US Media Outlets Claim Russia is Behind Massive Hack Without Evidence

Anonymous officials say several government agencies were targeted in hack

According to reports, multiple US government agencies were targeted by a hack that penetrated network-management software of the tech firm SolarWinds, whose clients include hundreds of US corporations and many government agencies. The hack was first discovered by the cybersecurity firm FireEye.

Anonymous sources were quick to pin the hack on their favorite suspect — Russia. On Monday, The Washington Post published a story that cited anonymous “people familiar with the intrusion” who pinned the blame on Russian intelligence. What started as conjecture from unnamed sources turned into fact in a story published by the Post just hours later.

The story published by the Post on Monday night described the hack as a “highly sophisticated digital spying operation by Russia.” Missing from the article was any additional information on attribution. The story also cited anonymous officials who said the Department of Homeland Security, the State Department, and the National Institutes of Health joined other US agencies who reported being targeted by the hack.

A similar phenomenon took place in the pages of The New York Times. David Sanger wrote a story on Sunday titled, “Russian Hackers Broke Into Federal Agencies, US Officials Suspect.” The story said the perpetrator of the hack was “almost certainly a Russian intelligence agency, according to federal and private experts.”

On Monday, Sanger co-authored a story that removed any doubt that Russia was the culprit. Monday’s story said the hack was “engineered by one of Russia’s premier intelligence agencies.”

When the firm FireEye first reported the hack, it did say the cyberattack was carried out by a “nation-state” but did not specify which one. As of Tuesday, FireEye has yet to identify the suspect. The Times and the Post both rely on anonymous sources to make the claim that Russia carried out the attack. Reuters also ran a story that cited anonymous US officials who made the same claim.

According to Bloomberg, Charles Carmakal, a leading incident response expert for FireEye, said the firm had “not yet seen sufficient evidence” to name the actor responsible for the hack.

It’s worth noting that FireEye has a history of attributing online activity to so-called adversary nations with flimsy evidence in cooperation with the US government. In November, the US Department of Justice (DOJ) seized 27 online domains, including the website for American Herald Tribune (AHT), a website that published articles critical of US foreign policy and has been targeted by the US government since 2018.

The seizure of AHT and other domains was justified by claims from FireEye that the websites were controlled by Iran. In reality, AHT published articles by writers from all over the world and was edited by a Canadian professor named Anthony Hall.

For their part, Russia has denied any involvement in the SolarWinds hack. “Malicious activities in the information space contradicts the principles of the Russian foreign policy, national interests and our understanding of interstate relations,” the Russian Embassy said in a statement. “Russia does not conduct offensive operations in the cyber domain.”

Since the 2016 election, US intelligence agencies have repeatedly accused countries like Russia, China, and Iran of attacking US cyberinfrastructure. But locating the source of cyber activity and hacking is difficult, and it’s tough to know how much truth there is to these claims as evidence is rarely offered to back them up.

What is known is that US intelligence agencies have been going on the offensive in the cyber realm. US Cyber Command Chief Gen. Paul Nakasone issued a statement after the presidential election that said the US took action against “adversaries” to prevent election interference.

In September, FBI Director Christopher Wray told a Senate hearing that the FBI has been feeding intelligence to the Pentagon and other intelligence agencies to carry out offensive cyber operations. “An important part of fighting back against our foreign adversaries in the cyber realm is offense as well as defense,” Wrath said. 

In July, Yahoo! News reported that President Trump authorized the CIA to conduct offensive cyberattacks in 2018. Sources told Yahoo! News that the CIA has used the authority to carry out attacks on Iran and other adversary nations.

It’s clear that the constant claims of cyberattacks against the US served as a justification to give the US military and intelligence agencies more authorities in the cyber realm.

Author: Dave DeCamp

Dave DeCamp is the assistant news editor of Antiwar.com, follow him on Twitter @decampdave.