Here's a simple explanation of how the massive SolarWinds hack happened and why it's such a big deal

Here's a simple explanation of how the massive SolarWinds hack happened and why it's such a big deal
SolarWinds Corp. banner hangs at the New York Stock Exchange (NYSE) on the IPO day of the company in New York.Reuters/Brendan McDermid
  • SolarWinds was the subject of a massive cybersecurity attack that spread to the company's clients.
  • Major firms like Microsoft and top government agencies were attacked, and sensitive data was exposed.
  • Here's a simple explanation of what happened and why it's important.

    SolarWinds, a major US information technology firm, was the subject of a cyberattack that spread to its clients and went undetected for months, Reuters first reported in December. Foreign hackers, who some top US officials believe are from Russia, were able to use the hack to spy on private companies like the elite cybersecurity firm FireEye and the upper echelons of the US Government, including the Department of Homeland Security and Treasury Department.

    The Senate summoned SolarWinds as well as Microsoft, CrowdStrike, and FireEye to a series of hearings this week over the sweeping breach. The companies testified on Tuesday and will appear before senators again on Friday.

    Here's a simple explanation of how the massive breach happened, and why it matters.
    Advertisement

    An unusual hack

    In early 2020, hackers secretly broke into Texas-based SolarWind's systems and added malicious code into the company's software system. The system, called "Orion," is widely used by companies to manage IT resources. Solarwinds has 33,000 customers that use Orion, according to SEC documents.

    Most software providers regularly send out updates to their systems, whether it's fixing a bug or adding new features. SolarWinds is no exception. Beginning as early as March of last year, SolarWinds unwittingly sent out software updates to its customers that included the hacked code.

    The code created a backdoor to customer's information technology systems, which hackers then used to install even more malware that helped them spy on companies and organizations.
    Advertisement

    Read more: How hackers breached IT company SolarWinds and staged an unprecedented attack that left US government agencies vulnerable for 9 months

    The victims

    SolarWinds told the SEC that up to 18,000 of its customers installed updates that left them vulnerable to hackers. Since SolarWinds has many high-profile clients, including Fortune 500 companies and multiple agencies in the US government, the breach could be massive. Microsoft president Brad Smith said in Tuesday's hearing that more than 80% of the victims targeted were nongovernment organizations. Read more: Microsoft said its software and tools were not used 'in any way' in the SolarWinds attacks. New findings suggest a more complicated role
    Advertisement

    US agencies - including parts of the Pentagon, the Department of Homeland Security, the State Department, the Department of Energy, the National Nuclear Security Administration, and the Treasury - were attacked. So were private companies, like Microsoft, Cisco, Intel, and Deloitte, and other organizations like the California Department of State Hospitals, and Kent State University, the Wall Street Journal reported.

    And since the hack was done so stealthily, and went undetected for months, security experts say that some victims may never know if they were hacked or not, the Wall Street Journal reported.

    At the Treasury Department, hackers broke into dozens of email accounts and networks in the Departmental Offices of the Treasury, "home to the department's highest-ranking officials," Sen. Ron Wyden said. The IRS hasn't found any evidence of being compromised, he added. Treasury Secretary Steven Mnuchin said on CNBC that the hackers have only accessed unclassified information, but the department is still investigating the extent of the breach.
    Advertisement

    Read more: Former US cybersecurity chief Chris Krebs says officials are still tracking 'scope' of the SolarWinds hack

    Who did it?

    Federal investigators and cybersecurity experts say that Russia's Foreign Intelligence Service, known as the SVR, is probably responsible for the attack. Russian intelligence was also credited with breaking into the email servers in the White House, the State Department, and the Joint Chiefs of Staff in 2014 and 2015. Later, the same group attacked the Democratic National Committee and members of the Hilary Clinton presidential campaign.

    Russia has denied any involvement with the breach and former President Donald Trump had suggested, without evidence, that Chinese hackers may be the culprits. But the Biden White House has said it may respond to the cyberattack in the coming weeks, which could include actions against the Russian government.
    Advertisement
    Microsoft's Smith said in Tuesday's hearing that he believes Russia is behind the attack, and FireEye CEO Kevin Mandia said based on his company's forensic analysis, the evidence is "most consistent with espionage and behaviors we've seen out of Russia." However, the execs noted that the full extent of the attack is still unfolding.

    Read more: 5 takeaways from the Tuesday Senate hearing over the SolarWinds cyberattack

    Why it matters

    Now that multiple networks have been penetrated, it's expensive and very difficult to secure systems. Tom Bossert, President Trump's former homeland security officer, said that it could be years before the networks are secure again. With access to government networks, hackers could, "destroy or alter data, and impersonate legitimate people," Bossert wrote in an Op-Ed for the New York Times.
    Advertisement

    Not only is the breach one of the largest in recent memory, but it also comes as a wake-up call for federal cybersecurity efforts. The US Cyber Command, which receives billions of dollars in funding and is tasked with protecting American networks, was "blindsided" by the attack, the New York Times reported. Instead, a private cybersecurity firm called FireEye was the first to notice the breach when it noticed that its own systems were hacked.

    The hack could accelerate broad changes in the cybersecurity industry. Companies are turning to a new method of assuming that there are already breaches, rather than merely reacting to attacks after they are found, Business Insider previously reported. And the US government may reorganize its cybersecurity efforts by making the Cyber Command independent from National Security Agency, the Associated Press reported. The attack may also lead to a strengthened relationship between the US government and the cybersecurity industry, with the private sector helping federal officials fight off nation-state attacks and foreign bad actors in the future, as Insider reported.
    Advertisement
    {{}}