- Multiple government agencies including the Department of Homeland Security, the Department of State, and parts of the Pentagon have been hacked in a far-reaching attack widely believed to be led by Russia.
- Experts have said the attack was highly advanced, and while the damage is unclear, more agencies are expected to be hit.
- The hack was first discovered last week by the cybersecurity firm FireEye, which later found the attackers had entered government servers undetected this spring, giving them free rein for much of the past year.
- The hackers first infiltrated the systems of the firm SolarWinds, which makes network-management software used by many government agencies and large companies. They later gained access to SolarWinds’ clients by infecting software updates the company sent its customers with malware.
- While the motive is currently unknown, experts have said the recent hack is classic espionage.
Federal Agencies Hacked
At least half a dozen U.S. federal agencies — including several national security-related departments — have been the victims of a highly advanced suspected Russian hack.
The attacks were first reported Sunday when Trump administration officials at the Treasury and Commerce departments confirmed that key networks had been breached and that the hackers had free range of their email systems.
On Monday, officials in the Homeland Security and State departments, the National Institutes of Health, and parts of the Pentagon also told reporters that they had been hit.
Currently, the extent of the hacks and the damage they have done is unknown, but people close to the matter have said that the number of federal agencies that were attacked is expected to grow.
While the knowledge of these attacks comes at the close of a tumultuous election season, cybersecurity experts involved in the matter have said that the systems were infiltrated months ago. Top U.S. intelligence agencies did not detect the hacks until they were informed of the breaches by FireEye, a third-party cybersecurity company that had also been a target.
FireEye, which is contracted by intelligence agencies and other federal departments to find and patch security holes in networks that could be vulnerable to hackers, reported last week that hackers from a then-unidentified nation-state had entered their systems and stolen their anti-hacking tools.
The company soon found out that the attack expanded far beyond their own systems. In a statement released Sunday, FireEye described a global campaign of victims that included “government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East.”
FireEye described the hack as incredibly sophisticated and “some of the best operational security” that they had ever seen in a cyberattack. It also noted that the hackers used at least one piece of malware that has never been previously detected.
The cybersecurity firm said that all of the involved organizations had been hit through a supply-chain attack, where cybercriminals infiltrate a target organization by hacking outside companies supplying products to the intended target that are then introduced into computer networks.
In this case, FireEye found that the supply chain attack started with an Austin-based company called SolarWinds that makes and supplies a widely-used network-management software called Orion.
The attackers hacked SolarWind and manipulated the software updates that the company sends out to their clients whenever there is an upgrade to Orion — much like the notifications your phone or computer sends when it has a software update.
When SolarWinds sent those infected updates to their clients, the hackers were able to gain access to these organizations when they downloaded the Orion update. Very notably, FireEye also said those software updates were delivered to customers between March and May, meaning that these hackers had free reign over these systems undetected for the better part of a year.
As for how many agencies or companies were impacted, right now, it is not entirely clear. In a federal securities filing Monday, SolarWinds reported that of its more than 300,000 clients, only 33,000 use Orion. Of those 33,000, fewer than 18,000 of its customers may have installed the corrupted software, the company said, though it also added it did not yet know how many systems were actually hacked.
However, other experts say the number is actually much, much lower.
“We think the number who were actually compromised were in the dozens,” Charles Carmakal, a senior vice president at FireEye told The New York Times. “But they were all the highest-value targets.”
In addition to the other government agencies that have said they were impacted, SolarWinds also contracts with all five branches of the military, the Executive Offices of the President, the Centers for Disease Control and Prevention, and the National Security Agency — which is the world’s top electronic spy agency.
SolarWinds also has other clients all around the world. According to reports, its services are used by almost all Fortune 500 companies, major defense contractors such as Boeing, and the Los Alamos National Laboratory where nuclear weapons are designed.
While it is unclear how many of those organizations used Orion, experts say that might not matter. As The Times reported, investigators have said that the hackers “used multiple entry points in addition to the compromised Orion software update, and that this may be only the beginning of what they find.”
In fact, in its Monday filing, SolarWinds even explicitly said that Microsoft’s Office 365 email may have also been “an attack vector” used by the attackers. In a blog post Sunday, Microsoft said that it has not found any product vulnerabilities in its own investigation of the hacks.
Suspected Russian Involvement
Neither SolarWinds nor FireEye specifically named the Russians, but numerous officials close to the matter have said that their investigation has pointed to a top Russian foreign intelligence agency known as the SVR, often called Cozy Bear or A.P.T. 29.
While the SVR is known as a traditional collector of intelligence, specializing in digital spying, it is not known for the kind of disinformation campaigns that we saw the Russians running in the 2016 election.
As a result, experts have said that this hack was not a campaign intended to undermine the election like last time, but rather to spy on the highest levels of the government.
“This is classic espionage,” Thomas Rid, a political science professor at the Johns Hopkins School of Advanced International Studies who specializes in cybersecurity issues told The Washington Post. “It’s done in a highly sophisticated way…. But this is a stealthy operation.”
“This so far appears to be classic digital spying of the sort that major nations, including the United States, engage in every day to gain geopolitical edges of various sorts,” The Post added.
“That’s a nine-month stretch that included — to name just a few of the important events that would have created computer files interesting to spies — the worst of the coronavirus pandemic, the historically fast development of vaccines using novel technology, and the U.S. presidential and congressional elections.”
As expected, Russian officials have denied any involvement. In a statement Sunday, the Russian Embassy in Washington called the reports “baseless” and said that Russia “does not conduct offensive operations in the cyber domain.”
Despite this claim, the U.S. intelligence community has extensively documented and verified numerous successful and attempted cyberattacks by Russia in the last several years.
See what others are saying: (The Washington Post) (The New York Times) (Reuters)
Conservatives Slam Elmo For Getting Vaccinated Against COVID-19
While critics accused the muppet of promoting propaganda, CDC data shows the shots are safe and effective.
Elmo Gets Vaccinated
Conservative politicians expressed outrage on Twitter after the beloved “Sesame Street” character Elmo revealed he got vaccinated against COVID-19 on Tuesday.
The Centers for Disease Control and Prevention recently cleared the way for children between the ages of six months and five years to get vaccinated against the virus. The famous red muppet is three years old, making him finally eligible for the jab.
In a video shared by “Sesame Street,” Elmo said that he felt “a little pinch, but it was okay.”
Elmo’s father, Louie, then addressed parents who might be apprehensive about vaccinating their own kids.
“I had a lot of questions about Elmo getting the COVID vaccine,” he said to the camera. “Was it safe? Was it the right decision? I talked to our pediatrician so I could make the right choice.”
“I learned that Elmo getting vaccinated is the best way to keep himself, our friends, neighbors, and everyone else healthy and enjoying the things they love,” he continued.
Republicans Criticize “Sesame Street”
While some praised the video for raising awareness and addressing the concerns parents may have, Sen. Ted Cruz (R-Tx) quickly lambasted the effort.
“Thanks, Sesame Street for saying parents are allowed to have questions,” Cruz tweeted. “You then have Elmo aggressively advocate for vaccinating children UNDER 5. But you cite ZERO scientific evidence for this.”
Despite Cruz’s claim, the CDC has provided ample resources with information on vaccines for children.
He was not alone in criticizing the video. Harmeet Dhillon, a committeewoman of the Republican National Committee for California, suggested that Elmo would be taking puberty blockers next.
Other anti-vaxxers claimed Elmo would get myocarditis and accused “Sesame Street” of promoting propaganda.
COVID-19 vaccines have been proven to be both safe and effective against transmission of the virus, but this is not the first time conservatives have turned their anger against a friendly-looking muppet who opted to get the jab. When Big Bird got vaccinated in November, Cruz and other right-wing figures accused the show of brainwashing kids.
Big Bird’s choice to get vaccinated was not a shocker though, clips dating back to 1972 show him getting immunized against the measles.
See what others are saying: (CNN) (The Hill) (Market Watch)
Uvalde Puts Police Chief on Leave, Tries to Kick Him Off City Council
If Pete Arredondo fails to attend two more consecutive city council meetings, then he may be voted out of office.
Police Chief Faces Public Fury
Uvalde School District Police Chief Pete Arredondo was placed on administrative leave Wednesday following revelations that he and his officers did not engage the shooter at Robb Elementary for over an hour despite having adequate weaponry and protection.
Superintendent Hal Harrell, who made the announcement, did not specify whether the leave is paid or unpaid.
Harrell said in a statement that the school district would have waited for an investigation to conclude before making any personnel decisions, but chose to order the administrative leave because it is uncertain how long the investigation will take.
Lieutenant Mike Hernandez, the second in command at the police department, will assume Arredondo’s duties.
In an interview with The Texas Tribune earlier this month, Arredondo said he did not consider himself in charge during the shooting, but law enforcement records reviewed by the outlet indicate that he gave orders at the scene.
Department of Public Safety Director Steve McCraw told state senators on Tuesday that some officers wanted to enter the classrooms harboring the shooter but were stopped by their superiors.
He said officer Ruben Ruiz tried to move forward into the hallway after receiving a call from his wife Eva Mireles, a teacher inside one of the classrooms, telling him she had been shot and was bleeding to death.
Ruiz was detained, had his gun taken away, and was escorted off the scene, according to McCraw. Mireles later died of her wounds.
Calls for Arredondo to resign or be fired have persisted.
Emotions Erupt at City Council
Wednesday’s announcement came one day after the Uvalde City Council held a special meeting in which community members and relatives of victims voiced their anger and demanded accountability.
“Who are you protecting?” Asked Jasmine Cazares, sister of Jackie Cazares, a nine-year-old student who was shot. “Not my sister. The parents? No. You’re too busy putting them in handcuffs.”
Much of the anger was directed toward Arredondo, who was not present at the meeting but was elected to the city council on May 7, just over two weeks before the massacre.
“We are having to beg ya’ll to do something to get this man out of our faces,” said the grandmother of Amerie Jo Garza, a 10-year-old victim. “We can’t see that gunman. That gunman got off easy. We can’t take our frustrations out on that gunman. He’s dead. He’s gone. … Ya’ll need to put yourselves in our shoes, and don’t say that none of ya’ll have, because I guarantee you if any of ya’ll were in our shoes, ya’ll would have been pulling every string that ya’ll have to get this man off the council.”
One woman demanded the council refuse to grant Arredondo the leave of absence he had requested, pointing out that if he fails to attend three consecutive meetings the council can vote him out for abandoning his office.
“What you can do right now is not give him, if he requests it, a leave of absence,” she said. “Don’t give him an out. We don’t want him. We want him out.”
After hearing from the residents, the council voted unanimously not to approve the leave of absence.
On Tuesday, Uvalde’s mayor announced that Robb Elementary is set to be demolished, saying no students or teachers should have to return to it after what happened.
We make it a point to not include the names and pictures of those who may have been seeking attention or infamy and will not link out to websites that might contain such information.
Texas Public Safety Director Says Police Response to Uvalde Shooting Was An “Abject Failure”
New footage shows officers prepared to engage the shooter one hour before they entered the classroom.
Seventy-Seven Deadly Minutes
Nearly a month after the mass shooting in Uvalde, Texas that killed 19 children and two teachers, evidence has emerged indicating that police were prepared to engage the shooter within minutes of arriving, but chose to wait over an hour.
The shooting at Robb Elementary began at 11:33 a.m., and within three minutes 11 officers are believed to have entered the school, according to surveillance and body camera footage obtained by KVUE and the Austin American Statesman.
District Police Chief Pete Arredondo reportedly called a landline at the police department at 11:40 a.m. for help.
“It’s an emergency right now,” he said. “We have him in the room. He’s got an AR-15. He’s shot a lot… They need to be outside the building prepared because we don’t have firepower right now. It’s all pistols.”
At 11:52 a.m., however, the footage shows multiple officers inside the school armed with at least two rifles and one ballistic shield.
Law enforcement did not enter the adjoined classrooms to engage the shooter until almost an hour later, at 12:50 p.m. During that time, one officer’s daughter was inside the classrooms and another’s wife, a teacher, reportedly called him to say she was bleeding to death.
Thirty minutes before law enforcement entered the classrooms, the footage shows officers had four ballistic shields in the hallway.
Frustrated Cops Want to Go Inside
Some of the officers felt agitated because they were not allowed to enter the classrooms.
One special agent at the Texas Department of Public Safety arrived about 20 minutes after the shooting started, then immediately asked, “Are there still kids in the classrooms?”
“It is unknown at this time,” another officer replied.
“Ya’ll don’t know if there’s kids in there?” The agent shot back. “If there’s kids in there we need to go in there.”
“Whoever is in charge will determine that,” the other officer responded.
According to an earlier account by Arredondo, he and the other officers tried to open the doors to the classrooms, but found them both locked and waited for a master key to arrive. But surveillance footage suggests that they never tried to open the doors, which a top Texas official has confirmed were never actually locked.
One officer has told reporters that within minutes of the police response, there was a Halligan bar, which firefighters use to break down locked doors, on-site, but it was never used.
At a special State Senate committee hearing Monday, Texas Department of Public Safety Director Steve McCraw called the police response an “abject failure” and “antithetical to everything we’ve learned over the last two decades since the Columbine massacre.”
“The only thing stopping a hallway of dedicated officers from (entering rooms) 111 and 112 was the on-scene commander who decided to place the lives of officers before the lives of children,” he said. “The officers have weapons, the children had none.”