In one of the biggest political issues of the past year, there hasn’t been a lot of clarity or even news over the 2020 cybersecurity attack. The what—? you say.

Yes, the past year has been marked by a pandemic, US elections, climate disasters, and general chaos—but one of the events of 2020 that are still unfolding into this year is the result of one of the most concerning cybersecurity breaches in years. The most concerning? Why haven’t I heard much about this? 

Well, it doesn’t help that even the people who are the center of these discussions are still finding out exactly what happened. Right now, the baseline looks something like this: Government agencies, think tanks, NGOs, and companies around the world have been breached in what may be the biggest espionage attack in years. 

And yet, the coverage around this event has resulted in an alphabet soup that looks something like this: cybersecurity, hacks, SolarWind, Russia, NSA, Microsoft, US, governments, pandemic, technology, etc.

So let’s sort this out. 

As early as March 2020, but possibly earlier, hackers breached computer agencies around the world. Keep in mind, there are different ways to “hack” a system. In this case, malware—software that had been tampered with—was added to a software update from SolarWinds, an IT management and monitoring company based in Austin, Texas. In other words, when the clients of SolarWinds received a regular software update–on the back of that software update was malware, piggybacking in. 

But what is SolarWinds?

You might not have known of SolarWinds before this, but a lot of really important people and organizations do, including government agencies. In fact, SolarWinds is widely used around the world. As a result, the hack has affected at least six different US government departments, NGOs, think tanks, and IT agencies. It even breached cybersecurity firm FireEye and tech companies like Microsoft

While the US is the target for 80 percent of the hacks, it is not the only country affected. In fact, seven other countries have also been identified as targets: Canada, Mexico, Belgium, Spain, the United Kingdom, Israel, and the UAE. SolarWind has since reported that approximately 18,000 of their clients—government agencies, companies, and individuals—had the malware installed. 

So what did this hack do specifically? This malware is specifically created “backdoor” for additional software to be added which then monitored emails and internal data of these government agencies, organizations, and companies. Plain and simple espionage.

But of course, the root of the problem is a little less simple. According to US officials and cybersecurity experts, Russia’s foreign intelligence service SVR is responsible for the hack. According to the Associated Press, the White House had prepared a statement pointing out Russia as the responsible party for the cyberattack but was told to stand down as President Donald Trump dismissed the concern and suggested instead that China was responsible, to the confusion of everyone else. In turn, Russia’s SVR has denied responsibility.

The scope of this cybersecurity attack is still unfolding, but it is becoming more and more clear that many of the threats governments face today are based online. These attacks may seem to only exist on the Internet, but they have serious consequences for the data and information. Moreover, US president-elect Joe Biden has stated that in office, he will pursue “substantial costs on those responsible for such malicious attacks.”

As of now, it’s unclear what those costs will look like or how Biden will respond to these types of attacks when he is in office, but it forces us to seriously consider a cybersecurity attack as dangerous as physical, material attacks.  Another event like this will not just affect the online information and data, but may also reshape our political landscape.

 

Stay updated on our News and Social Justice coverage by following our brand new instagram account!


https://thetempest.co/?p=167390
Helena Ong

By Helena Ong

Editorial Fellow