- On Election Day, General Paul M. Nakasone, the nation’s top cyberwarrior, reported that the battle against Russian interference in the presidential campaign had posted major successes and exposed the other side’s online weapons, tools and tradecraft.
- Eight weeks later, General Nakasone and other American officials responsible for cybersecurity are now consumed by what they missed for at least nine months: a hacking, now believed to have affected upward of 250 federal agencies and businesses, that Russia aimed not at the election system but at the rest of the United States government and many large American corporations.
- Interviews with current and former employees of SolarWinds suggest it was slow to make security a priority, even as its software was adopted by America’s premier cybersecurity company and federal agencies.
- Billions of dollars in cybersecurity budgets have flowed in recent years to offensive espionage and pre-emptive action programs, what General Nakasone calls the need to “defend forward” by hacking into adversaries’ networks to get an early look at their operations and to counteract them inside their own networks, before they can attack, if required.
- But that approach, while hailed as a long-overdue strategy to pre-empt attacks, missed the Russian breach.
- Some intelligence officials are questioning whether the government was so focused on election interference that it created openings elsewhere.
- The United States appears to have succeeded in persuading Russia that an attack aimed at changing votes would prompt a costly retaliation. But as the scale of the intrusion comes into focus, it is clear the American government failed to convince Russia there would be a comparable consequence to executing a broad hacking on federal government and corporate networks.
- David E. Sanger, Nicole Perlroth and Julian E. Barnes | January 2, 2021
- Kawasaki Heavy Industries reported Monday that an unknown threat actor gained access to its internal network through servers located in an overseas office.
- The breach was discovered on June 11, after an internal audit found an unauthorized connection between a company server in Japan and another corporate server located in Thailand, the company says. Communication with the Thai server was immediately severed, but the follow-up investigation found additional unauthorized connections.
- Kawasaki says the six-month delay in reporting the incident was due to the scope of the attack and the large number of overseas offices that were involved.
- Doug Olenick | December 29, 2020
- This year, NetGalley, the website that provides advanced e-copies of books to reviewers, sent its season’s greetings in a different tone. In an email to its users before Christmas eve, the company declared: “It is with great regret that we inform you that on Monday, December 21, 2020 NetGalley was the victim of a data security incident.”
- Unfortunately, many users took to social media and started discussing the incident without thinking about what they are putting up for everyone to see. And in their haste to be the first to tweet about the breach, many users made awful mistakes, which could further compromise their security.
- The above is perhaps the worst way to tweet about the incident. The user admits using his NetGalley password for several other accounts.
- Ben Dixon | December 29, 2020
San Diego Cyber Incident Response Guide
Learn more about San Diego’s region-wide cyber incident response guide and available local, state and federal resources.