Hackers used a major Microsoft flaw to infiltrate the e-mail systems used by the top leadership at the Treasury Department and may have stolen some crucial encryption keys, a senior lawmaker said on Monday. The infiltration and the eventual hacking reportedly continued for months, which may have resulted in the compromise of hundreds of important e-mails.
The federal government last week admitted that computer systems in multiple departments including the Treasury were infiltrated by cyber attackers who hacked in through widely used security software made by US tech giant SolarWinds but downplayed the attack saying that everything was under control and the departments weren't affected much. However, the extent of the damage seems to be far more than what is being claimed by the authorities.
On Monday, Senator Ron Wyden shared new details into the high-profile cyber attack into multiple US government departments following a briefing to the Senate finance committee by the IRS and treasury department last week. And if Wyden is to be believed, the magnitude of the attack is more than it is being claimed by the federal government.
Wyden, told The New York Times on Monday that hundreds of email accounts at the Treasury Department were compromised, including those in the departmental offices division, where the most senior officials operate. Moreover, the hackers gained access to the Treasury's email system sometime in July by manipulating internal software keys.
The breach was brought to notice of the Treasury Department by Microsoft, which runs much of the department's communications software. "Treasury still does not know all of the actions taken by hackers, or precisely what information was stolen. The agency suffered a serious breach, beginning in July, the full depth of which isn't known," Wyden told newspaper.
Members of Congress briefed by the FBI, as well as Secretary of State Mike Pompeo and Attorney General Bill Barr, have so far claimed that Russia were behind the cyber attack. However, it is still not known what the hackers wanted to do with e-mail and exactly what information was stolen.
How the Hack Took Place
So far officials have said that Russian hackers broke into computers at the State Department, Commerce Department, Treasury, Homeland Security Department, and the National Institutes of Health but experts believe there could be more agencies that may have been attacked.
Interestingly, the government was completely unaware of the breach since July and only acme to know about it after it was alerted by Microsoft. The hackers reportedly used a malicious update to SolarWinds' Orion network monitoring platform to gain access into the Treasury's systems. They then used a performed a complex step inside Microsoft's Office 365 systems and succeeded in creating an encrypted "token" that enabled the hacked computers to identify to the larger network, Wyden told the NYT.
The encrypted token helped the system into thinking that the hackers accessing the network were legitimate users, which means they were able to sign in without even trying to guess for usernames and passwords. Although Microsoft last week claimed that it had fixed the flaw that resulted in the attack, it didn't mention if the hackers were able to penetrate through other channels including the Treasury Department e-mails exchanged between the top officials.
Although Wyden said that the Internal Revenue Service said there was no evidence that e-mails had been compromised or data on taxpayers were taken by the hackers, it once shows the government in poor light for not taking strong steps to protect the systems.