How The Government Hack Could Impact You
KPBS Midday Edition Segments / December 23, 2020
SDSU Lecturer and Homeland Security expert Jacob Doiron explains how the recent Russian hack of government systems and institutions could impact Americans.
Speaker 1: 00:00 The ongoing hack of our government systems is now being described as a grave risk with no evidence. The situation is under control each day. We learn more about the extent of damage and what institutions have been breached, but what are the potential real world consequences of this hack? How could we all be impacted? Joining me is Jacob Dhahran and SDSU lecture and the department of management information systems and a Homeland security expert, Jacob welcome.
Speaker 2: 00:28 But he grabbed me
Speaker 1: 00:29 First, put this hack into perspective. How big is it and what institutions and systems have been breached?
Speaker 2: 00:35 Well, so far details are a bit scant on the true scope and impact, but even still it's being billed as the single largest cyber incident to date, as it could affect up to 18,000 of solar winds customers that use our Orion platform come confirmed on the government side. So far includes departments of treasury, commerce, energy, and parts of Homeland security as well. And they also count over 400 of fortune 500 companies among their clients. So the potential impact is virtually every large company you're aware of, including tech, telecoms, finance, and energy giants, the precise number isn't known just yet for who's been affected. And it probably won't be for some time due to the complexity and time required to conduct the investigations into these matters. It's not quite as cyber Pearl Harbor, as some people are doubling it, but it is by far the largest hack we've seen so far.
Speaker 1: 01:23 You mentioned solar winds, it's a software firm and you mentioned their Orion platform. What is that? And how were hackers able to use it?
Speaker 2: 01:33 Well at a base level, it's a network and systems monitoring platform to help with a lot of enterprise tasks and activities that you need to help maintain your enterprise level networks. And what seems to happen is that the hackers were able to execute. What's called a supply chain attack, where they infect the source repository, where customers and clients pull down updates from almost poisoning the well, I imagine for your computer, you get that update to prompts you that, Hey, there's some updates that are out to resolve some vulnerabilities. You need to install this patch. And you're like, okay, being a responsible individual and you apply those updates, except that update was actually, you know, hacked or poisoned and is malicious and of itself and has a bad payload in it. So by doing the right thing and staying patched, you are now vulnerable. And that's what makes this one particularly insidious,
Speaker 1: 02:19 You know, about the goal of these attacks. Is it just information or might they want to take control of some crucial systems or even destroy data perhaps?
Speaker 2: 02:28 Well, that's the tricky part. It's still too early to tell, you know, since we're still in the early days of the hack and the investigations are still underway and for privacy reasons, they don't want to tip their hand as far as what they've uncovered, um, you know, details aren't too frequent, but there has been some reports that email communications and other sensitive documents have been targeted. And I believe that's what the department of commerce and treasury now for at least the treasury department, this is especially troubling because, you know, as we know, they're partially responsible for sanctioning foreign individuals and groups, uh, including those that engage in malicious cyber activity like we're seeing now and having advanced insight into those investigations are planned actions would be particularly valuable to, you know, state sponsored actors or groups, which does attack is believed to be from.
Speaker 1: 03:14 So while we know institutions could be greatly affected by this hack, what about the everyday person? Oh, someone like you, someone like me, how could we be impacted?
Speaker 2: 03:25 Well, again, it's too early to tell at best, this is a agregious act of cyber espionage and compromising systems, but at worst, that could be the establishment of footholds throughout critical infrastructure, various sectors that could be disrupted at a later date.
Speaker 1: 03:41 Like what, you know, I mean, we know hackers, you know, they access the treasury department and the us postal service, uh, what might be the impact there.
Speaker 2: 03:50 It could range from complete disruption to complete knocking out of the systems. Uh, one of the things about this hack is it gave the attackers full control over the effect of servers. And from there they can move laterally throughout a network, establish further footholds and entrench themselves in a network, which, you know, through the use of privileged accounts could in a nutshell, give them complete control of a network. And that's the concerning thing, because once you have that access, there's virtually no limit to what you could do. How could people
Speaker 1: 04:21 Prepare for institutions to fail
Speaker 2: 04:24 In a worst case scenario, if we lose, you know, parts of our communications or our electronics or our power grid, you know, just basic disaster, preparedness steps apply, making sure that you maintain a store of food, have some cash on hand in case credit card readers go down for a period of time, things like that.
Speaker 1: 04:41 And how can people protect their information from these institutional hacks?
Speaker 2: 04:45 Well, that's a little bit harder cause you can't, uh, manage their systems. But what you can do is make sure that your own systems well are up to date as much as possible, which seems like that advice given the current context, but in general, have make sure you're running the most latest up to dates. Use secure passwords, use multifactor authentication, wherever possible, where you need to use, you know, a code sent to your phone. All of these things are vital for helping protect your own information. And in the case of, for companies, their information as well, typically in these, uh, incidents, be it from fishing or other hacks, humans are the weak link. Someone clicks on an email that they shouldn't have a phishing scam or a social engineering, social engineering attack. They fall for it. And then that often is the first step that lets an adversary into a network or into an account that results in compromise
Speaker 1: 05:34 Does working remotely during this pandemic, make it easier for systems and institutions.
Speaker 2: 05:40 It hasn't made it easier per se, but it is certainly changed the threat landscape in a way that's caught a lot of companies off guard and resulted in a lot of need and change of ways of doing business strategies and what they look out for and account for. But it hasn't directly resulted in more weakness or vulnerability. And with so
Speaker 1: 05:58 Many institutions requiring our personal information, is there a way for us to move in the cyber world that doesn't have a digital footprint and leading right back to us and all of our information
Speaker 2: 06:10 At this point in time? Really? No. Uh, everything is so interconnected. Everything's tied to our names, our addresses, our digital footprints that we leave. It's virtually inescapable at this point.
Speaker 1: 06:22 How do you get all of the malware out of the systems?
Speaker 2: 06:25 It's not easy and sometimes it can be targeted where you can go through and find the specific location. But in this case, as they've had an established foothold, there's no telling how far they'd be able to spread other access mechanisms or other avenues of compromise later, it's been recommended by the cybersecurity and infrastructure security agency that for some organizations, if they know they've been exploited, that it may require the full rebuild of certain elements of their infrastructure, because there is no telling just how compromised it's been or where other payloads might be hiding.
Speaker 1: 06:57 I have been speaking with Jacob Dhahran, SDSU lecture and Homeland security expert. Jacob, thank you very much for joining us.
Speaker 2: 07:03 Yes. Thank you so much for your time.