Attorney General William Barr said on Monday that Russia “appears” to be behind a hack that targeted the software company SolarWinds and affected several US government agencies.
Barr was the second Trump administration official to pin the blame on Moscow, after Secretary of State Mike Pompeo. President Trump downplayed the idea of Russian involvement and shifted the blame to China in a tweet on Saturday. Breaking from Trump, Barr said he agrees with Pompeo’s claim.
“From the information I have, I agree with Secretary Pompeo’s assessment, it certainly appears to be the Russians but I’m not going to discuss it beyond that,” he said at a news conference. Barr contradicting the president is no surprise, as the attorney general is stepping down from his position later this week.
Since the hack was first reported by the cybersecurity firm FireEye, many in the media and in Congress were quick to blame Russia, despite a lack of evidence. Details of the cyberattack are also scant, although the media is portraying it as one of the largest attacks on US cyberinfrastructure in years.
On Monday, Senator Ron Wyden (D-OR) shared details of intrusions into the Treasury Department’s servers and said, “dozens of email accounts were compromised.” He said the department “still does not know all of the actions taken by hackers, or precisely what information was stolen.”
Treasury Secretary Steven Mnuchin addressed the issue on Monday. “At this point, we do not see any break-in into our classified systems,” he said. “Our unclassified systems did have some access.” So far, the Treasury Department is the first government agency to acknowledge specific cyber intrusions.
In reporting Mnuchin’s and Wyden’s comments, The New York Times parroted the claim that Russia was responsible as fact. Reporter David Sanger, who co-authored the piece, was asked how he knew Russia was behind the cyberattack in an interview with The Daily last week.
“Well a few things, first, the skill level. This was done with a precision and with an understanding of the systems that 97 percent of the world’s best hackers wouldn’t have the time or the resources to pull off,” Sanger said.
While Sanger says the hack was sophisticated, a cybersecurity expert who previously advised SolarWinds holds a different opinion. Security expert Vinoth Kumar told Reuters that he warned SolarWinds in 2019 that the company’s update server could be easily accessed since the password was “solarwinds123.”
“This could have been done by any attacker, easily,” Kumar said.
But Sanger has other reasons to believe the Russians hacked SolarWinds. “The second thing is they used certain techniques that had been seen before by the Russians. It had the markings not just of the Russians but of a particular intelligence agency within Russia called the SVR,” he said.
Sanger’s interview was published on December 16th. On December 17th, the Cybersecurity and Infrastructure Security Agency put out an alert that said the actor responsible likely has “tactics, techniques, and procedures (TTPs) that have not yet been discovered.”
Identifying TTPs is a common way the US government accuses Russia of cyber intrusions. Federal agencies often say hackers used TTPs consistent with previous Russian government activity, offering that assessment as the only proof to substantiate claims of Russian hacking. New TTPs suggest the government has less of an idea of who carried out the attack than Sanger claims.