing on Friday. The attack “could have far-reaching impacts,” she added.

Microsoft said in a blog post, but Microsoft said it had no sense of how extensive the theft was.

The campaign was detected in January, said Steven Adair, the founder of Volexity. The hackers quietly stole emails from several targets, exploiting a bug that allowed them to access email servers without a password.

“This is what we consider really stealth,” Mr. Adair said, adding that the discovery set off a frantic investigation. “It caused us to start ripping everything apart.” Volexity reported its findings to Microsoft and the U.S. government, he added.

But in late February, the attack escalated. The hackers began weaving multiple vulnerabilities together and attacking a broader group of victims. “We knew that what we had reported and seen used very stealthily was now being combined and chained with another exploit,” Mr. Adair said. “It just kept getting worse and worse.”

Jake Sullivan, the White House national security adviser.

“This is the real deal,” tweeted Christopher Krebs, the former director of the U.S. Cybersecurity and Infrastructure Agency. (Mr. Krebs is not related to the cybersecurity reporter who disclosed the number of victims.)

Mr. Krebs added that companies and organizations that use Microsoft’s Exchange program should assume that they had been hacked sometime between Feb. 26 and March 3, and work quickly to install the patches released this past week by Microsoft.

In a statement, Jeff Jones, a senior director at Microsoft, said, “We are working closely with the C.I.S.A., other government agencies and security companies to ensure we are providing the best possible guidance and mitigation for our customers.”

Microsoft said a Chinese hacking group known as Hafnium, “a group assessed to be state-sponsored and operating out of China,” was behind the hack.

Since the company disclosed the attack, other hackers not affiliated with Hafnium began to exploit the vulnerabilities to target organizations that had not patched their systems, Microsoft said. “Microsoft continues to see increased use of these vulnerabilities in attacks targeting unpatched systems by multiple malicious actors,” the company said.

Patching these systems is not a straightforward task. Email servers are difficult to maintain, even for security professionals, and many organizations lack the expertise to host their own servers safely. For years, Microsoft been pushing these customers to move to the cloud, where Microsoft can manage security for them. Industry experts said the security incidents could encourage customers to shift to the cloud and be a financial boon for Microsoft.

Because of the broad scope of the attack, many Exchange users are probably compromised, Mr. Adair said. “Even for people who patched this as fast as humanly possible, there’s an extremely high chance that they were already compromised.”

Nicole Perlroth contributed reporting.

View Source