BOSTON (AP) – Some of America’s best-kept secrets may have been stolen in a disciplined, multi-month operation blamed on elite hackers from the Russian government. The possibilities of what could have been stolen are puzzling.
Did Hackers Steal Nuclear Secrets? COVID-19 Vaccine Facts? Blueprints for next-generation weapons systems?
It will take weeks, perhaps years in some cases, before digital detectives investigating federal government and private industry networks get answers. These hackers are consummate professionals when it comes to covering their tracks, experts say. Some may never be detected.
What seems clear is that this campaign – which cybersecurity experts say exhibits the same tactics and techniques of the Russian foreign intelligence agency SVR – will end up being one of the most prolific in the annals of cyber espionage.
United States government agencies, including the Treasury and Commerce departments, were among the dozen public and private sector targets known to have been infiltrated in attacks dating back to March, through a commercial software update distributed to thousands of users. companies and government agencies around the world. A Pentagon statement released Monday indicated that it had used the software. It noted that it “issued orders and guidelines to protect” its networks. It did not specify – for “operational security reasons” – if any of its systems had been infiltrated.
On Tuesday, Acting Defense Secretary Chris Miller told CBS News there was no evidence as of yet that the system had been compromised.
In the months after the update, hackers carefully extracted data, often encrypting it so as not to make the theft obvious, and expertly covering their tracks.
Thomas Rid, a cyber conflict expert for Johns Hopkins, said the operation’s possible effectiveness can be compared to Russia’s three-year-long “Moonlight Maze” hack in the 1990s against US government targets, including NASA and the Pentagon. A federal investigation determined that the height of the documents – if they had been printed and stacked – would be three times the height of the Washington Monument.
In this case, “a realistic estimate is that the documents they pulled from various government agencies are the size of several Washington Monuments,” Rid said. “How would they use that? They may not even know it yet ”.
———
Associated Press reporters Ben Fox, Deb Riechmann and Lolita Baldor in Washington and Matt O’Brien in Providence, Rhode Island, contributed to this report.
