Top executives at Texas-based software company SolarWinds, Microsoft and cybersecurity firms FireEye and CrowdStrike Holdings defended their conduct in breaches allegedly by Russian hackers, and sought to shift responsibility elsewhere in testimony to a US Senate panel on Tuesday.
One of the worst hacks yet discovered had an impact on all four. SolarWinds and Microsoft programs were used to attack others, and the hack struck about 100 US companies and nine federal government agencies.
US lawmakers started the hearing by criticizing Amazon.com representatives, who they said were invited to testify and whose servers were used to launch the cyberattack, for declining to attend the hearing.
Photo: Bloomberg
“I think they have an obligation to cooperate with this inquiry, and I hope they will voluntarily do so,” US Senator Susan Collins said. “If they don’t, I think we should look at next steps.”
The executives argued for greater transparency and information sharing about breaches, with liability protections and a system that does not punish those who come forward, similar to airline disaster investigations.
Microsoft president Brad Smith and others told the US Senate Select Committee on Intelligence that the true scope of the intrusions is still unknown, because most victims are not legally required to disclose attacks unless they involve sensitive information about individuals.
Also testifying were FireEye CEO Kevin Mandia, whose company was the first to discover the hackers; SolarWinds CEO Sudhakar Ramakrishna, whose company’s software was hijacked by the spies to break in to a host of other organizations; and CrowdStrike CEO George Kurtz, whose company is helping SolarWinds recover from the breach.
“It’s imperative for the nation that we encourage and sometimes even require better information-sharing about cyberattacks,” Smith said, adding that many techniques used by the hackers have not come to light and that “the attacker might have used up to a dozen different means of getting into victim networks during the past year.”
Microsoft last week disclosed that the hackers had been able to read the company’s closely guarded source code for how its programs authenticate users. At many of the victims, the hackers manipulated those programs to access new areas inside their targets.
Smith said that such movement was not due to programming errors on Microsoft’s part, but on poor configurations and other controls on the customer’s part, including cases “where the keys to the safe and the car were left out in the open.”
In CrowdStrike’s case, hackers used a third-party vendor of Microsoft software, which had access to CrowdStrike systems, and tried, but failed, to get into the company’s e-mail servers.
Kurtz turned the blame on Microsoft for its complicated architecture, which he called “antiquated.”
“The threat actor took advantage of systemic weaknesses in the Windows authentication architecture, allowing it to move laterally within the network” and reach the cloud environment while bypassing multifactor authentication, Kurtz’s prepared statement said.
Where Smith appealed for US government help in providing remedial instruction for cloud users, Kurtz said that Microsoft should look to its own house, and fix problems with its widely used Active Directory and Azure services.
“Should Microsoft address the authentication architecture limitations around Active Directory and Azure Active Directory, or shift to a different methodology entirely, a considerable threat vector would be completely eliminated from one of the world’s most widely used authentication platforms,” Kurtz said.
Alex Stamos, a former Facebook and Yahoo security official now consulting for SolarWinds, agreed with Microsoft that customers who split their resources between their own premises and Microsoft’s cloud are especially at risk, because skilled hackers can move back and forth, and recommended that they move wholly to the cloud.
A string of rape and assault allegations against the son of Norway’s future queen have plunged the royal family into its “biggest scandal” ever, wrapping up an annus horribilis for the monarchy. The legal troubles surrounding Marius Borg Hoiby, the 27-year-old son born of a relationship before Norwegian Crown Princess Mette-Marit’s marriage to Norwegian Crown Prince Haakon, have dominated the Scandinavian country’s headlines since August. The tall strapping blond with a “bad boy” look — often photographed in tuxedos, slicked back hair, earrings and tattoos — was arrested in Oslo on Aug. 4 suspected of assaulting his girlfriend the previous night. A photograph
The US deployed a reconnaissance aircraft while Japan and the Philippines sent navy ships in a joint patrol in the disputed South China Sea yesterday, two days after the allied forces condemned actions by China Coast Guard vessels against Philippine patrol ships. The US Indo-Pacific Command said the joint patrol was conducted in the Philippines’ exclusive economic zone by allies and partners to “uphold the right to freedom of navigation and overflight “ and “other lawful uses of the sea and international airspace.” Those phrases are used by the US, Japan and the Philippines to oppose China’s increasingly aggressive actions in the
‘GOOD POLITICS’: He is a ‘pragmatic radical’ and has moderated his rhetoric since the height of his radicalism in 2014, a lecturer in contemporary Islam said Abu Mohammed al-Jolani is the leader of the Islamist alliance that spearheaded an offensive that rebels say brought down Syrian President Bashar al-Assad and ended five decades of Baath Party rule in Syria. Al-Jolani heads Hayat Tahrir al-Sham (HTS), which is rooted in Syria’s branch of al-Qaeda. He is a former extremist who adopted a more moderate posture in order to achieve his goals. Yesterday, as the rebels entered Damascus, he ordered all military forces in the capital not to approach public institutions. Last week, he said the objective of his offensive, which saw city after city fall from government control, was to
‘KAMPAI’: It is said that people in Japan began brewing rice about 2,000 years ago, with a third-century Chinese chronicle describing the Japanese as fond of alcohol Traditional Japanese knowledge and skills used in the production of sake and shochu distilled spirits were approved on Wednesday for addition to UNESCO’s Intangible Cultural Heritage list, a committee of the UN cultural body said It is believed people in the archipelago began brewing rice in a simple way about two millennia ago, with a third-century Chinese chronicle describing the Japanese as fond of alcohol. By about 1000 AD, the imperial palace had a department to supervise the manufacturing of sake and its use in rituals, the Japan Sake and Shochu Makers Association said. The multi-staged brewing techniques still used today are