www.bbc.com Open in urlscan Pro
151.101.128.81  Public Scan

Form analysis
0 forms found in the DOM

Text Content

BBC Homepage
 * Skip to content
 * Accessibility Help

 * Sign in


 * Home
 * News
 * Sport
 * Reel
 * Worklife
 * Travel
 * Future
 * More menu

More menu
Search BBC
 * Home
 * News
 * Sport
 * Reel
 * Worklife
 * Travel
 * Future
 * Culture
 * Music
 * TV
 * Weather
 * Sounds

Close menu
BBC News
Menu
 * Home
 * War in Ukraine
 * Coronation
 * Climate
 * Video
 * World
 * US & Canada
 * UK
 * Business
 * Tech

More
 * Science
 * Stories
 * Entertainment & Arts
 * Health
 * In Pictures
 * Reality Check
 * World News TV
 * Newsbeat
 * Long Reads

 * Tech




SOLARWINDS: WHY THE SUNBURST HACK IS SO SERIOUS

Published
16 December 2020

Share
close panel
Share page
Copy link
About sharing
Image source, Getty Images
By Joe Tidy
Cyber reporter


We've all seen the pop-ups on our laptops or phones: "Update is available, click
here to download."

We're constantly urged to do as we're told because these software updates
improve our apps by boosting cyber-security and removing glitches.

So when, in the spring, a pop-up message hit the screens of IT staff using a
popular piece of software called SolarWinds, around 18,000 workers in companies
and governments diligently downloaded the update for their offices.

What they couldn't have known was that the download was booby-trapped.

SolarWinds itself didn't know either.

The US company had been the victim of a cyber-attack weeks previously that had
seen hackers inject a tiny piece of secret code into the company's next software
update.



After staying dormant for a couple of weeks, the powerful digital helper sprang
to life inside thousands of computer networks in government, technology and
telecom organisations across North America, Europe, Asia and the Middle East.

Image source, Getty Images
Image caption,
The US Department of Homeland Security is reported to have been breached

The undetected digital agent then called home over the internet letting its
creator know that it was inside and that it could hold the door open for them to
enter too.

For months the hackers, highly likely to be a national cyber-military team,
could take their pick, spying on and stealing information, whizzing around
thousands of different organisations.


US MOST LIKELY TARGET

The most high-profile victim so far, which was also probably the prime target,
is the US government.

More US government agencies hacked

US treasury and commerce departments hacked



Multiple office networks are reported to have been compromised including the
treasury and commerce departments and Homeland Security.

Governmental and private organisations around the world are now scrambling to
disable the affected SolarWinds products from their systems.

Researchers, who have named the hack Sunburst, say it could take years to fully
comprehend one of the biggest ever cyber-attacks.

This video can not be played


TO PLAY THIS VIDEO YOU NEED TO ENABLE JAVASCRIPT IN YOUR BROWSER.

Media caption,

Experts have been warning for years that it's not a matter of if, but when,
hackers will kill somebody


A SUPPLY-CHAIN ATTACK

Experts say the way the hackers gained entry to their victims is particularly
concerning for national security.

"Governments are unequipped to compete with Silicon Valley and develop their own
complex software suites in-house, thus the dependence on external supply chains
which are increasingly becoming a target for hackers," said Jackie Singh, who
was a lead cyber-security expert on the Joe Biden presidential campaign and
founder of Spyglass Security.

"If a group of well-funded hackers can succeed in modifying just a bit of code
somewhere and getting folks to install it as part of a legitimate software
suite, they are gaining insider access to organisations which may be otherwise
impenetrable, such as governments."



There is no suggestion that supply chain attacks should put the general public
off from accepting software updates, as this is an extremely rare case.


STATE SECRETS COMPROMISED

However, Brian Lord, former deputy director of cyber-operations at UK
intelligence agency GCHQ, agrees it is "the underlying access tactic that is the
most concerning issue".

The national intelligence side of the hack is also extremely worrying.

According to Reuters, emails sent by officials at the Department of Homeland
Security - which oversees border security and defence against hacking - were
monitored by the hackers.

Image source, Getty Images
Image caption,
Experts fear the attack may escalate cyber-skirmishes between the US and rivals

Experts say the case highlights that government communications are vulnerable to
the same hacks as private companies. Mr Lord, who now runs cyber-security
company PGI, said: "The victims here are key to our national and personal
economic well-being, and protection is essential to allow us to function safely
in a digital world.

"The fact the hackers can dance unopposed simultaneously into such a breadth of
huge organisations through the same means should worry us. The spectrum of
mischief and damage they can cause is both significant and global."

Security teams in all affected organisations could take months trying to figure
out which emails were read, documents stolen or passwords compromised in the
hack.

It's not known yet, and we may never be told, what sort of government
information was stolen but Mr Lord says the most sensitive communications should
still be safe.

"I think it is fair to say that the additional layers of security around top
secret and highly classified stuff will be protected by internal controls, so
direct access to those is unlikely."

The hackers probably didn't have the time or resources to carry out major
surveillance on more than a small number of their possible victims, with
government departments the most likely targets.


BIGGEST HACK FOR YEARS

Prof Alan Woodward, a cyber-security researcher at the University of Surrey,
says: "Post Cold War, this is one of the potentially largest penetrations of
Western governments that I'm aware of.

"Just think about why countries conduct espionage. It's to give them an
advantage, and that isn't necessarily just a military advantage, especially in
peace time: use of intelligence in gaining economic advantage in all sorts of
ways is a major aspect of why countries have intelligence-gathering operations.

"There is also the personal dimension. We saw that when the Office of Personnel
Management was hacked in the US, the private details of many government
employees were potentially accessed. These details are reserved for those who
have undergone security vetting and are incredibly sensitive."


RUSSIA BEING BLAMED

Prof Woodward, like many in the security world, says the attack has the
hallmarks of a Russian operation, although this cannot yet be confirmed.

Others, including researchers at FireEye, which discovered the hack after
falling victim themselves, is pointing at a known Russian government team known
as Cosy Bear.

Russia's foreign ministry described the allegations as baseless, in a statement
on Facebook.

It could be months before we see a US response, but it's likely that if the US
government does conclude it was Russia there could be geopolitical consequences.


CYBER-RIVALRIES ESCALATING

Cyber-attack responder Marina Krotofil, who used to work for FireEye, says the
hack may increase tensions.

"In past years, the USA has imposed a series of sanctions on Russia, including
the most recent indictment of the Russian military hackers. However, Russia
explicitly demonstrates that they are not intimidated and are not going to slow
down with their cyber-activities. This will further escalate relationships
between the US and Russia and in the long run, and create severe political
conflicts."

The 'Sunburst' hack may well represent a major salvo in the virtual skirmishes
between rival nations - an escalation which could have serious consequences.


RELATED TOPICS

 * Computer hacking
 * Cyber-attacks
 * Cyber-security


MORE ON THIS STORY

 * More US government agencies hacked
   
   15 December 2020
   
   

 * US Treasury and commerce department hacked
   
   14 December 2020
   
   

 * How cyber-attacks could be deadly. Video, 00:06:49How cyber-attacks could be
   deadly
   
   25 September 2020
   
   6:49
   





TOP STORIES

 * Sudan crisis a nightmare for the world - ex-PM
   
   Published
   6 hours ago

 * Gunman kills five, including child, at Texas home
   
   Published
   4 hours ago

 * Walrus Freya killed by Norway gets Oslo sculpture
   
   Published
   5 hours ago




FEATURES

 * Explore in 3D: The dazzling crown that makes a king
   
   

 * What Europe's royals could teach King Charles
   
   

 * LGBT troops take love for Eurovision to front line
   
   
 * 

 * Inside Thailand's 'weed wonderland'
   
   

 * Why an Indian comedian is challenging fake news rules
   
   

 * Was ‘Johnny Softsword’ really England’s worst ever king? VideoWas ‘Johnny
   Softsword’ really England’s worst ever king?
   
   

 * Stuck at Sudan border as drivers demand $40,000 to cross
   
   

 * Fight not flight for Harry as he prepares to take stand
   
   

 * How a Hollywood strike could affect your TV
   
   




ELSEWHERE ON THE BBC

 * The fading glamour of hustle culture
   
   

 * Did a Black man discover the North Pole?
   
   

 * A misunderstood horror masterpiece
   
   




MOST READ

 1.  1
     US principal visits David sculpture after nudity row
 2.  2
     Obama and friends surprise Barcelona restaurant
 3.  3
     Public asked to swear allegiance during Coronation
 4.  4
     Walrus Freya killed by Norway gets Oslo sculpture
 5.  5
     Gunman kills five, including child, at Texas home
 6.  6
     Sudan crisis a nightmare for the world - ex-PM
 7.  7
     What Europe's royals could teach King Charles
 8.  8
     Watch: Crimea oil tank set ablaze by reported drone
 9.  9
     Coronation Street actress Barbara Young dies aged 92
 10. 10
     Why US presidents skip British coronations





BBC NEWS SERVICES

 * On your mobile
 * On smart speakers
 * Get news alerts
 * Contact BBC News

 * Home
 * News
 * Sport
 * Reel
 * Worklife
 * Travel
 * Future
 * Culture
 * Music
 * TV
 * Weather
 * Sounds

 * Terms of Use
 * About the BBC
 * Privacy Policy
 * Cookies
 * Accessibility Help
 * Parental Guidance
 * Contact the BBC
 * Get Personalised Newsletters
 * Why you can trust the BBC
 * Advertise with us
 * Do not share or sell my info

© 2023 BBC. The BBC is not responsible for the content of external sites. Read
about our approach to external linking.