Krebs: SolarWinds Cyberattack ‘Happened On My Watch’

Krebs: SolarWinds Cyberattack ‘Happened On My Watch’
SolarWinds Corp banner hangs at the New York Stock Exchange on the IPO day of the company in New York, on Oct. 19, 2018. (Brendan McDermid/Reuters)
Isabel van Brugen

Former senior cybersecurity official Christopher Krebs said Sunday that the cyberattack against SolarWinds technology, which caused a breach of U.S. government systems, “happened on my watch.”

Krebs, who prior to his recent dismissal by President Donald Trump served as director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) told CNN’s Jake Tapper that he believes the wide-scale cyberattack was conducted by Russia and was possible because of a “seam” in defenses.

SolarWinds technology is used by all five branches of the U.S. military, numerous government agencies and hundreds of Fortune 500 companies. The SolarWinds Orion platform was compromised.

Up to 18,000 customers of Texas-based SolarWinds were using the compromised Orion network, the company said in a recent filing. The company boasted of serving some 300,000 customers around the world in a partial customer listing it has since taken down.

Hackers used malicious code, or malware, to infiltrate systems that had uploaded updates to Orion earlier this year, according to the company and cyber experts.

Institutions suffering breaches include Microsoft, the Department of Commerce, and the Department of Energy, spokespersons confirmed to The Epoch Times. Experts say the breaches started months ago.

Krebs said that he wasn’t aware of the cyberattack until it was detected earlier this month by FireEye, a cybersecurity firm that was itself compromised this month. The firm announced in a blog post that the hack could date back to March. It also said the hacked networks were communicating with a malicious domain name,

“We missed it … a bunch of other folks missed it,” Krebs told host Tapper, noting that several government agencies had outdated systems that have not been “optimized” to proactively fend off unknown attacks.

“This was a never-before-seen capability that computer systems weren’t designed to detect,” said Krebs, adding that Russia is “exceptionally good at this sort of work.”

Krebs admitted his “failure” to stop the cyberattack, saying: “It happened on my watch … but there is work to do now going forward to make sure A: we get past this, that we get the Russians out of the networks, but, B: that it never happens again.”

Several other U.S. officials have said they believe Russia is behind the cyberattack against SolarWinds, according to Secretary of State Mike Pompeo.

“I can’t say much more as we’re still unpacking precisely what it is, and I’m sure some of it will remain classified. But suffice it to say there was a significant effort to use a piece of third-party software to essentially embed code inside of U.S. government systems and it now appears systems of private companies and companies and governments across the world as well,” Pompeo told Mark Levin’s radio show on Friday.

“This was a very significant effort, and I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity.”

Pompeo added that President Donald Trump’s administration sees Russia as a threat, but China as a bigger problem.

“Vladimir Putin remains a real risk to those of us who love freedom, and we have to make sure that we prepare for each of them,” he said. “Today, I rank China as the challenge that truly presents an existential threat, but I don’t minimize the risk that having hundreds and hundreds of nuclear warheads capable of reaching the United States imposes—an enormous risk on us as well.”

Zachary Stieber contributed to this report.