Cybersecurity experts consider what happened to be an intelligence operation rather than an attack intended to cause direct harm
Microsoft said Thursday that hackers behind the attack on dozens of U.S. government agencies and private companies penetrated its systems much deeper than previously thought. The company said hackers were able to look at some of the code behind Microsoft’s software but were not able to make any changes to it
Source code — that basic set of instructions that run a piece of software or an operating system — is usually one of the most closely guarded secrets of any technology company.
“Source code is like a Coca-Cola recipe that’s in a vault in Atlanta, super-secretly guarded so no one can copy it. Since programs are written by humans, and we all have flaws, a bug can creep into a program. If attackers get access to the source code, they can figure out what the vulnerabilities are and use them against you,” says Florida International University expert Alexander Crowther.
It is still unclear how much or what parts of Microsoft’s source code repositories the hackers were able to get their hands on. The company’s admission suggests that the hackers, who used SolarWinds software as a springboard to infiltrate closed U.S. government networks, were also interested in how Microsoft products work internally.
“We discovered malicious SolarWinds applications in our environment, which we isolated and removed. Our investigation revealed attempted activities beyond the mere presence of SolarWinds malicious code in our environment. These activities did not compromise the security of our services or any customer data.” – the company’s blog said. “We encountered unusual activity from a small number of internal accounts and upon inspection found that one account was being used to view source code in multiple repositories. The account did not have permissions to change code, and our investigation confirmed that no changes had been made.”
Microsoft noted that a foreign government was behind the operation. Alexander Crowther notes: the actions of the attackers are an intelligence operation, not a cyberattack.
“For actions in cyberspace to be considered an attack, one of four effects must be achieved: something is broken, something is destroyed, there are dead or wounded. Killing someone through cyber action is difficult. So what we have seen is a reconnaissance operation,” the expert notes.
According to him, cyberspace is more often used for information operations aimed at forming a certain opinion, as well as financial cybercrimes such as extortion of money and intrusion into banks.
Alexander Crowther agrees with the opinion of Microsoft experts that the state, not a group of independent hackers, is behind the operation.
“In order to have a good cyber system, you have to have resources. For example, the Netherlands is a pretty serious player in cyberspace, although many people in the world would never think so. They have human resources, businesses, universities, and people working together in them. That’s why it’s usually the states that are the ones that are the most sophisticated cyber threats – they’re the only ones that can generate those resources. Countries have university systems, but the Islamic State, for example, does not. They depend on the talent they can attract, but they will never be a serious ongoing threat on the scale of Russia and China.”
The SolarWinds hack is one of the most ambitious cyber operations ever undertaken. It affected a number of federal agencies, and possibly thousands of private companies and other organizations. U.S. officials blame Russia for the SolarWinds hacking campaign; the Kremlin denies it.
“What you won’t see from the U.S. side is a detailed explanation of why Russia is believed to be behind the operation. The FBI is more likely to say, ‘you know, it was the Russians.’ They are trying to determine exactly who is behind it. When the U.S. says that Russia or China is behind this or that operation, they reply: “Prove it. Provide proof.” What they really want to know is how we caught them and what to do to prevent that mistake from happening again. That’s why the U.S. does not provide evidence,” the expert stresses.
The key question that still remains unanswered is what source code repositories were accessed. Microsoft has a huge list of products, from the widely used Windows to lesser-known software such as the social networking app Yammer and the design app Sway.