Romney savages Trump for his 'inexcusable silence' on hacking scandal that the senator says is like 'Russian bombers repeatedly flying undetected over our country' - as president instead tweets about 'Russia hoax'

  • Trump tweeted about the 'Russia hoax' Friday morning
  • He continues to seethe about the FBI's crossfire hurricane investigation
  • White House under fire for failure to comment on huge Russia hack
  • Treasury, Pentagon, and Energy Dept's nuke agency all compromised
  • Mitt Romney compared the breach to a long-range bomber 
  • Joe Biden pledges not to 'stand idly by in the face of cyber assaults' 

President Donald Trump tweeted about what he calls the 'Russia hoax' Friday morning – amid new revelations of what appears to be a massive hack being traced to Moscow that compromised huge swaths of the government.

Trump's tweet came as he is facing political criticism for failing to publicly acknowledge, no less counter, a cyber attack that officials suspect is yet another breach driven by a Russian foreign intelligence unit.

Republican Sen. Mitt Romney of Utah compared the attack, which went undetected for months, to a long-range bomber.

'What I find most astonishing is that a cyberhack of this nature is really the modern equivalent of almost Russian bombers reportedly flying undetected over the entire country,' he said in a tweet Thursday.

Romney said it revealed ‘alarming U.S. vulnerability,’ and called it an ‘apparent cyber warfare weakness.’ He called out ‘glaringly inadequate cyber defenses,’ and blasted ‘inexcusable silence and inaction from the White House. He said it was ‘past time for a national security re-set that prioritizes cybersecurity capabilities and defenses

Trump retweeted an article in the conservative Federalist website with a tag saying the FBI had been 'lying for years' about its crossfire hurricane probe of Trump associates with Russia ties.

'The Russia Hoax becomes an even bigger lie!' wrote Trump as he retweeted the article to his millions of followers.

President Donald Trump railed against the Russia probe Friday – but has yet to comment on a massive hack of U.S. government agencies that officials believe Moscow was behind

President Donald Trump railed against the Russia probe Friday – but has yet to comment on a massive hack of U.S. government agencies that officials believe Moscow was behind

GOVT AGENCIES KNOWN TO HAVE BEEN TARGETED BY HACKERS SO FAR

Pentagon

Treasury

FBI 

Department of State 

Department of Homeland Security 

Commerce Department

National Institutes of Health

Department of Energy

National Nuclear Security Administration 

Los Alamos National Laboratory 

Federal Energy Regulatory Commission

Office of Secure Transportation 

Advertisement

Focusing on the Russia probe, which Trump repeatedly calls one of the greatest scandals in American history, came amid daily and hourly revelations about the hack.

Officials say the attack went undetected for nearly nine months, allowing the hackers free range in the affected networks, including at the Pentagon, FBI, Treasury, State Department and nuclear security agencies, and that the true scale of the stolen information may never be known. 

The Cybersecurity and Infrastructure Security Agency (CISA) said in a statement that the intrusion involved 'compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020.'

'CISA has determined that this threat poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations,' it said.  

Trump's tweet came hours after the Energy Department said it, too, was impacted. Its National Nuclear Security Administration – which maintains the nation's massive nuclear stockpile – was targeted, according to press reports.

'There will be a price to pay for this,' vowed Senate Minority Whip Dick Durbin, an Illinois Democrat, in a floor speech on Thursday. 'This is nothing short of a virtual invasion by the Russians into critical accounts of the federal government.'

'When adversaries such as Russia torment us, tempt us, breach the security of our nation, we need to respond in kind,' said Durbin, though noting he was not calling for 'all-out war'.

Said President-elect Joe Biden: 'Our adversaries should know that, as president, I will not stand idly by in the face of cyber assaults on our nation.'  

Sen. Mitt Romney compared the breach to a long-range bomber

Sen. Mitt Romney compared the breach to a long-range bomber

Blamed: Officials are pointing directly at Vladimir Putin's cyberspies as being responsible for the 'hack of the decade'

Blamed: Officials are pointing directly at Vladimir Putin's cyberspies as being responsible for the 'hack of the decade'

This June 6, 2013 file photo, shows the sign outside the National Security Agency (NSA) campus in Fort Meade, Md.All fingers are pointing to Russia as author of the worst-ever hack of U.S. government agencies. But President Donald Trump, long wary of blaming Moscow for cyberattacks has so far been silent

This June 6, 2013 file photo, shows the sign outside the National Security Agency (NSA) campus in Fort Meade, Md.All fingers are pointing to Russia as author of the worst-ever hack of U.S. government agencies. But President Donald Trump, long wary of blaming Moscow for cyberattacks has so far been silent

Officially, the U.S. Cybersecurity and Infrastructure Security Agency has not publicly identified Russia as the source of the attack, and Russia denies involvement. But private security companies say that all signs point to the Kremlin. 

Russia denies being behind the hack. U.S. intelligence determined Moscow was behind election hacking during the 2016 campaign.  

Microsoft has been aiding the response, and said more than 40 government agencies, outside groups and IT companies got penetrated.  

 

Microsoft identifies AT LEAST 40 government agencies and companies targeted in 'nine-month long Russian' hack

Microsoft has already identified at least 40 government agencies and companies targeted in the massive suspected Russian hack that breached US nuclear agencies in what is being described as the biggest attack in American history. 

The software titan said that 80 percent of the victims it has uncovered so far are in the United States and warns that number will rise 'substantially' as the scope of the sprawling attack continues to unfold. 

A heat map of infections created by Microsoft, which has helped respond to the breach, shows that those infiltrated by the hackers are spread out across the US with agencies, companies and think tanks in New York, Washington DC and Texas among the hardest hit.   

Microsoft, who confirmed that the UK, Israel, Canada and the United Arab Emirates were also in the cross hairs, has not revealed the names of those infiltrated by the hackers. 

The two US agencies responsible for maintaining America's nuclear weapons stockpile have already said there is evidence they were compromised in the attack. The attack also breached the Pentagon, FBI, Treasury and State Departments. 

Federal authorities are increasingly alarmed about the long-undetected intrusion with the nation's cybersecurity agency warning it poses a 'grave threat' to government and private networks.  

One US official has already described the attack as the 'worst hacking case in the history of America'.

This heat map of infections created by Microsoft shows that those infiltrated by the hackers are spread out across the US

Microsoft has already identified at least 40 government agencies and companies targeted in the massive suspected Russian hack that breached US nuclear agencies. This heat map of infections created by Microsoft shows that those infiltrated by the hackers are spread out across the US

Microsoft was breached in the massive suspected Russian campaign that has hit multiple U.S. government agencies

Microsoft was breached in the massive suspected Russian campaign that has hit multiple U.S. government agencies

President-elect Joe Biden has expressed 'great concern' over the computer breach while Republican Senator Mitt Romney blamed Russia and slammed what he called 'inexcusable silence' from President Donald Trump and the White House. 

Romney likened the cyberattack to a situation in which 'Russian bombers have been repeatedly flying undetected over our entire country'.  

The sprawling attack, which targeted critical government infrastructure using a Trojan horse hidden in network management software from Texas-based SolarWinds Corp, also compromised broad swathes of the private sector, including Microsoft and likely most of the Fortune 500. 

Officials say the attack went undetected for nearly nine months, allowing the hackers free range in the affected networks, including at the Pentagon, FBI, Treasury, State Department and nuclear security agencies.

The true scale of the stolen information may never be known, officials say.  

'It's still early days, but we have already identified 40 victims - more than anyone else has stated so far - and believe that number should rise substantially,' Microsoft president Brad Smith told the New York Times. 'There are more nongovernmental victims than there are governmental victims, with a big focus on IT companies, especially in the security industry.' 

Microsoft revealed on Thursday it found malicious software in its systems related to the hack. Microsoft is a user of Orion, the widely deployed networking management software from SolarWinds Corp, which Russian hackers infected with malware.

One of the people familiar with the hacking spree said the hackers made use of Microsoft cloud offerings while avoiding Microsoft's corporate infrastructure. Microsoft did not immediately respond to questions about the technique.  

In a statement to DailyMail.com on Thursday, a Microsoft spokesperson confirmed that the company had detected and removed malicious code from the SolarWinds attack within the company, but denied that any of its products were affected.

Microsoft is one of the world's largest technology companies, with clients across the public and private sector, and last year was awarded the $10 billion JEDI contract to run the Department of Defense's cloud computing system. 

'We have not found evidence of access to production services or customer data. Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others,' the spokesperson said.  

Microsoft identified that 44 percent of the victims were in the information technology sector and 18 percent were government agencies - predominantly defense and national security organisations. 

Another 18 percent were think-tanks and NGOs, while 9 percent were government contractors. The remaining 11 percent was listed simply as 'other'. 

The Pentagon (pictured) is thought to be one of a dozen victims of a cyber-attack which officials suspect was directed by the Russian government
The FBI (right) was targeted and has moved routine communication onto classified networks that are believed not to have been breached

The Pentagon (left) and the FBI (right) were targets. Both have moved routine communication onto classified networks that are believed not to have been breached, according to two people briefed on the measures.

Hacked: The Los Alamos National Laboratory in New Mexico conducts the government's most sensitive and advanced nuclear research

Hacked: The Los Alamos National Laboratory in New Mexico conducts the government's most sensitive and advanced nuclear research

Deterrent: Land-based Minuteman missiles are one of the three prongs of the nuclear triad. Experts now fear the agencies that maintain US nuclear stockpiles have been breached

Deterrent: Land-based Minuteman missiles are one of the three prongs of the nuclear triad. Experts now fear the agencies that maintain US nuclear stockpiles have been breached

Microsoft's cyber-security experts used data from its Defender Anti-Virus software to discover a broad 'supply chain of vulnerability' provided by people downloading the Orion software containing the attackers' malware.

'The installation of this malware created an opportunity for the attackers to follow up and pick and choose from among these customers the organizations they wanted to further attack, which it appears they did,' Smith wrote.  

The Orion software is described as a 'single pane of glass' which is widely used in the private sector and by government agencies to monitor their systems. So far, the hackers are known to have at least monitored email or other data within the US departments of Defense, State, Treasury, Homeland Security and Commerce.

As many as 18,000 Orion customers downloaded the updates that contained a back door, SolarWinds has said.

Since the campaign was discovered, software companies have cut off communication from those back doors to the computers maintained by the hackers.

The Cybersecurity and Infrastructure Security Agency, which warned the sophisticated attack was hard to detect and will be difficult to undo, has said the attackers might have installed additional ways of maintaining access. 

The agency said that the intrusion, which it dubbed SUNBURST, posed a 'grave risk' to 'critical infrastructure' in both the public and private sector, and at all levels of government.  

Both Microsoft and the Department of Homeland Security, which said the hackers used multiple methods of entry, are continuing to investigate.

Another major tech supplier was also compromised by the same attackers and used to get into high-value final targets, according to two people briefed on the matter. 

The FBI and other agencies have scheduled a classified briefing for members of Congress Friday.

The Department of Energy confirmed on Thursday that it was among those that had been hacked. 

The National Nuclear Security Administration (NNSA), which manages the country's nuclear weapons stockpile, was also targeted. 

The DOE and the NNSA have begun to warn Congress that their breached networks may include the Los Alamos National Laboratory, which conducts the government's most sensitive and advanced nuclear research, Politico reported. 

The US has an estimated 5,800 nuclear warheads, some of which are on missiles and bombs ready for launch from submarines, airplanes and land-based missiles, while others are held in storage. Most however are in storage, retired, or being decommissioned. 

Their status is one of the government's most closely-guarded secrets, as are efforts to create new weapons, which are part of the Los Alamos National Laboratory's work. 

President-elect Joe Biden also vowed a tough response, saying in a statement: 'Our adversaries should know that, as president, I will not stand idly by in the face of cyber assaults'
Trump has remained silent

President-elect Joe Biden also vowed a tough response, saying in a statement: 'Our adversaries should know that, as president, I will not stand idly by in the face of cyber assaults'. President Trump, however, has remained silent

How hackers used legitimate software updates as camouflage for the 'SUNBURST' attack 

WHAT HAPPENED?

The hack began as early as March when malicious code was snuck into updates to popular software that monitors computer networks of businesses and governments. The malware, affecting a product made by U.S. company SolarWinds, gave elite hackers remote access into an organization's networks so they could steal information. 

It wasn't discovered until the prominent cybersecurity company FireEye determined it had been hacked. Whoever broke into FireEye was seeking data on its government clients, the company said - and made off with hacking tools it uses to probe its customers' defenses.

Its apparent monthslong timeline gave the hackers ample time to extract information from a lot of different targets.

FireEye executive Charles Carmakal said the company was aware of 'dozens of incredibly high-value targets' compromised' by the hackers and was helping 'a number of organizations respond to their intrusions.' 

He would not name any, and said he expected many more to learn in coming days that they, too, were infiltrated. 

WHAT IS SOLARWINDS? 

SolarWinds, of Austin, Texas, provides network-monitoring and other technical services to hundreds of thousands of organizations around the world, including most Fortune 500 companies and government agencies in North America, Europe, Asia and the Middle East.

Its compromised product, called Orion, accounts for nearly half SolarWinds' annual revenue. The company's revenue totaled $753.9 million over the first nine months of this year. 

Its centralized monitoring looks for problems in an organization's computer networks, which means that breaking in gave the attackers a 'God-view' of those networks. 

HOW DID IT HAPPEN?

The US Cybersecurity and Infrastructure Security Agency on Thursday released an alert detailing what it knows about the breach, which has been called the biggest in US history.

CISA says that hackers were able to compromise the supply chain of network management software from SolarWinds, specifically recent versions of the SolarWinds Orion products. 

Beginning in March 2020, hackers used SolarWinds software updates to install a secret network backdoor, which authorities are calling SUNBURST.

The malicious code was signed by the legitimate SolarWinds code signing certificate. An estimated 18,000 customers downloaded the compromised updates.

Once installed on a network, the malware used a protocol designed to mimic legitimate SolarWinds traffic to communicate with a domain that has since been seized and shut down.

The initial contact domain would often direct the malware to a new internet protocol (IP) address for command and control. The attackers used rotating IPs and virtual private servers with IP addresses in the target's home country to make detection of the traffic more difficult.

'Taken together, these observed techniques indicate an adversary who is skilled, stealthy with operational security, and is willing to expend significant resources to maintain covert presence,' CISA said in the alert.

CISA said that once inside a network, the hackers seemed focused on gathering information, and would frequently target the emails of IT and security staff to monitor any countermeasures.

Without offering further details, the agency warned that the hackers used 'other initial access vectors beyond SolarWinds Orion,' meaning even groups that do not use the network software could be compromised.

 

Advertisement

Another attack was found in a field office of the Energy Department in Richland, Washington state, which Politico reported could have been an effort to gather information on how to disrupt the national electricity grid. 

An Energy Department spokeswoman said malware 'has been isolated to business networks only' and has not impacted US national security, including the NNSA.

The DHS said in a bulletin on Thursday the hackers had used other techniques besides corrupting updates of network management software by SolarWinds.

CISA urged investigators not to assume their organizations were safe if they did not use recent versions of the SolarWinds software, while also pointing out that the hackers did not exploit every network they gained access too.

CISA said it was continuing to analyze the other avenues used by the attackers.

The Department of Justice, FBI and Defense Department, among others, have moved routine communication onto classified networks that are believed not to have been breached, according to two people briefed on the measures.

They are assuming that the non-classified networks have been accessed, the people said.

CISA and private companies including FireEye Inc, which was the first to discover and reveal it had been hacked, have released a series of clues for organizations to look for to see if they have been hit.

But the attackers are very careful and have deleted logs, or electronic footprints or which files they have accessed, security experts said. That makes it hard to know what has been taken.

Some major companies have said they have 'no evidence' that they were penetrated, but in some cases that may only be because the evidence was removed.

In most networks, the attackers would also have been able to create false data, but so far it appears they were interested only in obtaining real data, people tracking the probes said. 

The breach of SolarWinds software - used by federal agencies and major companies - was uncovered by the cyber security firm and government contractor FireEye, which noticed a suspicious log-in on its network. 

According to Politico, FireEye representatives told lawmakers that an employee had apparently been duped into revealing his two-factor authentication details - although company officials denied the account given by congressional staffers. 

It came as Trump's former homeland security adviser warned Thursday that a massive hack of federal computers may have put Russian spies in control of hundreds of government networks - and that nothing is being done to remove them.

The cybercriminals are almost certainly in as many as 425 of the Fortune 500's computer networks and can steal secrets at will, he warned. 

Thomas Bossert, writing in the New York Times, said the attack, which experts say is almost certainly by Russian state hackers, was one of the worst imaginable threats to security and world stability and needed action by Trump and Joe Biden to prevent it causing catastrophe.

The one-time aide warned 'the magnitude of this ongoing attack is hard to overstate' and said it appeared that Russians could be 'in control' of hundreds of computer networks.  

Meanwhile, members of Congress are demanding more information about what may have been taken and how, along with who was behind it.

The House Homeland Security Committee and Oversight Committee announced an investigation Thursday, while senators pressed to learn whether individual tax information was obtained.

In a statement, President-elect Joe Biden said he would 'elevate cybersecurity as an imperative across the government' and 'disrupt and deter our adversaries' from undertaking such major hacks.

The White House has not yet commented on the breach which creates a fresh foreign policy problem for President Donald Trump in his final days in office. 

'There will be a price to pay for this,' vowed Senate Minority Whip Dick Durbin, an Illinois Democrat, in a floor speech on Thursday. 'This is nothing short of a virtual invasion by the Russians into critical accounts of the federal government.'

'When adversaries such as Russia torment us, tempt us, breach the security of our nation, we need to respond in kind,' said Durbin, though noting he was not calling for 'all-out war'.

Russia has denied it carried out the attack and called the allegations another smear campaign by US media.  

MYSTERY SECOND TECH SUPPLIER WAS HACKED TOO - PUTTING EVEN MORE AT RISK OF HAVING SECRETS HARVESTED BY PUTIN 

The massive hacking campaign disclosed by U.S. officials this week and tentatively attributed to the Russian government extended beyond users of pervasive network software that had been compromised.

Another major technology supplier was also compromised by the same attack team and used to get into high-value final targets, according to two people briefed on the matter.

The FBI and other agencies have scheduled a classified briefing for members of Congress Friday.

The Department of Homeland Security said in a bulletin on Thursday the spies had used other techniques besides corrupting updates of network management software by SolarWinds, which is used by hundreds of thousands of companies and government agencies.

'The SolarWinds Orion supply chain compromise is not the only initial infection vector this APT actor leveraged,' said DHS's Cybersecurity and Infrastructure Security Agency, referring to 'advanced persistent threat' adversaries.

The hack is so serious it led to a National Security Council meeting at the White House on Saturday, said one of the people familiar with the matter (stock image)

The hack is so serious it led to a National Security Council meeting at the White House on Saturday, said one of the people familiar with the matter (stock image)

CISA urged investigators not to assume their organizations were safe if they did not use recent versions of the SolarWinds software, while also pointing out that the hackers did not exploit every network they did gain access too.

CISA said it was continuing to analyze the other avenues used by the attackers. 

As many as 18,000 Orion customers downloaded the updates that contained a back door. Since the campaign was discovered, software companies have cut off communication from those back doors to the computers maintained by the hackers.

But the attackers might have installed additional ways of maintaining access in what some have called the biggest hack in a decade.

For that reason, officials said that security teams should communicate through special channels to ensure that their own detection and remediation efforts are not being monitored.

CISA and private companies including FireEye, which was the first to discover and reveal it had been hacked, have released a series of clues for organizations to look for to see if they have been hit.

But the attackers are very careful and have deleted logs, or electronic footprints or which files they have accessed. That makes it hard to know what has been taken.

Some major companies have issued carefully worded statements saying that they have 'no evidence' that they were penetrated, but in some cases that may only be because the evidence was removed.

In most networks, the attackers would also have been able to create false data, but so far it appears they were interested only in obtaining real data, people tracking the probes said.

Meanwhile, members of Congress are demanding more information about what may have been taken and how, along with who was behind it. The House Homeland Security Committee and Oversight Committee announced an investigation Thursday, while senators pressed to learn whether individual tax information was obtained.

In a statement, President-elect Joe Biden said he would 'elevate cybersecurity as an imperative across the government' and 'disrupt and deter our adversaries' from undertaking such major hacks. 

The comments below have not been moderated.

The views expressed in the contents above are those of our users and do not necessarily reflect the views of MailOnline.

We are no longer accepting comments on this article.