The Pentagon is one of several government entities that have been part of a hack that hinged on a vulnerability in SolarWinds' Orion network monitoring products. Bill Clark/CQ-Roll Call, Inc via Getty Imag hide caption
The hackers attached their malware to a software update from SolarWinds, a company based in Austin, Texas. Many federal agencies and thousands of companies worldwide use SolarWinds' Orion software to monitor their computer networks.
Russia's foreign intelligence service, the SVR, is believed to have carried out the hack, according to cybersecurity experts who cite the extremely sophisticated nature of the attack. Russia has denied involvement.
President Trump has been silent about the hack and his administration has not attributed blame. However, U.S. intelligence agencies have started briefing members of Congress, and several lawmakers have said the information they've seen points toward Russia.
After several days of saying relatively little, the U.S. Cybersecurity and Infrastructure Security Agency on Thursday delivered an ominous warning, saying the hack "poses a grave risk" to federal, state and local governments as well as private companies and organizations.
The episode is the latest in what has become a long list of suspected Russian electronic incursions into other nations under President Vladimir Putin. Multiple countries have previously accused Russia of using hackers, bots and other means in attempts to influence elections in the U.S. and elsewhere.
U.S. national security agencies made major efforts to prevent Russia from interfering in the 2020 election. But those same agencies seem to have been blindsided by the hackers who have had months to dig around inside U.S. government systems.
Microsoft, which is helping investigate the hack, says it identified 40 government agencies, companies and think tanks that have been infiltrated. While more than 30 victims are in the U.S., organizations were also hit in Canada, Mexico, Belgium, Spain, the United Kingdom, Israel and the United Arab Emirates.
Microsoft has now taken control of the domain name that hackers used to communicate with systems that were compromised by the Orion update, according to security expert Brian Krebs. That access can help reveal the scope of the hack, he said.
Last week, the Wormhole attacker converted 95,000 ETH stolen during the hack into staked ETH. The attacker then borrowed DAI using the staked ETH as collateral, and minutes later, used that borrowed DAI to purchase more staked ETH. The attacker continued this pattern to leverage borrowed capital to acquire more and more staked ETH. We can track this activity using Chainalysis Storyline, as we see below.
Yesterday at around 1:30 PM ET, an unknown hacker exploited a vulnerability in the Wormhole Network, a popular cross-chain protocol, to carry out the second-largest crypto theft from a decentralized finance (DeFi) protocol ever. Across a series of transactions, the hacker made off with roughly 120,000 Wormhole Ethereum (WeETH) worth over $320 million.
In order to understand why this incident was more serious than the average hack, you need to know how cross-chain bridges work. Users interact with cross-chain bridges by sending funds in one asset to the bridge protocol, where those funds are then locked into the contract. The user is then issued equivalent funds of a parallel asset on the chain the protocol bridges to. In the case of Wormhole, users typically send Ether (ETH) to the protocol, where it is held as collateral, and are issued WeETH on Solana, backed by that collateral locked in the Wormhole contract on Ethereum.
We can also see two transactions that occurred prior to the hack itself. First, the hacker received 0.94 ETH from Tornado Cash, an Ethereum-based mixer, which was used to pay for gas fees on the transactions immediately following the initial hack. Second, the hacker sent 0.1 ETH to a deposit address at a large, international exchange.
As we see from the Reactor screenshot below, the Wormhole hacker still holds 93,750 ETH on the Ethereum blockchain, which was bridged back from the Solana blockchain following the hack. We can see this Ether in the balance of the address shown on the Reactor screenshot below.
The good news is that investigators, along with many in the cryptocurrency community, are closely watching this address, which will make it virtually impossible for the hacker to move the funds undetected.
As more value flows through cross-chain bridges, they become more attractive targets for hackers. The complexity of the flaw that was exploited to pull off the wormhole hack illustrates the sophistication of adversaries that smart contract developers must defend against.
"to cut roughly, cut with chopping blows," c. 1200, from verb found in stem of Old English tohaccian "hack to pieces," from West Germanic *hakkon (source also of Old Frisian hackia "to chop or hack," Dutch hakken, Old High German hacchon, German hacken), from PIE root *keg- "hook, tooth." Perhaps influenced by Old Norse höggva "to hew, cut, strike, smite" (which is unrelated, from PIE *kau- "to hew, strike;" see hew).
The slang sense of "cope with" (as in can't hack it) is recorded in American English by 1955, with a notion of "get through by some effort," as a jungle (phrase hack after "keep working away at" is attested from late 14c.). To hack around "waste time" is U.S. slang, by 1955, perhaps originally of golfers or cabbies. Related: Hacked; hacking.
"tool for chopping," early 14c., from hack (v.1); cognates: Danish hakke "mattock," German Hacke "pickax, hatchet, hoe." Meaning "a cut, notch" is from 1570s. Meaning "an act of cutting" is from 1836; figurative sense of "a try, an attempt" is first attested 1898.
"person hired to do routine work," c. 1700, ultimately short for hackney "an ordinary horse, horse for general service (especially for driving or riding, as opposed to war, hunting, or hauling)," c. 1300. This word is probably from the place name Hackney, Middlesex. Apparently nags were raised on the pastureland there in early medieval times. Extended sense of "horse for hire" (late 14c.) led naturally to "broken-down nag," and also "prostitute" (1570s) and "a drudge" (1540s), especially a literary one, one who writes according to direction or demand. Sense of "carriage for hire" (1704) led to modern slang for "taxicab." As an adjective, 1734, from the noun. Hack writer is first recorded 1826, though hackney writer is at least 50 years earlier. Hack-work is recorded from 1851.
"illegally enter a computer system," by 1984; apparently a back-formation from hacker. Related: Hacked; hacking (1975 in this sense). Earlier verb senses were "to make commonplace" (1745), "make common by everyday use" (1590s), "use (a horse) for ordinary riding" (1560s), all from hack (n.2).
The wordhack at MITusually refers to a clever, benign, and "ethical" prank or practical joke,which is both challenging for the perpetrators and amusing tothe MIT community (and sometimes even the rest of the world!).Note that this has nothing to do with computer (or phone) hacking (which we call "cracking").
This is one example of a hack-and-leak operation where malicious actors use cyber tools to gain access to sensitive or secret material and then release it in the public domain. Hack-and-leak operations pose difficult questions for scholars and policymakers on how best to conceptualize and respond to this new frontier in digital foreign interference. Scholars need to take hack-and-leak operations seriously as a challenge to theoretical understandings of the boundary between legitimate and impermissible political practice. But hack-and-leak operations are also an urgent policy challenge for both offensive and defensive cyber security policies as U.S. government agencies receive greater latitude to conduct such operations around the world.
Perhaps the most well-known example of a hack-and-leak operation is the success of Russian intelligence agencies in obtaining and disseminating documents from the Democratic National Committee during the 2016 U.S. presidential election campaign. Although the campaigns of both Hilary Clinton and Donald Trump repeatedly revealed lies and transgressions of their opponent, the Democratic National Committee emails represented a crucial shift in momentum between the two candidates.
Following the Democratic National Committee leaks, hack-and-leak and other information operations were widely seen as a severe threat to liberal democratic structures, and U.S. policymakers have in turn mobilized significant resources in response, including threat intelligence and cyber security protections, increased election and voting security, legislative pressure on social media companies, and even offensive cyber attacks.
However, the characterization of hack-and-leak operations purely as an aspect of antagonistic foreign relations between states fails to appreciate the complexity of the globalized and congested media environment. Consequently, scholars need to also locate hack-and-leak operations within sociological approaches to digital media and information politics, especially the concept of scandal. In a fast-flowing digital media environment with constant accusations and leaks, the truth as revealed by scandal is always contested and challenged, and political actors seek to gain the upper hand through competing scandal-making. Seeing hack-and-leak operations as the simulation of scandal is a crucial first step in building a broader theoretical base for policy.
These cases have been publicly attributed to governments in the Middle East, namely Qatar, Saudi Arabia, and the United Arab Emirates, although these attributions are tentative and contested. Uncertainty about attribution is not merely an aftershock of the initial incident, prolonged due to well-known difficulties in technical and political attribution for any cyber operation. Instead, such uncertainty is a key part of the simulation of scandal. It stems from the shifting balance of media coverage between stories that focus on the content of the leak and stories that focus on the details of the hack. This ebb and flow occurs as protagonists on each side seek to direct the weight of coverage towards the hacking operation or away from it, towards the content revealed by the hack. 041b061a72