SolarWinds Hackers Got DHS Head Chad Wolf’s Emails: Report
The compromise forced Wolf and other top Homeland Security officials to use new phones that had been wiped clean and encrypted messaging system Signal in the days after the SolarWinds hack, the AP said.
Russian foreign intelligence service hackers broke into the email accounts of prominent officials like Acting Homeland Security Secretary Chad Wolf (pictured) through the SolarWinds Orion hack.
The breach forced Wolf and other top Homeland Security officials to use new phones that had been wiped clean as well as encrypted messaging system Signal to communicate in the days after the hack, the Associated Press reported. The SolarWinds hackers also infiltrated email accounts belonging to Homeland Security department cybersecurity staff members who hunted threats from foreign countries.
The intelligence value of hacking Wolf – who led the Homeland Security department from November 2019 to January 2021 - as well as his staff isn’t publicly known, according to the AP, and the DHS didn’t respond to a CRN request for comment. Reuters first reported Dec. 14 that emails sent by Homeland Security officials were monitored by the SolarWinds hackers, but no further details emerged at the time.
[Related: Fed Breach Disclosure Rule Planned After SolarWinds Hack: Report]
Rep. Pat Fallon, R-Texas, said at a congressional hearing that a DHS secretary’s email was hacked, but didn’t provide additional details. Wolf declined to comment to the AP other than to say he had multiple email accounts as secretary. A DHS spokesperson said “a small number of employees’ accounts were targeted in the breach,” adding the agency “no longer sees indicators of compromise in our networks.”
The Department of Energy told CRN Monday it hasn’t found any evidence that the network that maintains senior officials’ schedules was compromised.
The SolarWinds hackers also accessed the private schedules of top officials at the Energy Department, including Dan Brouillette, who served as Secretary of Energy from December 2019 to January 2021, the AP reported. Politico reported Dec. 17 that the Energy Department found suspicious activity in networks belonging to the Federal Energy Regulatory Commission, Sandia and Los Alamos national laboratories.
The AP additionally reported that the Federal Aviation Administration (FAA) response to the SolarWinds hack was hampered by outdated technology, with the agency struggling for weeks to identity how many servers it had running SolarWinds software. The FAA first said in February that it wasn’t affected by the SolarWinds attack, only to issue a second statement days later saying it was continuing to investigate.
The Washington Post first reported Feb. 23 that the FAA had been compromised during the SolarWinds campaign. The FAA told CRN Monday that it doesn’t “provide specifics on our security assets.” In total, nine federal agencies and 100 private firms were compromised through SolarWinds Orion, Anne Neuberger, deputy national security advisor for cyber and emerging technology, said Feb. 17.
The AP said its reporting provides a fuller picture of what kind of data was taken in the SolarWinds hack. The Biden administration has tried to keep a tight lid on the scope of the SolarWinds attack, while congressional hearings on the subject have been notably short on details, according to the AP.
The United States is planning sanctions to punish Russia for the SolarWinds hack and is strengthening its defenses to get more visibility into government networks, The Washington Post reported Feb. 23. The Biden administration plans to classify the SolarWinds breach as “indiscriminate” and “disruptive” in an effort to distinguish it from espionage activities the U.S. conducts against adversaries, The Post said.
The administration is also expected to issue an executive order in the wake of the SolarWinds hack that will require software vendors and service providers to notify their U.S. government clients if they experience a security breach, Reuters reported March 25. Major software companies like Microsoft and Salesforce that sell to the government would be affected by the executive order, sources told Reuters.