2020 United States federal government data breach
The 2020 United States federal government data breach was a significant cyberattack attributed to the Russian Federation, affecting numerous government agencies and private entities. The breach was primarily executed through a supply chain attack leveraging vulnerabilities in the Orion software developed by Texas-based SolarWinds. This sophisticated breach reportedly began in late 2019, with hackers inserting malicious code into software updates that were later downloaded by approximately 18,000 customers, including key government departments like Defense, Treasury, and Homeland Security.
Experts indicated that the true extent of the breach might never be fully understood, as the hackers employed tactics to conceal their activities within the networks. The attack underscored the growing risks of cyberwarfare and highlighted vulnerabilities in U.S. cybersecurity practices. While the U.S. government, led by officials like Secretary of State Mike Pompeo, attributed responsibility for the breach to Russian intelligence, President Donald Trump suggested alternative theories, indicating a divide in perceptions about the attack. The Russian government has denied involvement, further complicating the international response to the incident. As cybersecurity remains a critical concern, the implications of this breach could resonate for years, affecting national security and the integrity of governmental operations.
On this Page
2020 United States federal government data breach
The 2020 United States federal government data breach was a cyberattack on the United States that was most likely initiated by the government of the Russian Federation. The data breach lasted for months during 2020 and affected numerous government agencies. The effects of the breach were not known at the time, and experts suggested that the United States might never know the full extent of the hack. The hackers used a popular network software to infiltrate and take information from networks used by the US government and private businesses, mostly inside the United States.
Background
Hacking attacks and other acts of cyberwarfare became a regular part of espionage and national defense among the world’s nations in the 2000s and 2010s. Sophisticated attacks, such as the Stuxnet attack on the Iranian nuclear program in 2010, signaled to the world that warfare was changing, and the digital realm had become an important place to defend. Cybersecurity experts had warned for years in the 2010s that the United States and other large nations were at an especially high risk for cyberattacks for various reasons. The first was that the United States was an attractive target. It is a large, powerful, and wealthy nation, and a successful attack against its government could yield money, power, or both. Furthermore, cyber experts agreed that some parts of the US government’s cybersecurity practices were not as advanced as the systems of some small countries.
Overview
In 2019 and 2020 hackers used a supply chain cyberattack to access data and systems in the US federal government. Experts believe that hackers laid the groundwork for the attack in the fall 2019. The hackers targeted a code inside a program system called Orion, which is made by a Texas-based company called SolarWinds. Orion is a platform that information technology (IT) departments can use to monitor entire computer networks. Attacking this type of high-level platform was novel in 2019, and most cybersecurity software was not created to monitor for such attacks.
The hackers began their work by testing their ability to access and change code inside the Orion software. They began by inserting a very small piece of code in the Orion software in September 2019. The small piece of code simply told the hackers whether the device was using a 32- or 64-bit processor. The hackers did not need this information. They only used this code to verify whether they could successfully breach the software and insert their own piece of code without being detected. The hackers were successful. After that, they started to launch the actual attack.
The hackers knew how companies such as SolarWinds typically modify the code in their programs. Companies take certain steps to protect their software from hackers. Yet, the hackers found ways to get around the safety measures. They realized that the programmers at SolarWinds would make regular, routine updates to the software. All types of software get regular updates to fix bugs and, supposedly, to protect the software against hacking attacks. When the programmers at SolarWinds updated the Orion software, the software was changed in a computer language that humans understand. Then, it was tested and audited to ensure that it was safe. Finally, the software was converted into a language that the computer reads. The hackers inserted their code into Orion just before it was translated into the computer language. This way, the changes to the code were not audited or checked. The changes went into the software update without anyone at SolarWinds realizing it.
In spring 2020, SolarWinds released a regular software update for Orion. The platform’s users accepted and implemented the updates, as they had no reason to suspect that it would be anything other than a routine update. Customers who downloaded the updates, accepted them, and had Internet access on their computers were targeted by the hack. Roughly eighteen thousand customers downloaded the tainted Orion update. However, fewer companies and government agencies were actually targeted. Some experts believe that roughly one hundred companies and twelve government agencies were attacked with the hack.
After the tainted software was uploaded, it gave hackers a “backdoor” into various networks. Because of the nature of the Orion software—which controls many aspects of a network—the hackers had access to many network features. As of 2021, experts still did not fully understand what information the hackers accessed while they were inside the systems. This is partly because the hackers tried to hide their digital tracks so that victims of the attack did not know exactly what the hackers accessed or did inside the systems. The worst-case scenario for the victims was that the hackers left behind malicious code, known as malware, that will help them gain access to the systems in the future.
In December 2020, a well-known cybersecurity firm, FireEye, announced that it had experienced a cyberattack, and the company suspected that a nation-state had been behind it. While FireEye was investigating the attack, it also found the SolarWinds Orion attack. FireEye called the malicious code Sunburst. SolarWinds immediately notified its clients that they should update their Orion software to protect against “a security vulnerability.” The update removed the malicious code that had existed in the Orion program for months.
Soon after the attack was made public, the US Departments of Agriculture, Commerce, and Homeland Security announced that they had been targeted and breached. Later, other government agencies including the Department of Defense, the State Department, and the National Institutes of Health (NIH) were also identified as victims in the hack. The possible implications of the attack were far-reaching. The hackers most likely accessed troves of information. Even declassified information could give the hackers a great deal of leverage. For example, hackers who accessed email addresses could use or sell those addresses for attempted phishing scams in the future. The US government did not announce whether the hackers had accessed any classified information.
The US government concluded that the hackers who were responsible for the attack were directed to do so by the Russian intelligence service SVR. In December 2020, then-president Donald Trump tried to cast doubt on Russia’s role in the attack by claiming in a social media post that China might actually be to blame. Nevertheless, Secretary of State Mike Pompeo and the rest of the US federal government agreed that Russia had initiated the attacks. The Russian government has denied these claims.
Bibliography
Cohen, Zachary, Alex Marquardt, and Brian Fung. “Massive Hack of US Government Launches Search for Answers as Russia Named Top Suspect.” CNN, 16 Dec. 2020, www.cnn.com/2020/12/16/politics/us-government-agencies-hack-uncertainty/index.html. Accessed 27 Apr. 2021.
Jibilian, Isabella and Katie Canales. “The US Is Readying Sanctions Against Russia over the SolarWinds Cyber Attack. Here’s a Simple Explanation of How the Massive Hack Happened and Why It’s Such a Big Deal.” Business Insider, 15 Apr. 2021, www.businessinsider.com/solarwinds-hack-explained-government-agencies-cyber-security-2020-12. Accessed 27 Apr. 2021.
Kovacs, Eduard. “Mimecast Discloses Certificate Incident Possibly Related to SolarWinds Hack.” Security Week, 31 Jan. 2021, www.securityweek.com/mimecast-discloses-certificate-incident-possibly-related-solarwinds-hack. Accessed 27 Apr. 2021.
McEvoy, Jemima. “Major Cyberattack Breached Government Agency In Charge Of Nuclear Weapons Stockpile.” Forbes, 17 Dec. 2020, www.forbes.com/sites/jemimamcevoy/2020/12/17/federal-government-private-sector-at-grave-risk-from-hack-warns-us-cyber-security-agency/?sh=5adc205a7bc0. Accessed 27 Apr. 2021.
Sanger, David E. “Russian Hackers Broke into Federal Agencies, U.S. Officials Suspect.” New York Times, 9 Feb. 2021, www.nytimes.com/2020/12/13/us/politics/russian-hackers-us-government-treasury-commerce.html. Accessed 27 Apr. 2021.
Stanley, Alyse. “Microsoft Says SolarWinds Hackers Also Broke into Its Source Code.” Gizmodo, 31 Dec. 2020, gizmodo.com/microsoft-says-solarwinds-hackers-also-broke-into-its-s-1845974783. Accessed 27 Apr. 2021.
Temple-Raston, Dina. “A ‘Worst Nightmare’ Cyberattack: The Untold Story of the SolarWinds Hack.” NPR, 16 Apr. 2021, www.npr.org/2021/04/16/985439655/a-worst-nightmare-cyberattack-the-untold-story-of-the-solarwinds-hack. Accessed 27 Apr. 2021.
“What We Know—And Still Don’t—About the Worst-Ever US Government Cyber-Attack.” The Guardian, 19 Dec. 2020, www.theguardian.com/technology/2020/dec/18/orion-hack-solarwinds-explainer-us-government. Accessed 27 Apr. 2021.